Hello so i have been trying to get this working for some time and it needs to be done by tomorrow. So would greatly appreciate any help given. I have to add contents to a shopping cart(database table) for a website and currently having diffficulty getting the information from the product listing page to the cart/database table. I have been trying to get the information via the 'add to cart' button like this: echo "<form action='addtocart.php?description={$dvd_name}' method='get'>"; echo "Quantity: <input type='number' size='10' name='quantity'></input>"; echo "<br />"; echo "<input type='submit' value='Add To Cart'></input>"; echo "</form>"; Here is my PHP to add the data from the item listing page to the cart. <?php $host = "***.*.0.1"; $user = "1*****22"; $password = "v****e"; $database = "10****2*"; $getdescription = $_GET ['description']; echo $getdescription; //connect to MySQL $connect = mysql_connect($host, $user, $password ) or die("Hey loser, check your server connection."); //make sure we're using the right database mysql_select_db($database); $query3 = 'SELECT dvd_name, genre, dvdpic_1, price, delivery, availability, release_date, quantity, description, certificate FROM dvd_table WHERE dvd_name="'.$getdescription.'";'; echo $dvd_name; echo $query3; $getchosenitem = mysql_query($query3) or die (mysql_error()); $displaychosenitem = mysql_fetch_array($getchosenitem); extract($displaychosenitem); echo $getdescription; ?> And this is what i am getting: Notice: Undefined index: description in HOMEDIRS:/htdocs/1******_Web/E-Business/addtocart.php on line 7 Notice: Undefined variable: dvd_name in HOMEDIRS:/htdocs/1*******22_Web/E-Business/addtocart.php on line 19 SELECT dvd_name, genre, dvdpic_1, price, delivery, availability, release_date, quantity, description, certificate FROM dvd_table WHERE dvd_name=""; Warning: extract() [function.extract]: First argument should be an array in HOMEDIRS:/htdocs/1******2_Web/E-Business/addtocart.php on line 26
How is $dvd_name defined? Find this, fix it, and your problem is solved. Though, I must recommend you filter the input data before passing it into an sql query - you're open to sql injections.
mysql real escape string is what he means by filtering. Check this to make sure your script is somewhat secure. http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php This part(debug statements) is wrong: echo $dvd_name; echo $query3; should be echo $getdescription cause $dvd_name isn't set. You need to assign the results from the query to use them. Another tizag link... http://www.tizag.com/mysqlTutorial/mysqlfetcharray.php $query = "SELECT * FROM example"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result) or die(mysql_error()); echo $row['name']. " - ". $row['age']; Code (markup): Yours would look something like echo $displaychosenitem['dvd_name'];