Complete the Shopping Cart Admin Tool for Your PHP Online Store

[next]

Part I of this tutorial, "Build a Shopping Cart Admin Tool for Your PHP Online Store," explored the PHP scripts for running the shopping cart on an online book store (Pleasure Reading Inc.). Three remaining scripts weren't covered, and one of them (change.php) is perhaps the most complex of all the scripts. As the name implies, the change.php script is responsible for enabling the customer to alter the details of a book after adding it to the shopping cart. This article covers the change.php script in detail, as well as the two remaining scripts for shopping cart administration.

So, how does change.php work? Well, the booklist.php script sends over a bookid (in the form of bid), which change.php uses to retrieve the details of the book. When I say details, I mean absolutely everything about the book, see the screenshot below:

Change Book Details

When change.php has retrieved everything, it adds the information to a form on the page and the user then makes the changes that he or she wants and then clicks on the "Update Book Details" button. At that point, the code execution starts.

What makes this script so complex is that it updates all the tables and then accesses all the tables to retrieve information about a particular book. Let's take a look at the code:

<?php
ob_start();
include "../connect.php";
$err=false;
$errmsg='';
 $updatemsg='';
   $showform=false;
//1. retrieve book/genre info
if(isset($_GET['bid'])){
$cleanbid=mysql_escape_string($_GET['bid']);
$getbookinfo = "SELECT * FROM books WHERE book_id='".$cleanbid."'";
$bookresult = mysql_query($getbookinfo);
if($bookresult){
while($rowbooks=mysql_fetch_assoc($bookresult)){
$bookid = trim(stripslashes(htmlspecialchars($rowbooks['book_id'])));
$pubID = trim(stripslashes(htmlspecialchars($rowbooks['pubID'])));
$authID = trim(stripslashes(htmlspecialchars($rowbooks['authID'])));
$b_title = trim(stripslashes(htmlspecialchars($rowbooks['title'])));
$b_date = trim(stripslashes(htmlspecialchars($rowbooks['date_of_pub'])));
$b_price = trim(stripslashes(htmlspecialchars($rowbooks['price'])));
$b_genID = trim(stripslashes(htmlspecialchars($rowbooks['genID'])));
$b_img = trim(stripslashes(htmlspecialchars($rowbooks['book_img'])));
$b_isbn = trim(stripslashes(htmlspecialchars($rowbooks['ISBN'])));
}
        }else{
        $err=true;
$errmsg = "Getbookinfo Error: ".mysql_error()."<br>";
                }
 }//isset
//2.Get publisher details of the book
if(isset($pubID)){
$getpubinfo="SELECT * FROM publisher WHERE pub_id='".$pubID."'";
if(!mysql_query($getpubinfo)){
$errmsg .=" getpubinfo ".mysql_error()."<br>";
$err=true;
        }else{
         $result_pub=mysql_query($getpubinfo);
while($rowpubinfo=mysql_fetch_assoc($result_pub)){
$pubname = trim(stripslashes(htmlspecialchars($rowpubinfo['pub_name'])));
$pubaddress = trim(stripslashes(htmlspecialchars($rowpubinfo['pub_address'])));
        } //while
        } //mysql_query()
        }  //isset
// 3. Get author details of the book
 if(isset($authID)){
$getauthinfo="SELECT * FROM author WHERE auth_id='".$authID."'";
if(!mysql_query($getauthinfo)){
$errmsg .=" getauthinfo ".mysql_error()."<br>";
$err=true;
        }else{
 $result_auth=mysql_query($getauthinfo);
        while($rowauthinfo=mysql_fetch_assoc($result_auth)){
$auth_name = trim(stripslashes(htmlspecialchars($rowauthinfo['auth_name'])));
        } //while
        } //mysql_query()
}//ifisset
 //4. Genre details of the book
 if(isset($b_genID)){
$getgeninfo="SELECT * FROM genres WHERE gen_id='".$b_genID."'";
if(!mysql_query($getgeninfo)){
$errmsg .=" getgeninfo ".mysql_error()."<br>";
$err=true;
        }else{
 $result_gen=mysql_query($getgeninfo);
while($rowgeninfo=mysql_fetch_assoc($result_gen)){
$genname = trim(stripslashes(htmlspecialchars($rowgeninfo['gen_name'])));
$descr = trim(stripslashes(htmlspecialchars($rowgeninfo['desc'])));
        } //while
        } //mysql_query()
  $showform=true;
}//ifisset
/*******************UPDATE Books,Genre,Author and Publisher tables*******************************************/
if(isset($_POST['update'])){
//clean form data
$author=mysql_escape_string($_POST['auth_name']);
$pubaddress=mysql_escape_string($_POST['pubaddress']);
$pubname=mysql_escape_string($_POST['pub_name']);
$gID=mysql_escape_string($_POST['genID']);
if($gID == 0){
$gID=mysql_escape_string($_POST['gid']);
        }
$pID=mysql_escape_string($_POST['pid']);
$aID=mysql_escape_string($_POST['aid']);
$bkid=mysql_escape_string($_POST['bid']);
$b_title=mysql_escape_string($_POST['title']);
$b_price=mysql_escape_string($_POST['price']);
$b_isbn=mysql_escape_string($_POST['isbn']);
//you can use regex or use some other method to verify/validate date format
//which should be in yyy-mm-dd
$b_dop=mysql_escape_string($_POST['dop']);
if($_FILES['userfile']['name']) {
//there's a file...
$isfile=true;
}
//update author
$auth="UPDATE author SET auth_name='".$author."' WHERE auth_id='".$aID."'";
$result_auth=mysql_query($auth);
if($result_auth){
$updatemsg= "Author table updated <br>";
}else{
$err=true;
$errmsg="auth ".mysql_error()."<br>";
}
//update publisher
$pub="UPDATE publisher SET pub_name='".$pubname."',pub_address='".$pubaddress."' WHERE
pub_id='".$pID."'";
$result_pub=mysql_query($pub);
if($result_pub){
$updatemsg .= "Publisher table updated <br>";
}else{
$err=true;
$errmsg .="pub " .mysql_error()."<br>";
}
if(!$err){
//insert book after getting the new IDs of the above categories
$books="UPDATE books SET authID='".$aID."',pubID='".$pID."',";
$books .="title='".$b_title."',price='".$b_price."',date_of_pub='".$b_dop."',";
$books .="genID='".$gID."',book_img='empty',ISBN='".$b_isbn."' WHERE book_id='".$bkid."'";
$result_books=mysql_query($books);
if($result_books){
$isfile =true;
$updatemsg .= "Details for new book have been changed.";
}else{
$msg =mysql_error();
$isfile = false;
}
}//if
//insert upload file now
if($isfile){
$uploadpath = "uploads/";
$filename=$_FILES['userfile']['name'];
$cleanfile=mysql_escape_string($_FILES['userfile']['name']);
  if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadpath . $cleanfile)) {
//update table
$query_upl = "UPDATE books SET book_img = '" . trim(addslashes($cleanfile)) . "' WHERE book_id =
'".$new_id."'";
mysql_query($query_upl);
$updatemsg .= $cleanfile." has been uploaded and saved.";
}
}
$showform=false;
}//submit
?>
<html>
<head>
  <title></title>
</head>
<body>
<?php if($showform){?>
<table width="100%" border="0">
  <tr>
    <td colspan="2"><h1>Pleasure Reading Inc. - Change Book Details </h1></td>
  </tr>
 <form enctype="multipart/form-data" action="change.php" method="post">
 <?php if(!$err){?>
    <tr>
    <td valign="top" bgcolor="#ECE9D8" colspan="2"><strong>General Information:</strong></td>
  </tr>
  <tr>
    <td width="16%"><strong>Title:</strong></td>
    <td width="84%"><label>
      <input name="title" type="text" size="40" value="<?php echo $b_title ?>" />
     <input type="hidden" name="bid" value="<?php echo $bookid; ?>" />
    </label></td>
  </tr>
  <tr>
    <td valign="top"><strong>Price:</strong></td>
    <td><label>
      <input name="price" type="text" size="40"  value="<?php echo $b_price ?>"/>
    </label></td>
  </tr>
  <tr>
    <td><strong>ISBN:</strong></td>
    <td><label>
      <input name="isbn" type="text" size="40"  value="<?php echo $b_isbn ?>"/>
    </label></td>
  </tr>
  <tr>
    <td><strong>Date of Publication:</strong><br>
    <small>yyyy-mm-dd</small></td>
    <td><label>
      <input name="dop" type="text" size="40"  value="<?php echo $b_date ?>"/>
    </label></td>
  </tr>
  <tr>
    <td valign="top"><strong>Book Image</strong></td>
     <td><label>
     <b>Current image:</b> <?php echo $b_img ?> <br>
      <input name="userfile" type="file"/>
    </label></td>
  </tr>
  <br>
  <tr>
    <td valign="top" colspan="2" bgcolor="#ECE9D8"><strong>Genre Information:</strong></td>
     </tr>
   <tr>
    <td><strong>Genre:</strong></td>
    <td><label>
    <select name="genID">
      <?
                $cl_query = "SELECT * FROM genres ORDER BY gen_id ASC";
                $cl_result = mysql_query($cl_query);
while($genre_list = mysql_fetch_assoc($cl_result)) {
echo "<option value=\"" . $genre_list['genre_id'] . "\"";
if($genre_list['gen_id'] == $b_genID) {
echo " selected";
   }
          echo ">" . stripslashes(htmlspecialchars($genre_list['gen_name'])) . "</option>";
                }
                ?>
    </select>
    </label></td>
    <td><label>
      <textarea name="desc"><?php echo $descr ?></textarea>
      <input type="hidden" name="gid" value="<?php echo $b_genID; ?>" />
           </label></td>
  </tr>
 <tr>
    <td valign="top" colspan="2" bgcolor="#ECE9D8"><strong>Publisher Information:</strong></td>
    </tr>
    <tr>
    <td width="16%"><strong>Name:</strong></td>
    <td width="84%"><label>
      <input name="pub_name" type="text" size="40"  value="<?php echo $pubname ?>"/>
    </label>
    <input type="hidden" name="pid" value="<?php echo $pubID; ?>" />
      </td>
  </tr>
  <tr>
    <td valign="top"><strong>Address:</strong></td>
    <td><label>
      <textarea name="pubaddress"><?php echo $pubaddress ?></textarea>
    </label></td>
  </tr>
 <tr>
    <td valign="top" colspan="2" bgcolor="#ECE9D8"><strong>Author Information:</strong></td>
      </tr>
    <tr>
    <td width="16%"><strong>Name:</strong></td>
    <td width="84%"><label>
      <input name="auth_name" type="text" size="40" value="<?php echo $auth_name ?>"/>
     <input type="hidden" name="aid" value="<?php echo $authID; ?>" />
    </label></td>
  </tr>
  <tr>
    <td><label>
      <input type="submit" name="update" value="Update Book Details" />
    </label></td>
  </tr>
 </form>
 <?php }else{?>
 <tr>
    <td><?php echo "<b>".$errmsg."</b>" ?></td>
  </tr>
<?php } ?>
  </table>
 <? }else{ ?>
 <table width="100%" border="0">
  <tr>
    <td colspan="2"><h1>Pleasure Reading Inc. - Book Details Changed </h1></td>
  </tr>
  <tr>
  <td>
  <?php
  if(isset($updatemsg)){
   echo "The following has been updated:<br>".$updatemsg;
        }
       }
             ?>
 </td>
 </tr>
  </table>
</body>
</html>
<?php
ob_end_flush()
?>

Now, the first part of the PHP code initializes variables and then checks if a bookid has been submitted. If so, the variable is cleaned with the mysq_escape_string() function, and then the details about the book are retrieved from the books table. This is significant, because the books table contains among other things the genre ID, the author ID and the publisher ID. These IDs are then used to retrieve information about the book from all the other tables. So, it is absolutely critical that this query is run first.

ob_start();
include "../connect.php";
$err=false;
$errmsg='';
 $updatemsg='';
   $showform=false;
//1. retrieve book/genre info
if(isset($_GET['bid'])){
$cleanbid=mysql_escape_string($_GET['bid']);
$getbookinfo = "SELECT * FROM books WHERE book_id='".$cleanbid."'";
$bookresult = mysql_query($getbookinfo);
if($bookresult){
while($rowbooks=mysql_fetch_assoc($bookresult)){
$bookid = trim(stripslashes(htmlspecialchars($rowbooks['book_id'])));
$pubID = trim(stripslashes(htmlspecialchars($rowbooks['pubID'])));
$authID = trim(stripslashes(htmlspecialchars($rowbooks['authID'])));
$b_title = trim(stripslashes(htmlspecialchars($rowbooks['title'])));
$b_date = trim(stripslashes(htmlspecialchars($rowbooks['date_of_pub'])));
$b_price = trim(stripslashes(htmlspecialchars($rowbooks['price'])));
$b_genID = trim(stripslashes(htmlspecialchars($rowbooks['genID'])));
$b_img = trim(stripslashes(htmlspecialchars($rowbooks['book_img'])));
$b_isbn = trim(stripslashes(htmlspecialchars($rowbooks['ISBN'])));
}
        }else{
        $err=true;
$errmsg = "Getbookinfo Error: ".mysql_error()."<br>";
                }
 }//isset

Note that a couple of variables have been initialized. You will see how they are used as we move through the script.

The next section of the code basically runs various queries on various tables to retrieve information related to this book:

//2.Get publisher details of the book
if(isset($pubID)){
$getpubinfo="SELECT * FROM publisher WHERE pub_id='".$pubID."'";
if(!mysql_query($getpubinfo)){
$errmsg .=" getpubinfo ".mysql_error()."<br>";
$err=true;
        }else{
         $result_pub=mysql_query($getpubinfo);
while($rowpubinfo=mysql_fetch_assoc($result_pub)){
$pubname = trim(stripslashes(htmlspecialchars($rowpubinfo['pub_name'])));
$pubaddress = trim(stripslashes(htmlspecialchars($rowpubinfo['pub_address'])));
        } //while
        } //mysql_query()
        }  //isset
// 3. Get author details of the book
 if(isset($authID)){
$getauthinfo="SELECT * FROM author WHERE auth_id='".$authID."'";
if(!mysql_query($getauthinfo)){
$errmsg .=" getauthinfo ".mysql_error()."<br>";
$err=true;
        }else{
 $result_auth=mysql_query($getauthinfo);
        while($rowauthinfo=mysql_fetch_assoc($result_auth)){
$auth_name = trim(stripslashes(htmlspecialchars($rowauthinfo['auth_name'])));
        } //while
        } //mysql_query()
}//ifisset
 //4. Genre details of the book
 if(isset($b_genID)){
$getgeninfo="SELECT * FROM genres WHERE gen_id='".$b_genID."'";
if(!mysql_query($getgeninfo)){
$errmsg .=" getgeninfo ".mysql_error()."<br>";
$err=true;
        }else{
 $result_gen=mysql_query($getgeninfo);
while($rowgeninfo=mysql_fetch_assoc($result_gen)){
$genname = trim(stripslashes(htmlspecialchars($rowgeninfo['gen_name'])));
$descr = trim(stripslashes(htmlspecialchars($rowgeninfo['desc'])));
        } //while
        } //mysql_query()

All of the information that is retrieved will then be used for display on the form. When the user has completed making the changes, the code will run through the PHP script and update all the tables in the same way that it did previously. But this time it will clean the form data before inserting it:

Except for the genre table, both the other tables are updated:

Also, note the $err variable settings when the query is successful and when it is not. This again is key to whether the main table will be updated or not.

The remaining code basically updates the books table and also adds an image file if it is loaded:

The actual HTML contains only the form. Just remember that the form header is written differently from the way it is normally written:

This is because the form makes a provision for file uploads. That's basically it for the change script.

[next]

Complete the Shopping Cart Admin Tool for Your PHP Online Store

Find a programming school near you