0

My code is not behaving as I would like and I think I've just been looking at it far to long to find the errors. Its for a library database for a school project (its sort of an independent study so I don't have an instructor to bring it to)

Anyway what it should do it allow cardholders to check out books. I want to check first if the book has been checked out and then if its on request. If it is on request I need to compare the card numbers. If the cardnumbers match and the user is next in line for the book they may take it out. If it isn't checked out or in the request table they may also check it out.

What's happening though, is when one user checks out a book and if I log into the second account they are able to check it out as well. Now, I've been having refresh issues, so it might just be that the data isn't being refreshed but here's the code incase there is something wrong I just don't see.

<?php		
		
	ini_set('session.cache_limiter','private');
	session_start();
	@mysql_connect($_SESSION['hostname'],$_SESSION['username'],$_SESSION['password']) or die(mysql_error());
	@mysql_select_db($_SESSION['db']);
	$libraryID=$_POST['libraryID'];
	$cardNumber=$_SESSION['cardNumber'];
	
	//DATE INFO
	$outDate = new DateTime();
	$checkout = $outDate->format("Y-m-d");
	$due = $outDate->add(new DateInterval("P14D"));
	$duedate = $due->format("Y-m-d"); 
	
	//CHECK IF VALID LIBRARY ID
	$IDexists = "select libraryID from books where libraryID = '$libraryID'";
	$result = @mysql_query($IDexists) or die(@mysql_error());
	$number=mysql_numrows($result);
	if($number==0){
		print("<center>Incorrect Catalogue Number</center>");
	}
	
	//CHECK IF ALL READY CHECKED OUT
	$query = "SELECT libraryID from checkout WHERE libraryID = '$libraryID' and checkinDate != '0000-00-00'";
	$result = mysql_query($query) or die(mysql_error());
	$checkedout = mysql_numrows($result);
	if($checkedout > 0){
		print("Book is all ready checked out");
	}
	
	//CHECK IF BOOK IS IN REQUEST HOLD TABLE
	$query = "SELECT libraryID, cardNumber from holdsrequests WHERE libraryID = '$libraryID'";
	$result = mysql_query($query) or die(mysql_error());
	$number = mysql_numrows($result);
	if($number > 0){
		//CHECK IF CARDNUMBER IS THE SAME AS CARDNUMBER ON REQUEST SHOULD BE FIRST IN RESULTS
		$row = mysql_fetch_array($result) or die(mysql_error());
		$heldCardNumber = $row['cardNumber'];
		if($heldCardNumber == $cardNumber){
			//USER MAY CHECK OUT BOOK
			$query="insert into checkout values('$libraryID', '$cardNumber', '$checkout', '' , '$duedate')";
			$result=@mysql_query($query) or die(@mysql_error());
			print("Book has been checked out");
		}
		else if($heldCardNumber != $cardNumber){
			$i = 0;
			//COUNT NUMBER OF PEOPLE IN LINE FOR BOOK
			while($i < $number){
				$heldFor = mysql_result($result, $i, "cardNumber");
				if($heldFor == $cardNumber){
					print("There are $i number of memebers ahead of you for this book");
				}
				else if($heldFor != $cardNumber){
					print("There are $i members waiting for thie book");
				}
			}
		}
	}	
	else if ($checkedout == 0 && $number == 0){
		//USER MAY CHECK OUT BOOK
		$query="insert into checkout values('$libraryID', '$cardNumber', '$checkout', '' , '$duedate')";
		$result=@mysql_query($query) or die(@mysql_error());
		print("Book has been checked out");
	}
				
	
?>

Edited by dyingatmidnight: n/a

2
Contributors
2
Replies
3
Views
6 Years
Discussion Span
Last Post by dyingatmidnight
1

I think you're forgetting $checkedout == 0 && on line 36. And then on line 60 you can just remove the if.

0

I'll have to edit that in tomorrow morning and check it out. I've been finding at times, and it might just be a coding error on my part but I'll find if I simply do 'if' followed by 'else' both statements get run where as if I use 'if else' that seems to take care of it. Of course I don't even have an example of this phenomenon right now...

oh wait I do have one, but I don;t have the code. There was a part in another file where I had something similar to the following:

if($username == "dafault"){
print("please log in to preform this action");
}
else{
insert query goes here
}

and until I turned the else into an else if it kept printing my print statement but also giving me an error that user default did not have insert privileges.

But that's really neither here nor there because I have yet to try your suggestion. I'll post back once I have. Thanks for taking the time to look through it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.