Member Avatar

hello every one i have one small doubt i have the following code
i want the user to enter the coupon code which has been randomly generated and saved in database now i want that when user enter the coupon code it is cross checked from database i.e entered coupon exist or not

// html form 
<form method="post" action="ted.php">
    Enter The Coupon Code:<br />
    <input name="code" type="text" size="10" />
    <br />
    <input type="submit" name="submit" value="submit"  onclick="coupval =this.form.coupcode.value;  ChkCoup();" />
    </form>


//php script 

<?php
    $db=new mysqli('localhost','root','','shop');
     if(mysqli_connect_errno()){
        echo 'Could not connect to database:Plz try After Some time..';
        exit;
        }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    if(isset($_POST['submit'])){
        $code=isset($_POST['code']);
            if($code!=""){
                $qry="select code from code";
                $result=$db->query($qry);
                $row=array();
                while ($row[]=mysqli_fetch_array($result))
                        {
                        if($code==$row['code']) {
                        echo "sucess,discount granted";
        }
            else echo "fail";
        }


        // Free result set
         mysqli_free_result($result);
}
}

?>

plz help me with this....

You are mixing mysql_* and mysqli_* functions as well as object oriented and procedural style. The code below is mysqli_* OOP style, and is not tested, just to give you an idea. See the comments.

// check if form submitted and if code field is not empty
if(isset($_POST['submit']) && $_POST['code'] != '') {

    // only now connect to the DB since you know you need it
    $db=new mysqli('localhost','root','','shop');
    if(mysqli_connect_errno()){
        echo 'Could not connect to database:Plz try After Some time..';
        exit();
    }

    // clean the user input (see the correct code for the clean function below)
    $code = clean($_POST['code'], $db);

    // after cleaning (trim) the code could be empty so check for this
    if($code != "") {

        // use a WHERE clause
        $qry="SELECT code FROM code WHERE code='$code'";
        $result = $db->query($qry);

        // check if you got any rows (code was found)
        if($result->num_rows() != 0) {
            echo "sucess,discount granted";
        } else {
            // code was entered but not found in the database
            echo "fail (code is not valid)";
        }

        // Free result set
        $result->close();

    } else {
        echo "fail (no code entered)";
    }

    // close the connection
    $db->close();
}

The clean function also has to be corrected in order to use the $db object:

//Function to sanitize values received from the form. Prevents SQL injection
// you have to pass the DB object to the function to use it
function clean($str, $db) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return $db->real_escape_string($str);
}

Please note this post has been heavy edited since additional errors were found as the post was getting prepared. Please make sure you see the last version.

Member Avatar

i now gives error as......
Call to undefined method mysqli_result::num_rows()
and i am very thankful clearing my misconception

Member Avatar

but still it doesn't works even for discount code not present in database sucess is printed...

Sorry, my typo. Line 22 of my code should be:

if($result->num_rows != 0) {
...

(no parentheses after the num_rows).

Also change the action of the form to the same script:

<form method="post" action="#">
Member Avatar

Thanku #broj1 for u help now its has been done and code is running smoothly

You are welcome. Please mark the thread as solved if no more questions. Happy coding :-)