0

Hi Dani,
I have already posted for the first code, now i want to move on to the next which is issuing books. (due to the closeness of the deadline, i will be posting all areas where i'm having problems)

The issue_book.php page is supposed to capture the ISBN, current system date and the user's login id.
using these details a number of sql statements should execute, as follows:-

  1. Insert Into the 'issue books' table, all captured data i.e ISBN, sys date and login id.
  2. Move book data from 'books' table, based on the ISBN to an 'archive' table.
  3. Delete from 'books' table, data that equals ISBN.
    In reading on different pages, different answers are given, but it still doesn't help, ,however the code for the issue books form is as follows:-

               <?php echo "<?xml version=\"1.0\" encoding=\"utf-8\"?".">"; ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <script language="javascript">
    //--------------- LOCALIZEABLE GLOBALS ---------------
    var d=new Date();
    var monthname=new Array("1","2","3","4","5","6","7","8","9","10","11","12");
    //Ensure correct for language. English is "January 1, 2004"
    var TODAY = d.getFullYear()+"-"+monthname[d.getMonth()]+"-"+d.getDate();
    //required format -> var TODAY=monthname[d.getMonth()] + " " + d.getDate() + ", " + d.getFullYear();
    //--------------- END LOCALIZEABLE ---------------
    </script>
    <link rel="stylesheet" type="text/css" href="../style/stylesheet.css" />
    <link rel="stylesheet" href="../hans/admin/style/includes/jquery/jquery-ui-custom.css" />
    <script src="../hans/admin/style/includes/jquery/jquery-ui-custom.js"></script>
    <script src="../hans/admin/style/includes/jquery/jquery-ui-custom.js"></script>
    <script src="../hans/admin/includes/bootstrap/js/bootstrap.js"></script>
    <link href="../style/font-awesome.css" rel="stylesheet" type="text/css" />
    <script>
    jQuery(function($) {
    $("#opens_window").click(function(e) {
    e.preventDefault();
    $('#dialog').dialog();
    });
    });
    </script>
    <title>Lecturer Panel - Issue Book Form</title>
    <style type="text/css">
    <!--

    Layer1 {

    position:absolute;
    width:57px;
    height:27px;
    z-index:2001;
    left: 873px;
    top: 29px;

    }
    .style1 {color: #FF0000}
    body {
    background-color: #33FFFF;
    }

    Layer3 {

    position:absolute;
    width:200px;
    height:70px;
    z-index:2003;

    }
    -->
    </style>
    <script language="JavaScript" type="text/JavaScript">
    <!--
    function MM_reloadPage(init) { //reloads the window if Nav4 resized
    if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
    else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
    }
    MM_reloadPage(true);
    //-->
    </script>
    </head>
    <body>
    <div class="top_container"> <span id="panel_name">Lecturer Panel</span>

    <span> </span> <span id="user">Welcome
    ! </span>
    <div id="Layer1"><u><a href="../logout.php" class="style1">Log Out</a> </u></div>
    <p><span> </span></p>

    </div>
    <ul id="menu" name="menu" >
    <li> <a href="viewlect_profile.php"><i class="fa fa-home"></i> VIEW PROFILE</a></li>
    <li> <a href="booksearch.php"><i class="fa fa-list-alt"></i> SEARCH BOOKS </a></li>
    <li> <a href=" "><i class="fa fa-users"></i> SUGGESTION BOX</a> </li>
    <li> <a href=""><i class="fa fa-users"></i>E-CATALOGUE</a>
    <li> <a href="lecturer_access.php"><i class="fa fa-users"></i> LECTURER PANEL
    </a> </li>
    </ul>
    <hr />
    <?php
    ob_start();
    include("db.php");
    if(isset($_GET['ISBN'])!="")//to get ISBN from the ISSUE link !
    {
    $ISBN=$_GET['ISBN'];
    //-----------------

    // $today=getDate(); // getdate();
    // $today = date("D M d, Y G:i", time());
    $today = mktime(0,0,0,date("m"),date("d"),date("Y"));
    $date=date("Y-m-d", $today);

    }

    // $string = "today";
    //$date = new DateTime($string);

    //Then you can format the date however you want:

    //$today = $date->format('l, F jS');
    /*$num = date("w");
    if ($num == 0)
    { $sub = 6; }
    else { $sub = ($num-1); }
    $WeekMon = mktime(0, 0, 0, date("m", $now) , date("d", $now)-$sub, date("Y", $now)); //monday week begin calculation
    $todayh = getdate($WeekMon); //monday week begin reconvert

    $d = $todayh[mday];
    $m = $todayh[mon];
    $y = $todayh[year];
    $today="$d-$m-$y";*/

    //--------------
    //$today=idate();//(int $timestamp=time());

    //start session
    session_start();
    //Read your session (if it is set)
    if (isset($_SESSION['userlogin']))
    {
    $StudentId=$_SESSION['userlogin'];//to use and get the student loginid
    }
    ob_end_flush();
    ?>
    <div id="Layer2" style="position:absolute; width:674px; height:258px; z-index:2002; left: 266px; top: 142px; background-color: #0066FF; layer-background-color: #0066FF; border: 1px none #000000;">
    <div align="center">
    <p><strong><u>ISSUE BOOK FORM</u></strong></p>

    <form action="insertissuedbooks.php" method="post" enctype="application/x-www-form-urlencoded" name="insertissuedbooks" id="issuebookForm">
      <p>ISBN:
        <input name="ISBN" disabled type="text" id="ISBN" size="30" maxlength="30" value=<?php echo "$ISBN"?> />
      </p>    
      <p>ISSUED DATE: 
        <input name="Issued_date" type="text"  disabled id="Issued_date" value="<?php echo "$date"?>" size="30" maxlength="30" />
      </p>
      <p>Lecturer ID: 
        <input name="StudentId" type="text" disabled id="StudentId"  value=<?php echo "$StudentId"?> size="10" maxlength="10" />
      </p>
      <p>
        <input name="Proceed" type="submit" id="Proceed" value="Submit" />
      </p>
    </form>

    </div>
    </div>

The insertissuedbook.php is as follows:-

 <?php 
 //to connect to the database
   include("db.php");

// Check connection 
if (mysqli_connect_errno()) 
  { 
  echo "Failed to connect to MySQL: " . mysql_connect_error(); 
  } 
 else
 {
         //1. insert from your html form, and input to your table

$sql="INSERT INTO issuedbooks (ISBN,Issued_date,ReturnDate,StudentId) VALUES('$_POST[ISBN]','$_POST[Issued_date]','','$_POST[StudentId]')";

    if(mysql_query($sql))
    {
    //  if (mysql_query($connection,$sql)) 
        //  {   
         echo "Multiple queries executed !";
          header("Locaiton: issuedbook_form.php");  
    }
        /*
        //2. update the table using numbooks
         $sql2=mysqli_query($connection,"UPDATE Lecturer SET numbooks=numbooks+1 WHERE LecturerId='$_POST[StudentId]'"); 

         //3. copy from books to temp_books(i.e. to arvhive it)
        $sql3="INSERT INTO temp_books SELECT * FROM books WHERE ISBN = '$_POST[ISBN]')";
        mysql_query($sql3);

        //4. now delete from books by the ISBN
        $sql4=mysqli_query($connection,"DELETE from books where ISBN='$_POST[ISBN]'");  */   

         //incase there is any error in inserting data, do the following

}        

?>
2
Contributors
1
Reply
23
Views
6 Months
Discussion Span
Last Post by diafol
1

You don't mention what the problem is. Here:

 header("Locaiton: issuedbook_form.php");  

Won't work due to Locaiton should be Location
Also include an exit; after a redirect like that.

SQL Injection alert:

$sql="INSERT INTO issuedbooks (ISBN,Issued_date,ReturnDate,StudentId) VALUES('$_POST[ISBN]','$_POST[Issued_date]','','$_POST[StudentId]')";

This is waiting to bite you in the bum. Never, ever use raw user data (POST or GET) in an SQL statement. You MUST sanitize it if you're using mysql_* functions. I strongly suggest you use mysqli or PDO though and take advantage of prepared statements.

BTW - take care with formatting code on DW as the majority of it appears as plain text.

Votes + Comments
well said!
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.