Posted by Hilarion on 11/15/05 21:41

> <?php
> session_start();
> include ("config.php");
> include( "settings.inc.php");
> ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <HTML>
> <head>
> <title><?echo"$la_supplier_order";?></title>

change the above line to:

<title><?php echo htmlspecialchars( $la_supplier_order ); ?></title>


> <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>
>
> <style type="text/css">
> <!--
> @import url(<?echo"$site_url";?>/admin/style.css);

this one to:

@import url(<?php echo $site_url; ?>/admin/style.css);


> -->
> </style>
> </head>



> <?
> echo"<body bgcolor=\"#ffffff\">";

The above part uses PHP for outputing plain HTML. Try this instead:

<body bgcolor="#ffffff">
<?php


> $sql_select = mysql_query( "SELECT `product`, `title`, `quantity`, `price`,
> `cart_order_id` FROM ".$prefix."store_order_inv WHERE `order_from_supplier`
> =1 ORDER BY `product` ASC");

Dump all the "`" signs (you need them only for column/table/database names
which contain special characters like spaces) and split the text to lines:

$sql_select = mysql_query(
'SELECT product, title, quantity, price, cart_order_id ' .
'FROM ' . $prefix . 'store_order_inv ' .
'WHERE order_from_supplier = 1 ' .
'ORDER BY product ASC'
);

Add error checking:

if ($sql_select===FALSE)
{
die( 'Error executing query: ' . mysql_error() );
}


> $totalrows = mysql_num_rows($sql_select);



> echo" <center><font face=\"arial\" size=\"4\">Order from Supplier<br></font>
>
> <font face=\"arial\" size=\"2\">$date</font></center><br><br>";
>
> ////// Reset database button /////////
> //////
> echo"<form name=\"reset_database\" method=\"post\" action=\"<? $PHP_SELF
> ?>\">
>
> <center><input type=\"submit\" name=\"enter_data\" value=\"Reset database
> after printing\"></center>
>
> </form>";

Change above block to HTML with PHP inserted instead of all PHP:

?>
<center><font face="arial" size="4">Order from Supplier<br></font>
<font face="arial" size="2"><?php echo $date; ?></font></center><br><br>

<form name="reset_database" method="post" action="<?php
echo htmlspecialchars( $_SERVER['PHP_SELF'] );
?>">
<center><input type="submit" name="enter_data"
value="Reset database after printing"></center>
</form>
<?php


> error_reporting( E_ALL );

This one should be before session_start call after first "<?php"
or after those includes.


> if ($enter_data) {

Should be:

if (!empty($_REQUEST['enter_data'])) {

> $sql = mysql_query("UPDATE cubecartstore_order_inv SET order_from_supplier
> = '0'");

Add error checking:

if ($sql===FALSE)
{
die( 'Error executing query: ' . mysql_error() );
}


> }


> echo"<table align=\"center\" width=\"95%\" border=\"0\" cellspacing=\"0\"
> cellpadding=\"0\">
> <tr><td bgcolor=\"$colour_1\">
> <table cellpadding=\"2\" cellspacing=\"1\" border=\"1\" width=\"100%\"
> align=\"center\">
> <tr bgcolor=\"$colour_1\" height=\"20\"
> background=\"../images/bevel_bg.gif\">
> <td align=\"center\" height=\"20\" background=\"../images/bevel_bg.gif\"
> nowrap><b>Product</b></td>
> <td align=\"center\" height=\"20\" background=\"../images/bevel_bg.gif\"
> nowrap><b>Title</b></td>
> <td align=\"center\" height=\"20\" background=\"../images/bevel_bg.gif\"
> nowrap><b>Quantity</b></td>
> <td align=\"center\" height=\"20\" background=\"../images/bevel_bg.gif\"
> nowrap><b>Price</b></td>
> <td align=\"center\" height=\"20\" background=\"../images/bevel_bg.gif\"
> nowrap><b>Order ID</b></td>
> </tr>";

Again to much HTML in PHP. Use this:

?>
<table align="center" width="95%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td bgcolor="<?php echo $colour_1; ?>">
<table cellpadding="2" cellspacing="1" border="1" width="100%" align="center">
<tr bgcolor="<?php echo $colour_1; ?>" height="20" background="../images/bevel_bg.gif">
<td align="center" height="20"
background="../images/bevel_bg.gif" nowrap><b>Product</b></td>
<td align="center" height="20"
background="../images/bevel_bg.gif" nowrap><b>Title</b></td>
<td align="center" height="20"
background="../images/bevel_bg.gif" nowrap><b>Quantity</b></td>
<td align="center" height="20"
background="../images/bevel_bg.gif" nowrap><b>Price</b></td>
<td align="center" height="20"
background="../images/bevel_bg.gif" nowrap><b>Order ID</b></td>
</tr>
<?php

You could also change <td> to <th> and dump the align="center" and <b>. Or better
use CSS instead of this way of formating.


> if($totalrows==0){echo"<br><br><p align=\"center\">No products in your
> inventory</p>";}

This one above will print the text inside <table> but outside any cell producing
invalid HTML.



> if($totalrows!==0){

Why not use "else" instead of another "if"?


> while ($row = mysql_fetch_array($sql_select)){
>
> $product=$row["product"];
> $title=$row["title"];
> $quantity=$row["quantity"];
> $price=$row["price"];
> $cart_order_id=$row["cart_order_id"];
>
>
> echo"<td align=\"center\">$product</td>
> <td align=\"left\">$title</td>
> <td align=\"center\">$quantity</td>
> <td align=\"center\">$currency $price</td>
> <td align=\"center\">$cart_order_id</td>
>
> </tr>";
>
> }// end while
> echo"</table></td></tr></table><br>";
>
> }
>
> echo"</body></html>";
> ?>
>
> I would assume the problem lies somewhere in the line...
>
> $sql = mysql_query("UPDATE cubecartstore_order_inv SET order_from_supplier
> = '0'");

I do not think so (it looks OK).


> ...I don't know how to use the $sql variable...I tried taking "$sql =" out
> of the line but that didn't work either...

You can use it to check if the UPDATE failed ($sql === FALSE) or not.


> I just want mysql_query() to execute the SQL statement when I press the
> submit button...


Hilarion

[Back to original message]