I'm having a bit of an issue with PHP/MYSQL. Basically I'm trying to create a shopping cart and I get the following error..
Unknown column 'admin' in 'where clause'
Previous to that error I had undefined index so I fixed that but now I have this error? Any clue?
This is my DB in the table users
http://gyazo.com/cdc8324bf603891118d39c8aa5b3dc19
My code..
<?php
//--- Authenticate code begins here ---
session_start();
//checks if the login session is true
if (!isset($_SESSION['username'])){
header("location:index.php");
}
$username = $_SESSION['username'];
// --- Authenticate code ends here ---
include ('header.php');
?>
<link rel="stylesheet" type="text/css" href="../css/style1.css">
<div style="float:right"> <a class="btn btn-danger logout" href="logout.php" > Logout</a> </div>
<div id="menu">
<ul id="nav">
<li><a href="home.php" target="_self" >Home</a></li>
<li><a href="session1.php" target="_self" >Sessions</a>
<ul>
<li><a href="session1.php" target="_self" >Session 1</a></li>
<li><a href="session2.php" target="_self" >Session 2</a></li>
<li><a href="session3.php" target="_self" >Session 3</a></li>
<li><a href="session4.php" target="_self" >Session 4</a></li>
<li><a href="session5.php" target="_self" >Session 5</a></li>
<li><a href="session6.php" target="_self" >Session 6</a></li>
<li><a href="session7.php" target="_self" >Session 7</a></li>
<li><a href="session8.php" target="_self" >Session 8</a></li>
<li><a href="session9.php" target="_self" >Session 9</a></li>
<li><a href="session10.php" target="_self" >Session 10</a></li>
<li><a href="session11.php" target="_self" >Session 11</a></li>
<li><a href="session12.php" target="_self" >Session 12</a></li>
<li><a href="session13.php" target="_self" >Session 13</a></li>
<li><a href="session14.php" target="_self" >Session 14</a></li>
</ul>
<li><a href="blog.php" target="_self" >Blog</a></li>
<li><a href="shop.php" target="_self" >Shop</a></li>
</ul>
</div>
<h2>Order Total</h2>
<p>Please confirm your order details</p>
<?php
$sql = "SELECT fullname, location FROM users WHERE username =" . $_SESSION['username'];
//retrieve the details for the logged in user
$result = mysql_query($sql) or die(mysql_error($connection)); //run the query
$row = mysql_fetch_array($result); //save the result in the $row variable
echo "<p> Order for: <strong>" . $row['fullname'] . " " . $row['location'] .
"</strong></p>"; // display the user name
?>
<table style="border-spacing:1px; font-family:Verana, Geneva, sans-serif; background-color:#e1e1e1; width:100%">
<?php
if(isset($_SESSION['cart'])){
echo '<tr style="font-weight:bold; background-color:#fff;"><td
style="padding:10px; width:120px;">Image</td><td style="padding:10px">Product
Name</td><td style="padding:10px">Price</td><td style="padding:10px">Qty</td><td
style="padding:10px">Subtotal</td></tr>';
$max=count($_SESSION['cart']);
for($i=0;$i<$max;$i++){ //for each product in the cart get the following
$pid=$_SESSION['cart'][$i]['productID']; //productID
$q=$_SESSION['cart'][$i]['qty']; //quantity
$pname=get_product_name($pid); //product name
if($q==0) continue;
?>
<tr style="background-color:#fff">
<td style="padding:10px"><?php echo "<img src='../images/shop/"
.(get_product_image($pid)) . "'" . " width=100 height=100 alt='product'" . " />"?></td>
<td style="padding:10px"><?php echo $pname ?></td>
<td style="padding:10px">$ <?php echo(number_format((get_price($pid)), 2, '.',
''))?></td>
<td style="padding:10px"><?php echo $q ?></td>
<td style="padding:10px">$ <?php echo(number_format((get_price($pid)*$q), 2,
'.', ''))?></td>
<?php
}
?>
<tr>
<td style="padding:10px" colspan="2"><strong>Order Total: $ <?php
echo(number_format((get_order_total()), 2, '.', ''))?></strong></td>
<td colspan="5" style="text-align:right; padding:10px;">
<form action="shopsuccess.php" method="post">
<input type="hidden" name="command" />
<input type="button" value="Return to Cart"
onclick="window.location='shoppingcart.php'">
<input type="submit" name="confirmorder" value="Confirm Order" />
</form>
</td>
</tr>
<?php
}
else{
echo "<tr style='background-color:#fff'><td>There are no items in your
shopping cart!</td>";
}
?>
</table>
<p>*Free Shipping Australia-Wide</p>
<?php include ('footer.php'); ?>
The specific answer to your question is that you need to put quotes around string constants:
SELECT fullname, location FROM users WHERE username = '" . $_SESSION['username'] . "'"
The helpful answer is that you should be using mysqli_ instead of the out-of-date mysql_ interface. And, you should use parameters for constants in your queries rather than substituting values in strings. For one thing, that latter makes the code susceptible to SQL injection attacks.