I know some of you might not agree with this but Its good to do. Below you will find my two tables.
Table Item
pid Name
1 cat
2 dogs
3 cows
Table Category
CatID pid Name
11 1 banana
33 1 apple
44 2 strawberry
Basically I have a Select option and the option might looks like the one below
<option selected="" value="33">apple</option>
now if I was to change the value to a letter or number or leave it blank value=""
Then I click on my submit button.
In the page which I am posting to I have
if(isset($_POST['pid']) && isset($_POST['length']) && isset($_POST['Qty']) && isset($_POST['Category'])){
$pid = $_POST['pid'];
$length = $_POST['length'];
$qty = $_POST['Qty'];
$Category = $_POST['Category'];
$wasFound = false;
<-I have a query here ->
<-I have another if statement here which should run if everything is okay ->
}
<-I have a query here -> this is where my problem is
I have an individual query which should change with the database to verify that what the user is posting is in the database. This is general to make sure that the user have not done something that they should not have.
dbconnect();
$statement = $db->prepare("
SELECT * FROM Category WHERE CatID =:Cat
LIMIT 1
");
$statement->bindParam('Cat',$Category);
$statement->execute();
$statement->fetchAll(PDO::FETCH_ASSOC);
if ($statement->rowCount() > 0) {
exit();
}
I have run query both when I have change the value and it doesn't prove the item getting add to the cart BUT even when I haven't change anything, it still doesn't work. I do not get an error
First of all, have your dbconnect() as described in tag wiki.
Second, make your code more consistent
dbconnect();
$statement = $db->prepare("SELECT * FROM Category WHERE CatID = ?");
$statement->execute(array($Category));
if (!$statement->fetch()) {
exit();
}
for your form you can use a bit more intelligent approach (for which, I believe, named placeholders were invented):
$sql = "SELECT * FROM Category WHERE CatID = :Category AND pid = :pid
AND length = :length AND qty = :qty";
$statement = $db->prepare($sql);
unset($_POST['submit']); // get rid of all extra fields in POST
$statement->execute($_POST); // and then pass it in execute()
if (!$statement->fetch()) {
exit();
}
in order to find some inconsistency in your code, add some debug output
I think on the line
if ($statement->rowCount() > 0)
You meant < 0. Exiting if rowCount > 0 means exiting if the category WAS found in the database. I think you meant to exit if it was not found.
You should probably at least inform the user they chose and invalid category also.