Hi guys
I am currently developing a auction website for college.
I have done a good bit so far but I have hit a problem when trying to add a property by the 'Admin' user for a 'Seller' user.
I have made the site so you can register, login and add property but the problem is when trying to add property for a seller it adds the property but it doesn't recognize the user I have selected that I want the property to be attached to. Instead it will attach the property to the admin user and I cant figure out why. Is it something to do with the SESSION(USERID).
Any help greatly appreciated.
This is my code below:
<?php
require("config.php");
require("functions.php");
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
require("header.php");
if(isset($_SESSION) == TRUE && isset($_SESSION) == TRUE
&& isset($_SESSION) == TRUE && isset($_SESSION) == TRUE)//if session variables set to true
{
if(isset($_POST))
{
$date_valid = checkdate($_POST, $_POST, $_POST);//uses the check date method from php to check it is a valid date
if($date_valid == TRUE)
{
$concatdate = $_POST . "-" . sprintf("%02d", $_POST)
. "-" . sprintf("%02d", $_POST)
. "-" . $_POST
. "-" . $_POST
. ":00";
$user_input = mysql_query("INSERT INTO items (user_id, cat_id, name, startingprice, description, dateends) VALUES("
. $_POST
. ", " . $_POST
. ", '" . $_POST
. "', " . $_POST
. ", '" . $_POST
. "', '" . $concatdate
. "');");
header("Location:
http://localhost/declan/add_success.php");
}
}
}
?>
<p>
<h1>Add your property details !</h1>
<form action='add_property.php?id=" . $_SESSION["USERID"] . "' method="post">
<table>
<tr>
<td>Category</td>
<td>
<select name="cat">
<?php $cat_set = get_all_categories(); ?>
<?php
while($catrow = mysql_fetch_assoc($cat_set))
{
echo "<option value='" . $catrow . "'>" . $catrow . "</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td>Username</td>
<td>
<select name="myname">
<?php $cat_set1 = get_all_users(); ?>
<?php
while($catrow1 = mysql_fetch_assoc($cat_set1))
{
echo "<option value='" . $catrow1 . "'>" . $catrow1 . "</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td>Property name</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>Property description</td>
<td><textarea name="description" rows="10" cols="50"></textarea></td>
</tr>
<tr>
<td>Ending date</td>
<td>
<table>
<tr>
<td>Day</td>
<td>Month</td>
<td>Year</td>
<td>Hour</td>
<td>Minute</td>
</tr>
<tr>
<td>
<select name="day">
<?php
for($i=1;$i<=31;$i++)
{
echo "<option>" . $i . "</option>";
}
?>
</select>
</td>
<td>
<select name="month">
<?php
for($i=1;$i<=12;$i++)
{
echo "<option>" . $i . "</option>";
}
?>
</select>
</td>
<td>
<select name="year">
<?php
for($i=2013;$i<=2017;$i++)
{
echo "<option>" . $i . "</option>";
}
?>
</select>
</td>
<td>
<select name="hour">
<?php
for($i=0;$i<=23;$i++)
{
echo "<option>" . sprintf("%02d",$i) . "</option>";
}
?>
</select>
</td>
<td>
<select name="minute">
<?php
for($i=0;$i<=60;$i++)
{
echo "<option>" . sprintf("%02d",$i) . "</option>";
}
?>
</select>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>Price</td>
<td><?php echo $config_currency; ?><input type="text" name="price"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Post!"></td>
</tr>
</table>
</form>
<!-- end #content -->
<?php require("footer.php"); ?>