Home/ Questions/Q 7512191
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T23:47:23+00:00

i am trying to create a database value from the values submited, and inserting

  • 0

i am trying to create a database value from the values submited, and inserting in the same database. the value i am creating is $tprice = '$Price' * '$Pquantity';
in code below, but it is not inserting

<?php
$submit = $_POST['Add'];

//form data
$Sname = mysql_real_escape_string(htmlentities(strip_tags($_POST['Sname'])));
$Pname = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pname'])));
$Pidno = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pidno'])));
$Psize = mysql_real_escape_string(htmlentities(strip_tags($_POST['Psize'])));
$Pcolour = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pcolour'])));
$Pquantity = $_POST['Pquantity'];
$Weblink = mysql_real_escape_string(htmlentities(strip_tags($_POST['Weblink'])));
$Price = mysql_real_escape_string(htmlentities(strip_tags($_POST['Price'])));
$date = date("Y-m-d");


echo " ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$Uname')";
if('POST' === $_SERVER['REQUEST_METHOD'])

{
    if ($Sname&&$Pname&&$Pidno&&$Weblink&&$Price)
    {
        if (is_numeric($Price))
        {
            $repeatheck = mysql_query("SELECT * FROM repplac WHERE Uname = '{$_SESSION['username']}' AND Pidno ='$Pidno' AND Sname='$Sname'");
            $count = mysql_num_rows($repeatheck);
            if($count!=0)
            {
                die ('PRODUCT ALREADY IN BASKET YOU CAN INCREASE OR DECREASE QUANTITY');
            }
            else
//echo'$Price';
                $tprice = '$Price' * '$Pquantity';
            //echo"$tprice";
            $queryreg = mysql_query("
INSERT INTO repplac VALUES ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$tprice','$date','{$_SESSION['username']}')
");
        }
        else
            echo 'price field requires numbers';
    }
    else
        echo 'please fill in all required * fields ';
}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This line:

    $tprice = '$Price' * '$Pquantity';

    won’t work: It will try to multiply the literal strings $Price and $Pquantity (because in strings with single quotes, variable names are not interpreted.)

    Just lose the quotes altogether:

    $tprice = $Price * $Pquantity;

    additional notes:

    • You should make sure that $Pquantity is an integer. Otherwise, people may be able to hack your prices by specifying 0.1

    • The strip_tags() and htmlentities() calls when sanitizing are overkill. I would not use either, and do a htmlentities() when outputting the data.

    • 0