"City Colleges Of Chicago - Mannheim" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> if there is a booktitle and a quantity chosen, then go to that booktitle
and
> adjust the quantity in the database.
<?php
$link = mysql_pconnect($local, $user, $pass)
or die("Error connecting: ".mysql_error());
mysql_select_db($db, $link)
or die("Error opening database $db: ".mysql_error());
if ($submit) {
if ($bookID != "" and $quantity > 0) {
$query =
"UPDATE Book2"
." SET stock=(stock-".(int)$quantity.")"
." WHERE bookID=".(int)$bookID
." AND stock >=".(int)$quantity;
$result = mysql_query($query, $link);
if (mysql_affected_rows($link) == 1)
echo "<p>Your order has been placed.</p>";
else
echo "<p>There was an error in placing the order.</p>";
}
}
else {
echo "<p>Your order has not been placed.</p>";
}
?>
NOTE:
1. We work with a unique book-id, not a book title;
this is (a) faster for the database and (b) eliminates
problems dealing with several books of the same
name (ie multiple editions, hard-cover/soft-cover/trade,
etc).
2. We add quantity-checking to the query - before an
order is placed, we ensure there are sufficient books
on hand. Because this is done as a single operation,
we don't have to worry about transaction-safety.
3. When composing the query, all values are cast to int,
foiling would-be hack attempts.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
