"City Colleges Of Chicago - Mannheim" <[EMAIL PROTECTED]> wrote in message
> if there is a booktitle and a quantity chosen, then go to that booktitle
> adjust the quantity in the database.

    $link = mysql_pconnect($local, $user, $pass)
        or die("Error connecting: ".mysql_error());
    mysql_select_db($db, $link)
        or die("Error opening database $db: ".mysql_error());

    if ($submit) {
        if ($bookID != "" and $quantity > 0) {
            $query =
                "UPDATE Book2"
                ." SET stock=(stock-".(int)$quantity.")"
                ." WHERE bookID=".(int)$bookID
                    ." AND stock >=".(int)$quantity;
            $result = mysql_query($query, $link);

            if (mysql_affected_rows($link) == 1)
                echo "<p>Your order has been placed.</p>";
                echo "<p>There was an error in placing the order.</p>";
    else {
        echo "<p>Your order has not been placed.</p>";

    1.  We work with a unique book-id, not a book title;
        this is (a) faster for the database and (b) eliminates
        problems dealing with several books of the same
        name (ie multiple editions, hard-cover/soft-cover/trade,
    2.  We add quantity-checking to the query - before an
        order is placed, we ensure there are sufficient books
        on hand.  Because this is done as a single operation,
        we don't have to worry about transaction-safety.
    3.  When composing the query, all values are cast to int,
        foiling would-be hack attempts.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to