Home » Forums » Ubercart » Support
14 replies [Last post]
Thu, 09/25/2008 - 09:06
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
Was this information Helpful?

I'm not sure if that's the best way to describe what I'd like to do, so here's the scenario:

I'm setting up a "store" for online registration for a conference. I'd like to provide one page with all the selections a person will need to make. My thoughts are these:

Registration Type (radio buttons):
o Student (p1)
o Full (p2)

_ Continuing Ed Credits (p3) (checkbox)

Workshop selection 1 (radio buttons):
o Workshop A (p4)
o Workshop B (p5)

Workshop selection 2 (radio buttons):
o Workshop C (p6)
o Workshop D (p7)

(Submit Button goes to the shopping cart)

I was thinking that the form could pass the cart links to the next pages, but I have no idea if the cart can handle multiple items at once. I was looking at the help page for cart links and I thought that this might be possible.

For example, if someone choses "Student registration" "CE credits" "Workshop 1" and "Workshop 3" the query would be something like:

Submit action - /cart/add/e-p1_q1&p3_q1&p4_q1&p6_q1?destination=cart . Does this type of query string work?

Top
Thu, 09/25/2008 - 12:06
#1 View page
Ryan
Ryan's picture
Offline
Joined: 08/07/2007
Juice: 15438
Re: Passing items through a query string

If I'm not mistaken, I believe it will work if you replace your &'s with -'s.

Top
Thu, 09/25/2008 - 12:54
#2 View page
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
Ryan wrote:If I'm not
Ryan wrote:

If I'm not mistaken, I believe it will work if you replace your &'s with -'s.

You have no idea how much that helped! Now I just need to build my form and we're all set! Thanks again.

Top
Thu, 09/25/2008 - 15:30
#3 View page
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
Re: Ryan wrote:If I'm not

Now I'm left with how to generate that URL for the cart... My brain's not working well today, so any ideas? I'm thinking that the form's action must be that dynamically generated URL to add to the cart.

Top
Thu, 09/25/2008 - 15:57
#4 View page
Ryan
Ryan's picture
Offline
Joined: 08/07/2007
Juice: 15438
Re: Re: Ryan wrote:If I'm not

Nah, in the Forms API you have a form builder function and a submit handler. For D5, the return value of the submit handler is the page you should redirect to. So, look at their choices, build the cart link, and then return the whole 'cart/add/...' string.

Top
Thu, 09/25/2008 - 22:54
#5 View page
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
Re: Passing items through a query string

My brain is still not working, apparently. I'm using the webform module to build the selections. I'm having a hell of a time figuring out how to pull out the values from the submit string. This is frustrating because I'm so close.

Top
Thu, 09/25/2008 - 23:05
#6 View page
Ryan
Ryan's picture
Offline
Joined: 08/07/2007
Juice: 15438
Re: Re: Passing items through a query string

Ahh, I see. Are you using a custom module to add a submit handler to the form or trying to alter the form through the Webform module's UI somehow?

Top
Thu, 09/25/2008 - 23:10
#7 View page
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
Ryan wrote:Ahh, I see. Are
Ryan wrote:

Ahh, I see. Are you using a custom module to add a submit handler to the form or trying to alter the form through the Webform module's UI somehow?

I'm trying to use the additional processing part of the "advanced settings". I'm really at a loss about it. It says it uses the same syntax as the Forms API but the docs over in the forms api are very confusing.

I've also tried the redirect section in the UI and, again, no idea how to construct the URL. I'd post on a webform support group, but I don't think there is one. Smiling

Top
Fri, 09/26/2008 - 10:28
#8 View page
Ryan
Ryan's picture
Offline
Joined: 08/07/2007
Juice: 15438
Re: Ryan wrote:Ahh, I see. Are

They should have an issue tracker where you can post support requests on using that field - http://drupal.org/project/issues/webform.

EDIT: n/m, looks like you found it. Smiling

Top
Fri, 09/26/2008 - 13:00
#9 View page
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
cross-posted on the webform support

Ok. I've figured out a workaround for this and it looks like it'll work. What I did was look at the mysql table containing the data - webform_submitted_data and figured out that SID corresponds with SID in the webform_submissions table. So I can work from the webform_submissions table, get the SID of the user I want the data for and then go to the webform_submitted_data table and run the following query:

<?php
$query="SELECT `data` FROM `webform_submitted_data` WHERE `sid` = '$sid'"
$result=db_query($query);
?>

Then, I can take the data and create the ubercart URL I want:

<?php
print("<a href=\"/cart/add/");
while($a_list = db_fetch_object($result)){
  foreach ($a_list as $array => $a){
  }
print($a);
}
print ("?destination=cart\">cart</a>");
?>

Now, I just need to create a query to get the UID of the current user and that's it. I'll create a page that redirects to the newly created URL to add the items to the cart and then goes to checkout. It's crude, but it'll work for me.

Any gotchas I'm missing?

Top
Fri, 09/26/2008 - 14:54
#10 View page
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
Re: cross-posted on the webform support

I think I got it! Let me know if this is bad in some way.

Thanks for your order! Please
<?php
global $user;
$userId = $user->uid;
$query="SELECT `sid` FROM `webform_submissions` WHERE `uid` = '$userId'";
$sid_result=db_query($query);
while($sid_list = db_fetch_object($sid_result)){
  foreach ($sid_list as $array => $sid){
  }
$query="SELECT `data` FROM `webform_submitted_data` WHERE `sid` = '$sid'";
$result=db_query($query);
print("<a href=\"/cart/add/e-");
while($a_list = db_fetch_object($result)){
  foreach ($a_list as $array => $a){
  }
print("-".$a);
}
}
print ("?destination=cart\">continue</a>");
?>
to check out.
Top
Fri, 09/26/2008 - 15:20
#11 View page
Lyle
Lyle's picture
Offline
AdministratoreLiTe!
Joined: 08/07/2007
Juice: 6846
Re: Re: cross-posted on the webform support

You should almost never put variables directly into queries. It's a bad habit because you might put unsafe data in it, and then you could have someone hack into your database.

It's better to do this:

<?php
$query = "SELECT `sid` FROM `webform_submissions` WHERE `uid` = %d";
$sid_result = db_query($query, $user->uid);

// I find it easier to read when I put the query string in the db_query() call.

$result=db_query("SELECT `data` FROM `webform_submitted_data` WHERE `sid` = '%s'", $sid);
?>

Strings should have quotes around them in the query, but numbers should not. Different database engines can be particular about that.

Also, your code sample seems to have empty foreach() loops. Looks like the line after should be inside the braces. Hopefully that's just a copypasta error.

Top
Fri, 09/26/2008 - 15:26
#12 View page
sbanawan
sbanawan's picture
Offline
Bug Finder
Joined: 09/25/2008
Juice: 66
Lyle wrote:You should almost
Lyle wrote:

You should almost never put variables directly into queries. It's a bad habit because you might put unsafe data in it, and then you could have someone hack into your database.

It's better to do this:

<?php
$query = "SELECT `sid` FROM `webform_submissions` WHERE `uid` = %d";
$sid_result = db_query($query, $user->uid);

// I find it easier to read when I put the query string in the db_query() call.

$result=db_query("SELECT `data` FROM `webform_submitted_data` WHERE `sid` = '%s'", $sid);
?>

Strings should have quotes around them in the query, but numbers should not. Different database engines can be particular about that.

Also, your code sample seems to have empty foreach() loops. Looks like the line after should be inside the braces. Hopefully that's just a copypasta error.

Hmm. I'll make the changes you suggest but I'm not sure I follow the syntax. I'm a self-taught PHP person, so there's lots I don't know/understand.

Also, I know the foreach statement is empty but how else would I get the array into a variable?

Top
Fri, 09/26/2008 - 16:43
#13 View page
Lyle
Lyle's picture
Offline
AdministratoreLiTe!
Joined: 08/07/2007
Juice: 6846
Re: Lyle wrote:You should almost

OK. What db_query() does is replace all of the things like %s, %d, %f, or %b with each of the arguments after the first (which is the query string itself). %s is for strings, %d for integers, %f for floats, and %b for binary data (which I've never seen used). %% represents a literal % sign for use in LIKE.

db_fetch_object() returns an object, which has members that are the same name as the columns that were SELECTed.

<?php
$query = "SELECT `sid` FROM `webform_submissions` WHERE `uid` = %d";
$sid_result = db_query($query, $user->uid);
while ($sid_list = db_fetch_object($sid_result)) {
  $sid = $sid_list->sid;
}
?>
Top
Fri, 10/28/2011 - 12:47
#14 View page
BigMike
BigMike's picture
Offline
Joined: 10/20/2008
Juice: 1057
Lyle, I am in the same boat

Lyle,

I am in the same boat as the OP, I am learning PHP on the fly by reading and trying to reverse-engineer code from other modules and such. I've learned enough now to get myself in trouble and I am very curious on what you said here:

Lyle wrote:

You should almost never put variables directly into queries. It's a bad habit because you might put unsafe data in it, and then you could have someone hack into your database.

I can understand this because the data of a variable can change (by a hacker). But what I don't understand is how does the "%d" have anything to do with the "$userId", which is the variable the OP needs to use? I really appreciate you explaining the %d, %s, %b, et cetera; I've always been wondering what/where those come from. But I am confused on how to pass data into the query if all the %d does is specify that "something" is an integer. The "something" part is missing as far as I can tell.

Here is a query I am using for a block:

[code]$query = "SELECT title FROM {node} WHERE nid = $node->nid";
$result = db_query($query, $user->uid);[/code]

I need to only select the title where the node id is the current node id (for the node being viewed). This is where I need correction: If I replace the variable, like this:

[code]$query = "SELECT title FROM {node} WHERE nid = %d";
$result = db_query($query, $user->uid);[/code]

The %d is not a variable right? So I can't "set" it to be the $node->nid, and if so, then how do I only select the data I need if I don't have the requirement for WHERE I need to select it from?

I have done a lot of webmastering in my day and one hurdle I've always wanted to learn is in depth security & good practices. Your help is greatly appreciated!!

Thank you very much!
BigMike

Top