url encoding works but form doesn't

Hello

I am trying to get data from a php form to a mysql database and it just is not working. It works OK when the data is put in URL encoded attached to a URL (so this works...

http://www.aaa.com/ShoppingBag.php?action=add_item&id=123456&QTY=1

)

but not when it is put in via a form

I'm sorry, but this is driving me mental.

Can anyone suggest what the problem might be?

Thanks.


<form action="ShoppingBag.php" method="POST">
<input type="hidden" name="id" value="123456">
<table border="0" width="126">
<tr align="right">
<td width="57"><strong>QTY </strong></td>
</tr>
<tr align="right">
<td><select name="QTY" size="1">
<option
selected>1</option>
<option>2</option>
<option>3 </option>
<option>4</option>
<option>5</option>
<option>6</option>
<option>7</option>
<option>8 </option>
<option>9</option>
</select></td>
</tr>
<tr align="right">
<td colspan="2"><input
type="image" name="I1" src="../IMAGES/ADD-TO-CART.jpg"
align="bottom" border="0" width="126" height="45"> </td>
</tr>
</table>
</form>




<?php

include("db.php");


switch($_GET["action"])
{
case "add_item":
{
AddItem($_GET["id"], $_GET["QTY"]);
ShowCart();
break;
}
case "update_item":
{
UpdateItem($_GET["id"], $_GET["QTY"]);
ShowCart();
break;
}
case "remove_item":
{
RemoveItem($_GET["id"]);
ShowCart();
break;
}
default:
{

ShowCart();
}
}

function AddItem($ITEMID, $QTY)
{
// Will check whether or not this item
// already exists in the cart table.
// If it does, the UpdateItem function
// will be called instead
//echo ("ID = " . $ITEMID);
global $dbServer, $dbUser, $dbPass, $dbName;

// Get a connection to the database
$cxn = @ConnectToDb($dbServer, $dbUser, $dbPass, $dbName) or die(mysql_error());

// Check if this item already exists in the users cart table
$result = mysql_query("select count(*) from cart where cookieId = '" . GetCartId() . "' and ITEMID = $ITEMID") or die(mysql_error());
$row = mysql_fetch_row($result) or die(mysql_error());
$numRows = $row[0];

if($numRows == 0)
{
// This item doesn't exist in the users cart,
// we will add it with an insert query

@mysql_query("insert into cart(cookieId, ITEMID, QTY) values('" . GetCartId() . "', $ITEMID, $QTY)");
}
else
{
// This item already exists in the users cart,
// we will update it instead

UpdateItem($ITEMID, $QTY);
}
}





function UpdateItem($ITEMID, $QTY)
{
// Updates the quantity of an item in the users cart.
// If the qutnaity is zero, then RemoveItem will be
// called instead

global $dbServer, $dbUser, $dbPass, $dbName;

// Get a connection to the database
$cxn = @ConnectToDb($dbServer, $dbUser, $dbPass, $dbName) or die(mysql_error());

if($QTY == 0)
{
// Remove the item from the users cart
RemoveItem($ITEMID);
}
else
{
mysql_query("update cart set QTY = $QTY where cookieId = '" . GetCartId() . "' and ITEMID = $ITEMID") or die(mysql_error());
}
}

function RemoveItem($ITEMID)
{
// Uses an SQL delete statement to remove an item from
// the users cart

global $dbServer, $dbUser, $dbPass, $dbName;

// Get a connection to the database
$cxn = @ConnectToDb($dbServer, $dbUser, $dbPass, $dbName) or die(mysql_error());

mysql_query("delete from cart where cookieId = '" . GetCartId() . "' and ITEMID = $ITEMID") or die(mysql_error());
}

function ShowCart()
{
// Gets each item from the cart table and display them in
// a tabulated format, as well as a final total for the cart

global $dbServer, $dbUser, $dbPass, $dbName;

// Get a connection to the database
$cxn = @ConnectToDb($dbServer, $dbUser, $dbPass, $dbName) or die(mysql_error());

$totalCost = 0;
$result = mysql_query("select * from cart inner join items on cart.ITEMID = items.ITEMID where cart.cookieId = '" . GetCartId() . "' order by items.ITEMNAME asc") or die(mysql_error());
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Shopping cart</title>

<script language="JavaScript">

function UpdateQTY(item)
{
ITEMID = item.name;
newQTY = item.options[item.selectedIndex].text;

document.location.href = 'ShoppingBag.php?action=update_item&id='+ITEMID+'&QTY='+newQTY;
}

</script>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body background="../images/BACK.jpg" topmargin="0">

<form name="frmCart" method="post" action="">


<div align="center"><img src="../images/SHOPPING.jpg" width="695" height="134"><br>
<table width="700" border="0" align="center" cellspacing="1"><!--DWLayoutTable-->
<tr>
<td colspan="6" align="center" bgcolor="#FF0000"><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Bag
Content</strong></font></td>
</tr>
<tr>
<td width="84" bgcolor="#990000"><strong><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, sans-serif">Item</font></strong></td>
<td colspan="2" bgcolor="#990000"><strong><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, sans-serif">Product</font></strong><strong></strong></td>
<td width="105" bgcolor="#990000"><strong><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, sans-serif">Price
Each</font></strong></td>
<td width="53" bgcolor="#990000"><strong><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, sans-serif">QTY</font></strong></td>
<td width="48" bgcolor="#990000"><strong><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, sans-serif">Remove</font></strong></td>
</tr>
<?php

while($row = mysql_fetch_array($result))
{
// Increment the total cost of all items
$totalCost += ($row["QTY"] * $row["ITEMPRICE"]) or die(mysql_error());
?>

<tr>
<td height="25"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><?php echo $row['ITEMID']; ?></font></td>
<td height="25"><?php echo '<img src="../images/' .$row['ITEMID'].'.png" />'; ?></td>
<td height="25"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><?php echo $row["ITEMNAME"]; ?></font></td>
<td height="25"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">$<?php echo number_format($row["ITEMPRICE"], 2, ".", ","); ?></font></td>
<td height="25"><select name="<?php echo $row["ITEMID"]; ?>" onChange="UpdateQTY(this)">
<?php

for($i = 1; $i <= 20; $i++)
{
echo "<option ";
if($row["QTY"] == $i)
{
echo " SELECTED ";
}
echo ">" . $i . "</option>";
}
?>
</select>

</td>
<td height="25"><a href="ShoppingBag.php?action=remove_item&id=<?php echo $row["ITEMID"]; ?>"><strong><img src="../images/Del.jpg" width="15" height="15" align="top" border="0"></strong></a></td>
</tr>





<?php
}

?>




<tr>
<td height="21" colspan="6" align="center" valign="top"><hr align="center" width="700" size="1" color="red" noshade></td>
</tr>
<tr>
<td height="43" colspan="5" align="right" valign="bottom"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Total</strong></font><br>
<font size="-2" face="Verdana, Arial, Helvetica, sans-serif">Item price
includes shipping and handling.<br>
Tax will be added for FL. State residents </font></td>
<td align="center" valign="middle" bgcolor="#990000"><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>$<?php echo number_format($totalCost, 2, ".", ","); ?> <input type="hidden" name="thetotal" value="<?php echo $totalCost; ?>"></strong></font></td>
</tr>
<tr>
<td height="43" colspan="3"> </td>
<td height="43" colspan="2" align="left" valign="bottom"><a href="http://www.actuacosmetics.com/Actua.htm"><img src="../images/ContinueShopping.jpg" width="150" height="40" border="0"></a></td>
<td> </td>
</tr>
<tr>
<td height="43" colspan="3"> </td>
<td height="43" colspan="2" align="left" valign="bottom">
<a href="Checkout.php"><img src="../images/ProceedToCheckout.jpg" width="150" height="40" border="0"></a>


</td>
<td> </td>
</tr>
<tr>
<td height="43"> </td>
<td width="54" height="43"> </td>
<td width="341" height="43"> </td>
<td height="43" colspan="3" align="left" valign="bottom"><img src="../images/LogoSmall.jpg" width="145" height="60"><br>
<font size="-2" face="Verdana, Arial, Helvetica, sans-serif">lic </font></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<?php
}

?>

No action...?

<form name="frmCart" method="post" action="">

You are using the POST form method, but using the $_GET Superglobal to retrieve the values...this will not work. Try changing all the $_GET to $_POST, that should do the trick. As far as not specifying the action in the one form, I have seen this done when posting to the same page that the form is on, but it would probably be better to specify a target page.