Untitled

form and database

<?php

$submit = $_POST['Add'];

 

//form data

$Sname = mysql_real_escape_string(htmlentities(strip_tags($_POST['Sname'])));

$Pname = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pname'])));

$Pidno = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pidno'])));

$Psize = mysql_real_escape_string(htmlentities(strip_tags($_POST['Psize'])));

$Pcolour = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pcolour'])));

$Pquantity = $_POST['Pquantity'];

$Weblink = mysql_real_escape_string(htmlentities(strip_tags($_POST['Weblink'])));

$Price = mysql_real_escape_string(htmlentities(strip_tags($_POST['Price'])));

$date = date("Y-m-d");

 

 

echo " ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$Uname')";

if('POST' === $_SERVER['REQUEST_METHOD'])

 

{

    if ($Sname&&$Pname&&$Pidno&&$Weblink&&$Price)

    {

        if (is_numeric($Price))

        {

            $repeatheck = mysql_query("SELECT * FROM repplac WHERE Uname = '{$_SESSION['username']}' AND Pidno ='$Pidno' AND Sname='$Sname'");

            $count = mysql_num_rows($repeatheck);

            if($count!=0)

            {

                die ('PRODUCT ALREADY IN BASKET YOU CAN INCREASE OR DECREASE QUANTITY');

            }

            else

//echo'$Price';

                $tprice = '$Price' * '$Pquantity';

            //echo"$tprice";

            $queryreg = mysql_query("

INSERT INTO repplac VALUES ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$tprice','$date','{$_SESSION['username']}')

");

        }

        else

            echo 'price field requires numbers';

    }

    else

        echo 'please fill in all required * fields ';

}

?>

       

$tprice = '$Price' * '$Pquantity';

       

$tprice = $Price * $Pquantity;