Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require("connect.php");
- if(!empty($_POST))
- {
- $user = $_SESSION['user'];
- $username = $user['username'];
- $query = "
- SELECT `client_id` FROM `users`
- WHERE `username` = '$username' LIMIT 1
- ";
- try
- {
- $stmt = $db->prepare($query);
- $stmt->execute();
- }
- catch(PDOException $ex)
- {
- die("Failed to run query: " . $ex->getMessage());
- }
- $rows = $stmt->fetchAll();
- $client_id = $rows[0]['client_id'];
- $query = "
- INSERT INTO reservations (
- client_id,
- fname,
- lname,
- date,
- table_id
- ) VALUES (
- :client_id,
- :fname,
- :lname,
- :date,
- :table_id
- )";
- $query_params = array(
- ':client_id' => $client_id,
- ':fname' => $_POST['name'],
- ':lname' => $_POST['surname'],
- ':date' => $_GET['date'],
- ':table_id' => $_GET['id']
- );
- try
- {
- // Execute the query to create the user
- $stmt = $db->prepare($query);
- $result = $stmt->execute($query_params);
- }
- catch(PDOException $ex)
- {
- // Note: On a production website, you should not output $ex->getMessage().
- // It may provide an attacker with helpful information about your code.
- die("Failed to run query: " . $ex->getMessage());
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- </head>
- <body>
- <form action="make_reserv.php<?php echo "?id=" . $_GET['id'] . "&date=" . $_GET['date']; ?>" method="post">
- Όνομα : <input type="text" name="name"> </br>
- Επώνυμο : <input type="text" name="surname"> </br>
- <input type="submit" name="submit">
- </form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
