RandyB Insert Entrant

1. <?php
2.  
3. session_start();
4.  
5. /*xxxxxxxx prepare variables xxxxxxxx*/
6.  
7. $ticket_no = ""; //auto-increments
8.  
9. $fname = filter_input(INPUT_POST, 'fname', FILTER_DEFAULT);
10.  
11. $lname = filter_input(INPUT_POST, 'lname', FILTER_DEFAULT);
12.  
13. $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
14.  
15. $phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_NUMBER_INT);
16.  
17. /*xxxxxxx hidden form inputs xxxxxxxx*/
18.  
19. $filePath = $_POST ['filePath'];
20.  
21. $raffle_id = $_POST['raffle_id'];
22.  
23. $prize_id = $_POST['prize_id'];
24.  
25. $ticketPrice = $_POST['ticketPrice'];
26.  
27. $paymentMethod = $_POST['paymentMethod'];
28.  
29. /*xxxxxxx connect to dbase xxxxxxxx*/
30.  
31. $server = "localhost";
32. $user = "me";
33. $password = "pw";
34. $database = "db";
35.  
36. $link = mysqli_connect($server, $user, $password, $database);
37.  
38. mysqli_select_db($link, $database);
39.  
40. /*xxxxxxx check for discount xxxxxxx*/
41.  
42. $SQL = "SELECT * FROM discount_test
43. WHERE fname = $fname && lname = $lname && email = $email";
44.  
45. if(fname == $fname && lname == $lname && email == $email)
46. {
47. $discountYN = "yes";
48.  
49. $ticketPrice = $ticketPrice - ($ticketPrice * .10);
50.  
51. $discountTxt = "You received a 10% discount on your ticket purchase. Your ticket price was $$ticketPrice.
52.  
53. Best of luck to you!
54.  
55. Rockin' Randy";
56. }
57. else
58. {
59. $discountYN = "no";
60.  
61. $discountTxt = "Best of luck to you!
62.  
63. Rockin' Randy";
64. }
65.  
66. /*xxxxxxxxc insert data xxxxxxxxx*/
67.  
68. $SQL="INSERT INTO entrants_test SET
69. ticket_no = '$ticket_no',
70. fname = '$fname',
71. lname = '$lname',i
72. email = '$email',
73. phone = '$phone',
74. raffle_id = '$raffle_id',
75. paymentMethod = '$paymentMethod',
76. purchaseDate = CURRENT_DATE(),
77. discountYN = '$discountYN'
78. ";
79.  
80. mysqli_query($link, $SQL);
81.  
82. /*xxxxxxxxxc test insertion xxxxxxxxxxc*/
83.  
84. if(mysqli_errno($link))
85. {
86. // notify admin of error
87.  
88. $to = "me@mySite.com";
89.  
90. $subject = "Error number: " . mysqli_errno($link);
91.  
92. $txt = mysqli_error($link);
93.  
94. $headers = "From: ErrorNotification@mySite.com";
95.  
96. mail($to,$subject,$txt,$headers);
97.  
98. // display error mssg on page
99.  
100. $errorTxt = "<p>We're sorry, your entry was not accepted. Error number "
101. . mysqli_errno($link) . ". " . "<br />"
102. . mysqli_error($link)
103. . "<p>The administrator has been sent an email notification of this error, and it will be corrected as soon as possible.</p>";
104. }
105. else
106. {
107. /*xxxxxxxx get ticket number xxxxxxx*/
108.  
109. $SQL = "SELECT COUNT(*)
110. FROM entrants_test";
111.  
112. $result = mysqli_query($link, $SQL);
113.  
114. $rowcount = mysqli_fetch_array($result);
115.  
116. $rowcount = $rowcount[0];
117.  
118. $ticket_no = $rowcount;
119.  
120. /* xxxxxxxxxxx Send e-ticket xxxxxxxxx */
121.  
122. $to = $email;
123.  
124. $subject = "TICKET NUMBER: $ticket_no.";
125.  
126. $txt = "Thank you, $fname, for supporting us by entering $brand $artist $model Raffle No. $raffleNo. Save this email as your your e-Ticket (No. $ticket_no) and proof of purchase.
127.  
128. $discountTxt ";
129.  
130. $headers = "From: TicketPurchase@mySite.com";
131.  
132. mail($to,$subject,$txt,$headers);
133.  
134. /*xxxxxxx if 1000, select winner xxxxxxx*/
135.  
136. if($ticket_no == 1000)
137. {
138. include("selectWinner.php");
139. }
140.  
141. }
142.  
143. mysqli_close($link);
144. ?>