CODEWITHSUNDEEP
phpmysqlhtmlphpmyadmin
Abdullah Mohammad
Abdullah Mohammad

Reputation: 1

PHP/MYSQL: data isn't appearing on the table

So i made a program to validate the card number.. So now i want to store the card number along with other useful data on mysql table but the credit card number isn't appearing on the table.. Its just showing 0, i changed the data type to varchar and now its just showing array and i am getting this error on the php page "Array to string conversion in C:\xamppp\htdocs\cpu5001\cards.php on line 38".. Here is my code:

<style>
#park{
border-radius: 25px; 
background:#D0D3D4;
height: 750px;
padding-top: 10px;
margin-top:10px;
}
</style>
<?php
session_start();
$ids=$_SESSION['tsmUserName'];
if (isset($_POST['submit'])){


    $number=$_POST['cc'];
    $expiray=$_POST['expire'];
    $Cardholder=$_POST['cardholder'];
    $country=$_POST['country'];
    $total=0;
    $i=1;
    $last4= substr($number,-4,4);
    $number=str_split($number);
    $number=array_reverse($number);
    foreach($number as $digit){
        if($i%2==0){
            $digit*=2;
            if($digit>9){
                $digit -=9;
            }
        }
        $total += $digit;
        $i++;
    }
    if($total%10==0){
        echo "Your credit card number ending in ".$last4." is valid";
        require_once("connection.php");
    $my_query="INSERT INTO `card`(`No`, `Username`, `CreditCard`, `ExpirationDate`, `CardHolderName`, `Country`) VALUES (NULL,'$ids','$number','$expiray','$Cardholder','$country')";
    $result=mysqli_query($connection,$my_query);
            if($result)
            {
                echo 'thank you';
            }
            else
            {
                echo 'error';
            }
            mysqli_close($connection);
    }
    else
    {
        echo "Your credit card number ending in ".$last4." is invalid";
    }


}
?>
<html>
<head>
    <title>Credit Card Number</title>
</head>
<body>
<label style="margin-left:630px; font-size: 1.6em;"> Credit card info </label>
<div id="park">
<div id="info" style="background:#F5F5DC; width:500px;height:570px; margin-left:450px;border-radius: 25px;margin-top:150px; ">
<img src="credit_2.PNG" style="margin-top:-130px; margin-left:120px;">
<form action="cards.php" method='POST'>
    </br></br>
    <label style="margin-left:192px; font-size:1.5em;"> Credit Number </label>
    </br></br>
    <input type="text" name="cc" style="margin-left:150px;  width:210px;">
    </br></br>
    <label style="margin-left:200px; font-size:1.5em;"> Expiray date </label>
    </br></br>
    <input type="date" name="expire" style="margin-left:150px;  width:210px;">
    </br></br>
    <label style="margin-left:190px; font-size:1.5em;"> Card Holder </label>
    </br></br>
    <input type="text" name="cardholder" style="margin-left:150px;  width:210px;">
    </br></br>
    <label style="margin-left:210px;font-size:1.5em;"> Country </label>
    </br></br>
    <input type="text" name="country" style="margin-left:150px;  width:210px;">
    </br></br>
    <input type="submit" name="submit" style="margin-left:230px;">
    </form>
</div>
</div>
    </body>
</html>

Upvotes: 0

Views: 52

Answers (2)

shalvah
shalvah

Reputation: 895

You reassigned $number to an array when you did $number=str_split($number);. Do this, and you should be fine: 

$numberChecker=str_split($number);
$numberChecker=array_reverse($number); 
foreach($numberChecker as $digit){ 
...
}

Side note: you really should be using MySQLi prepared statements.

Upvotes: 0

malte
malte

Reputation: 1444

Vitek had it right - you converted the string $number into an array with str_split,so maybe do this (using $numbers instead of $number):

$numbers=str_split($number);
$numbers=array_reverse($number);
foreach($numbers as $digit){
    if($i%2==0){
        $digit*=2;
        if($digit>9){
            $digit -=9;
        }
    }
    $total += $digit;
    $i++;
}

As other have mentioned, there are several issues that should be mentioned as well:

  • The code as it is is (VERY) vulnerable to sql injections (https://xkcd.com/327/) , you can read here how to use prepared statements which are safer: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
  • even if you remover the vulnerability above you need to take a lot of precautions if you store credit numbers in your own database - I have avoided it in my 15 years of development and hope I never need to - maybe consider using 3rd party services that are PCI compliant for this, like stripe (and PCI compliance, which you would need, is a PAIN)
  • in general it is better to separate view and database logic out into separate components. http://www.phptherightway.com/ has a lot of information on good practices, I would recommend a read ;)

Hope this helps.

Upvotes: 2

Related Questions