0

Hi I have added a function to my website where the user can cancel a booked ticket using the code: cancel.php

<?php
session_start();
include('config.php');
mysqli_query($con,"delete from tbl_bookings where book_id='".$_GET['id']."'");
$_SESSION['success']="Booking Cancelled Successfully";
header('location:profile.php');
?>

and I tried to add a function to the same ticket that the user can cancel to print ticket, so the user can print this ticket, the code i used is: print.php

<?php
session_start();
include('config.php');
window.print(mysqli_query($con,"select from tbl_bookings where book_id='".$_GET['id']."'"));
header('location:profile.php');
?>

the link to these two classes in a class called profile.php, and this bit is in the line where it says:

                            <a href="cancel.php?id=<?php echo $bkg['book_id'];?>">Cancel </a>/<a href="print.php?id=<?php echo $bkg['book_id'];?>">Print Ticket</a>

I would be happy if you can tell me how to print this data.. thanks

the use of $bkg

$bk=mysqli_query($con,"select * from tbl_bookings where user_id='".$_SESSION['user']."'");
                if(mysqli_num_rows($bk))
                {
                    ?>
                    <table class="table table-bordered">
                        <thead>
                        <th>Booking Id</th>
                        <th>Movie</th>
                        <th>Theatre</th>
                        <th>Screen</th>
                        <th>Show</th>
                        <th>Seats</th>
                        <th>Price</th>
                        <th></th>
                        </thead>
                        <tbody>
                        <?php
                        while($bkg=mysqli_fetch_array($bk))
                        {
                            $m=mysqli_query($con,"select * from tbl_movie where movie_id=(select movie_id from tbl_shows where s_id='".$bkg['show_id']."')");
                            $mov=mysqli_fetch_array($m);
                            $s=mysqli_query($con,"select * from tbl_screens where screen_id='".$bkg['screen_id']."'");
                            $srn=mysqli_fetch_array($s);
                            $tt=mysqli_query($con,"select * from tbl_theatre where id='".$bkg['t_id']."'");
                            $thr=mysqli_fetch_array($tt);
                            $st=mysqli_query($con,"select * from tbl_show_time where st_id=(select st_id from tbl_shows where s_id='".$bkg['show_id']."')");
                            $stm=mysqli_fetch_array($st);
                            ?>
                            <tr>
                                <td>
                                    <?php echo $bkg['ticket_id'];?>
                                </td>
                                <td>
                                    <?php echo $mov['movie_name'];?>
                                </td>
                                <td>
                                    <?php echo $thr['name'];?>
                                </td>
                                <td>
                                    <?php echo $srn['screen_name'];?>
                                </td>
                                <td>
                                    <?php echo $stm['start_time'];?>
                                    <?php echo $stm['name'];?>
                                </td>
                                <td>
                                    <?php echo $bkg['no_seats'];?>
                                </td>
                                <td>
                                    £   <?php echo $bkg['amount'];?>
                                </td>
                                <td>
                                    <?php  if($bkg['ticket_date']<date('Y-m-d'))
                                    {
                                        ?>
                                        <i class="glyphicon glyphicon-ok"></i>
                                        <?php
                                    }
                                    else
                                    {?>
                                    <a href="cancel.php?id=<?php echo $bkg['book_id'];?>">Cancel </a>/<a href="print.php?id=<?php echo $bkg['book_id'];?>">Print Ticket</a>
                                    <?php
                                    }
                                    ?>
                                </td>
                            </tr>
                            <?php
                        }
                        ?></tbody>

enter image description here

Improve this question
6
  • 2
    Please be aware that your code is vulnerable to SQL injection, and anyone could delete any booking they want very easily! Never use $_GET directly in SQL statements -- especially with a DELETE statement! You should use prepared statements instead, binding to variables. You can refer to this post for further information on how to prevent SQL injection in PHP :) Commented Mar 6, 2019 at 1:12
  • Also, what does $bkg relate to on profile.php? The statement to output the ID looks correct; are you indeed passing across the ID in $bkg['book_id']? Commented Mar 6, 2019 at 1:14
  • I will be aware of that thx, and i will share the code where i used $bkg Commented Mar 6, 2019 at 1:24
  • 1
    window.print() is an javascript function, you can't call it inside a php script. Commented Mar 6, 2019 at 1:24
  • how can I do that in php pleas? or what should i do to make it work for this one? thanks Commented Mar 6, 2019 at 1:27

3 Answers 3

Reset to default
1

  1. You can't call window.print() within PHP code since it's a javascript function

  2. header('location:profile.php'); will redirect the page before the javascript have the chance to execute the code. Replace that code with a javascript code which executes after you print the page.

Your print.php:

<?php
session_start();
include('config.php');
$result = mysqli_query($con, "select * from tbl_bookings where book_id='{$_GET['id']}'"); // You should replace this with  prepare statement
$row = $result->fetch_array();
// assume that your booking table has columns: id, movie_name, time
echo "<table>
<tr><td>Booking ID</td><td>{$row['id']}</td></tr>
<tr><td>Movie Name</td><td>{$row['movie_name']}</td></tr>
<tr><td>Time</td><td>{$row['time']}</td></tr>
</table>";   
?>
<script>
   window.print();
   window.location.href = "profile.php"
</script>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Fatal error: Uncaught Error: Call to a member function fetch_array() on bool in line 5
I copied your code from the question, there is an error with SQL command, it should be select * from .... I fixed my answer.
it did work however it doesnt take the information from the database, i will upload a picture showing what it shows and let me know if you why is that please
I want the output to be: the information inside the table only: for example; booking ID:BK451, Movie: name, etc.
I don't know your database structure, I update my answer to show you the example, update it base on your database.
1

Stop coding now!

You need to learn the very basic of how PHP + MySQL + HTML + JS work together.

At the moment, you don't need to know what's wrong with your code. You need to learn some basic tutorials, then re-write your code from scratch. Many tutorials all over the intermet. Read this.

Extra Explanation

Server = where your code lives.

Client = the browser.

PHP & MySQL live in the server ONLY, work on the server, handled by the server.

HTML + CSS + JS prepared by the server, server then send it to client, then handled by client (the browser). So they start working when in the client (the browser). As long as they're on the server, they are just strings.

So it's always like:

  1. Browser request file from server (http://www.mywebsite.com/something.php). This is known as the request.
  2. Server runs the php file (something.php), which may generate output (HTML+CSS+JS), server then send the output to the client (browser). This is known as response.
  3. Client (browser) then receives the output (as plain strings), then browser runs the code (JS).

Conclusion:

Don't tell server to run JS, don't tell client (browser) to run PHP or MYSQL.

Improve this answer

Comments

0

I've modified your code to work and to much more secured way using prepare statement.

<table>
<tr><th> id </th> <th> time </th> </tr>

<?php
if (!$bk = $con->prepare("select * from tbl_bookings where user_id = ? ")) {
echo $con->error; // show error message when SQL query is wrong or goes kaboom!
} else{
$bk->bind_param("s",$_SESSION['user']); //bind the blind parameters, "s" stands for string
$bk->execute ();// execute the query
$bk_result = $bk->get_result(); // get results 
}
while ($bk_row = $bk_result->fetch_assoc()){ ?>
<tr><td> <?php echo $bk_row['id']; ?> </td> <td> <?php echo $bk_row['id'] ?> </td> </tr>

<?php } //end while loop ?>
</table>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.