ADD TO CART BUTTON

[elisha bere]

Hie ,

i am a new developer from Zimbabwe and the logic i used for my add to cart is giving me an error how can i handle this?

MODEL CODE:

db.define_table('products',
    Field('product_name'),
    Field('current_price', 'float'),
    Field('image', 'upload'),
    Field('description', type='text'),
    Field('product_availability', requires = IS_IN_SET(['Available','Not Available'])),
    auth.signature,
    )

db.define_table('orders',
    Field('productId', db.product),
    Field('userId', db.auth_user),
    Field('qty'),                           
    Field('order_date'),
     )

CONTROLLER CODE

def proc():
    prodDict = {}
    productrows = db(db.products).select()
    for x in productrows:
        prodDict[x.id] = x.product_name
    order_date = str(request.now.year) + "-" + str(request.now.month) + "-" + str(request.now.day)
    qty = request.vars.qty
    productId = request.vars.productId
    userId = session.auth.user.id
    sql = "INSERT INTO orders (productId, userId, qty, order_date) values (str(productId), str(userId), str(qty), str(order_date))"
    #sql = sql + "(" + str(productId) + "," + str(userId) + "," + str(qty) +  "," + str(order_date) + "')"
    r = db.executesql(sql)
    rows = db(db.orders.userId==session.auth.user.id).select(orderby=~db.orders.id)
    return locals()

VIEWCODE

{{extend 'layout.html'}}
<h1>Shopping Cart</h1>
<p>
    Items in Cart
</p>
<table class='table table-striped table-hover'>
    {{for x in rows:}}
    <tr>
        <td>{{x.qty}}</td>
        <td>{{=prodDict[x.id]}}</td>
        <td><a href='#delete'>Delete</a></td>       
    </tr>
    {{pass}}
</table>
<br/>
&nbsp;&nbsp;&nbsp;<a href='view'>Continue Ordering</a>

PLEASE ASSIST .....the add to cart button is there on my main page but when i add something to cart it gives me a error below

Traceback

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.

Traceback (most recent call last): File "C:\Users\elisha.bere\Downloads\my_python_files\PIZZZA PROJECT\web2py_win\web2py\gluon\restricted.py", line 219, in restricted exec(ccode, environment) File "C:/Users/elisha.bere/Downloads/my_python_files/PIZZZA PROJECT/web2py_win/web2py/applications/project/controllers/products.py", line 58, in <module> File "C:\Users\elisha.bere\Downloads\my_python_files\PIZZZA PROJECT\web2py_win\web2py\gluon\globals.py", line 419, in <lambda> self._caller = lambda f: f() File "C:/Users/elisha.bere/Downloads/my_python_files/PIZZZA PROJECT/web2py_win/web2py/applications/project/controllers/products.py", line 50, in proc r = db.executesql(sql) File "C:\Users\elisha.bere\Downloads\my_python_files\PIZZZA PROJECT\web2py_win\web2py\gluon\packages\dal\pydal\base.py", line 768, in executesql adapter.execute(query) File "C:\Users\elisha.bere\Downloads\my_python_files\PIZZZA PROJECT\web2py_win\web2py\gluon\packages\dal\pydal\adapters\__init__.py", line 67, in wrap return f(*args, **kwargs) File "C:\Users\elisha.bere\Downloads\my_python_files\PIZZZA PROJECT\web2py_win\web2py\gluon\packages\dal\pydal\adapters\base.py", line 412, in execute rv = self.cursor.execute(command, *args[1:], **kwargs) OperationalError: no such column: productId

Error snapshot

<class 'sqlite3.OperationalError'>(no such column: productId)

[Anthony]

db.define_table('products',
    Field('product_name'),
    Field('current_price', 'float'),
    Field('image', 'upload'),
    Field('description', type='text'),
    Field('product_availability', requires = IS_IN_SET(['Available','Not Available'])),
    auth.signature,
    )

db.define_table('orders',
    Field('productId', db.product),

Is this your real code? If so, the above line would be throwing an exception, as the table name is db.products, not db.product.

 

 def proc():

    prodDict = {}
    productrows = db(db.products).select()
    for x in productrows:
        prodDict[x.id] = x.product_name
    order_date = str(request.now.year) + "-" + str(request.now.month) + "-" + str(request.now.day)
    qty = request.vars.qty
    productId = request.vars.productId
    userId = session.auth.user.id
    sql = "INSERT INTO orders (productId, userId, qty, order_date) values (str(productId), str(userId), str(qty), str(order_date))"

Above, you cannot mix Python into your SQL code. Also, by generating SQL with user-submitted values, you are opening yourself to SQL injection attacks. Why are you manually generating raw SQL rather than using the DAL to do the insert?

Before proceeding, I strongly suggest reading the web2py documentation.

Anthony

[elisha bere]

ok thank you sir ... i am still new to web2py

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Massimo Di Pierro]

notice that

productId = request.vars.productId
    userId = session.auth.user.id
    sql = "INSERT INTO orders (productId, userId, qty, order_date) values (str(productId), str(userId), str(qty), str(order_date))"
    #sql = sql + "(" + str(productId) + "," + str(userId) + "," + str(qty) +  "," + str(order_date) + "')"
    r = db.executesql(sql)

with this model:

db.define_table('orders',
    Field('productId', db.product),
    Field('userId', db.auth_user),

    Field('qty', 'float'),

    Field('order_date','datetime'),
     )

in PYDAL becomes:

db.orders.insert(productId=productId, userId=auth.user_id, qty=qty, order_date=request.now)