0

Hi I am creating a shopping basket and I need to retrieve the data that are in the fields but I am struggling to do it and it seems that it doesn't work the way I am doing it. Anyone can help me out ?? Many Thanks.

So this is my basket where it has Name of the product, quantity, price, and total price.

<?php 
if(empty($_SESSION['cart'])){ 
  error_reporting(0);
}
$sql= "SELECT * FROM productsoffer WHERE id_product IN(";

foreach($_SESSION['cart']as $id => $value){
  $sql.=$id.",";
}

$sql=substr($sql, 0, -1).")ORDER BY name ASC";
$query = mysql_query($sql);
$totalprice=0;

while($row=mysql_fetch_array($query)){
  $subtotal=$_SESSION['cart'][$row['id_product']]  
  ['quantity']*$row['price'];
  $totalprice+=$subtotal;
?>

<tr>
  <td name="name"><?php echo $row['name']?></td>
  <td><input type ='text'name='quantity[<?php echo $row['id_product'] ?>]' 
    size='5' value='<?php echo $_SESSION['cart'][$row['id_product']]['quantity'] ?>'/></td>
  <td><?php echo $row['price']?>$</td>
  <td><?php echo $_SESSION['cart'][$row['id_product']]['quantity']*$row['price'] ?>$</td>
</tr>
<?php}?>
<tr>
  <td>Total Price: <?php echo $totalprice+$totalprice1?></td>
</tr>
</table>
<br />
<button type="submit" name="submit">Update Cart </button>
</form>
<form action="indexx.php?page=cart" method="post"/>
  <button type="submit" name="submitt">Submit Order </button>
</form>
<br />
<p>To remove an item set its quantity to 0</p>
</tr>

What I need is to store the values of my basket like name,price,quantity in another table in my database for instance table called order.

Here is my attempt but it seems that is not working.

<?php
if (isset($_POST['submitt'])){
  $sql="INSERT INTO orders(name,quantity,totalprice) VALUES    
        ('$_POST[name]','$_POST[quantity]','$_POST[totalprice]')";
  mysql_query($sql);
}
?>

Any advice is much appriciated. Thanks.

lighter
  • 2,568
  • 2
  • 35
  • 52
user3425885
  • 3
  • 3
  • Your insert sql should be like $sql = "INSERT INTO orders(name, quantity, totalprice) VALUES ('{$_POST['name']}', '{$_POST['quantity']}', '{$_POST['totalprice']}')"; And you should also have correspondig form elements named with previous indexes. For eg. quantity input field should be: – makallio85 Mar 16 '14 at 14:51
  • hey can you tell me exactly how to add the input fields for quantity,name,totalprice in the form ? is it like ?? – user3425885 Mar 16 '14 at 15:19
  • Thanks for your advice ! – user3425885 Mar 16 '14 at 15:19
  • @AngularAddict: No, it shouldn't be like that. Do NOT post queries that have blatant sql injection attack vulnerabilities. – Marc B Mar 16 '14 at 15:27
  • @Marc B: You are correct. But you see, we are dealing with very basics in here as you see. For me, user3425885's problem here is to get stuff to the database. After that, think how to improve security. – makallio85 Mar 16 '14 at 15:30
  • Sirs thank you for your concerns but this is not published or so it is for personal improvement and learn. – user3425885 Mar 16 '14 at 15:33

1 Answers1

0

Nothing will happen because you don't have name, quantity and totalprice in your form, that you are submitting.

Even if you post this, this will be giving you error - There is an error in your sql syntax, try,

$sql="INSERT INTO orders(`name`, `quantity`, `totalprice`) VALUES    
('".$_POST['name']."','".$_POST['quantity']."','".$_POST['totalprice']."')";

You may also check the error, using echo mysql_error($con); //$con is variable of your mysql connection just after mysql_query().

Also try using mysqli or PDO statements instead of mysql (Decide from here).

Community
  • 1
  • 1
Optimus Prime
  • 6,384
  • 5
  • 28
  • 57