1

I'm making a simple online store like program. What can you suggest that I would do so that I can loop through the inputs I've made in my program.

I'm still using get so that I could see how the data looks like, I'll change it to post later. This is what the url looks like, when I commit the buying of all the products added in the cart: http://localhost/pos/php/checkout.php?ids=2;&qoh=12;&qbuys=&ids=6;&qoh=2304;&qbuys=304&ids=4;&qoh=699;&qbuys=99

This is the code that I'm using to commit only one product, it doesn't work when I had something like in the above url:

<?php

$id=$_GET['ids'];
$qtyhnd=$_GET['qoh'];
$qtytbuy=$_GET['qbuys'];
$left=$qtyhnd-$qtytbuy;



if($qtyhnd>=$qtytbuy){
$update=query_database("UPDATE prod_table SET  QTYHAND='$left' WHERE PID='$id'", "onstor", $link);
}


?>

Please comment if you need more details,thanks

Wern Ancheta
  • 18,841
  • 37
  • 93
  • 134
  • I don't see why it wouldn't work, your code looks okay. Do some test outputs to see whether the values are in order. Also, in its current form, it is vulnerable to [SQL injection](http://stackoverflow.com/questions/601300/what-is-sql-injection-closed) - you want to fix that before going live – Pekka Nov 13 '10 at 09:00
  • Your URL would be better if it uses `ids[]=1&ids[]=2...` instead of `ids=1;&ids=2...`. Your current format resets `$_GET['ids']` each time a new one is encountered. This makes looping harder. Your only option left is manually parsing the query string, which is not a nice way. – Halil Özgür Nov 13 '10 at 09:16

5 Answers5

2

Either convert the parameters to array parameters (e.g. qoh[]) and then iterate in parallel, or parse the query string manually.

Ignacio Vazquez-Abrams
  • 699,552
  • 132
  • 1,235
  • 1,283
1

You can use the $_SERVER['QUERY_STRING'] with foreach loop like this:

foreach($_SERVER['QUERY_STRING'] as $key => $value){
  echo "$key - $value <br />";
}

This way you can get the values of GET and use in your database query in similar fashion using foreach loop.

Sarfraz
  • 355,543
  • 70
  • 511
  • 562
1

You have semicolons after some values maybe you should pass just the integer this are qoh and qbuys. Apart of that you should use mysql_real_escape_string() and (int) before integer values to prevent SQL injection e.g.:

$int = (int)$_GET['price'];
$string = $_GET['val'];
mysql_real_escape_string($string);

Also if you want to pass multiple values you have to use array for them:

HTML

<input type="hidden" name="ids[]" value="1">
<input type="hidden" name="ids[]" value="2">
<input type="hidden" name="ids[]" value="3">

PHP 

$ids = $_GET['ids'];
foreach($ids as $id) {
    $sql = 'UPDATE table SET field=? WHERE id='.(int)$id;
    ....
}
Alex Rashkov
  • 9,125
  • 3
  • 28
  • 57
1

I assume that PID in prod_table is of integer type. Doesn't $id variable contain "2;" instead of 2? Anyway, what kind of error do you get?

Dyppl
  • 11,217
  • 8
  • 42
  • 67
  • there's no error but I do not get the desired results when I try to put 2 or more products in the cart, it only works with one product – Wern Ancheta Nov 13 '10 at 10:43
1

Have your url like http://localhost/pos/php/checkout.php?ids[]=2&qoh[]=12&qbuys[]=&ids[]=6&qoh[]=2304&qbuys[]=304&ids[]=4&qoh[]=699&qbuys[]=99... using a HTML structure like infinity pointed out.

Then:

foreach ($_GET['ids'] as $k => $v) {
    $id = (int)$v;
    $qtyhnd = (int)$_GET['qoh'][$k];
    $qtytbuy = (int)$_GET['qbuys'][$k];
    $left = $qtyhnd - $qtytbuy;

    if ($qtyhnd >= $qtytbuy) {
        $update = query_database(
            "UPDATE prod_table SET QTYHAND='$left' WHERE PID='$id'",
            "onstor",
            $link);
    }
}

And if the database type of QTYHAND and PID are int, exclude single quotes (') from your SQL queries.

Halil Özgür
  • 14,749
  • 4
  • 45
  • 55