current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

The variables are being posted from a previous page through array values. when I print_r($values) I get the whole value on this array including the numerical values of the array ex: array[0], array[1] ..etc. Please can some tell me what I am doing wrong. the implode function was not used because the values are passed from a cart page though session variables.

First part of code below:

<?php
    $current_url = base64_encode($url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
    if(isset($_SESSION["products"]))
    {
        $total = 0;
        echo '<form method="post" action="process.php">';
        echo '<ul>';
        $cart_items = 0;
        foreach ($_SESSION["products"] as $cart_itm)
        {
           $product_code = $cart_itm["code"];
           $results = $mysqli->query("SELECT Title,Description,Price FROM main_menu WHERE MenuID='$product_code' LIMIT 1");
           $obj = $results->fetch_object();

            echo '<li class="cart-itm">';
            echo '<span class="remove-itm"><a href="model/cart_update.php?removep='.$cart_itm["code"].'&return_url='.$current_url.'">&times;</a></span>';
            echo '<div class="p-price">'.$currency.$obj->Price.'</div>';
            echo '<div class="product-info">';
            echo '<h3>'.$obj->Title.' (Code :'.$product_code.')</h3> ';
            echo '<div class="p-qty">Qty : '.$cart_itm["qty"].'</div>';
            echo '<div>'.$obj->Description.'</div>';
            echo '</div>';
            echo '</li>';
            $subtotal = ($cart_itm["price"]*$cart_itm["qty"]);
            $total = ($total + $subtotal);

            echo '<input type="hidden" name="item_name['.$cart_items.']" value="'.$obj->Title.'" />';
            echo '<input type="hidden" name="item_code['.$cart_items.']" value="'.$product_code.'" />';
            echo '<input type="hidden" name="item_desc['.$cart_items.']" value="'.$obj->Description.'" />';
            echo '<input type="hidden" name="item_qty['.$cart_items.']" value="'.$cart_itm["qty"].'" />';
            $cart_items ++;

        }
        echo '</ul>';
        echo '<span class="check-out-txt">';
        echo '<strong>Total : '.$currency.$total.'</strong>  ';
                echo '<input name=\'submit\' type="submit" value="Complete Order" style=\"width:150px;background:#333;color:#ffcc33;height:30px;\" />';
        echo '</span>';
        echo '</form>';

    }else{
        echo 'No items added';
    }

    ?>

Second part:

share|improve this question
    
Cuurent code will (assumed the sql is proper) generate one record with item_name set, next new record with price set, next new record with item_code set etc. I assume you want to have one record with all of the fields set? –  Axel Amthor May 31 at 14:07
    
For last 12 minutes no reply and response .... –  atjoshi May 31 at 14:13
add comment

2 Answers 2

up vote 1 down vote accepted

Try $post and the table name in the given function and use mysql_real_escape_string() to avoid any possibility of the SQL Injection

form.php 

<?php

 include ('func_curd.php') ;
 if($_POST['hiddenfieldinfo']=='ok')
    { 
        $r=insert_your_table_name($_POST); 
        if($r==true) 
            {  

                header('Location:'.get_full_url()); /* to redirect the form to the same page after successful submission*/          
            }
    } 
?>

func_curd.php

<?php        
function insert_your_table_name($post)
{        
 unset($post['hiddenfieldinfo']); 
   /* Here I am unsetting this value as it is hidden field 
in the form , which I am using as form submission check and 
is not in database column, apart form auto-increment in database 
that is id, you have to maek sure all the post value and column
 name matches with case-sensitivities  */
 $u = insert('your_table_name', $post);

                            $r=is_numeric($u)? true : false ;

                            return $r;

}


        function insert($table, $values){

                $query="INSERT INTO `$table` ";

                $column='(';

                $val=' (';

                $count=count($values);

                $mk=1;

                foreach ($values as $key=>$value)

                {

                    $value=mysql_real_escape_string($value);

                    if ($mk==$count)

                    {

                        $column .= '`'.$key.'`';

                        $val .= "'".$value."'";

                    }

                    else

                    {

                        $column .= '`'.$key.'`, ';

                        $val .= "'".$value."', ";

                    }

                    $mk++;

                }

                $column .=') ';

                $val .=')';

                $query=$query.$column.'VALUES'.$val;

                $Q=mysql_query($query);

                if(mysql_error())

                {

                    return print(mysql_error());

                }

                else

                {

                    $insert_id=mysql_insert_id();

                    return $insert_id;

                }

            }

        ?>
share|improve this answer
    
Hello, thank you for your help. I can not seem to capture the values and it is only inserting null values in the table. Do you have any advise on how i could fix this issue? Thanks –  user3195317 May 31 at 23:25
1  
check that all the name in the forms are matching and no column field is missing or getting extra... If any extra value in $_POST['your_field'] .. unset that field before passing it into insert function ... –  atjoshi Jun 1 at 3:26
    
edited and explained try to troubleshoot –  atjoshi Jun 1 at 3:36
    
This is the page i am getting the info from code below: –  user3195317 Jun 1 at 3:45
    
???? which page –  atjoshi Jun 1 at 3:48
show 4 more comments
up vote 0 down vote

try this one:

<?php
require_once('config/connect.php');

$item_name  = strip_tags($_POST['item_name']);  
$item_code  = strip_tags($_POST['item_code']);
$item_desc  = strip_tags($_POST['item_desc']);
$item_qty  = strip_tags($_POST['qty']);
$price = strip_tags($_POST['price']);

 $fields = "item_name, item_code, item_desc, price,qty";

 $query = "INSERT INTO `x` SET ";
 $i = 0;
 foreach( $fields as $fieldname )
 {
        if ( $i > 0 )
            $query .= ", ";
        $val = strip_tags($_POST[$fieldname]);  
        $query .= "`" . $fieldname . "` = '" . $val . "'"

        $i++
 }

 $query_result = mysql_query($query);
 echo" Record saved";
 print_r ( $query );
?>

There are certain syntax errors in your code like not closed foreach etc. whihc I did skip.

As a recommendation: code like this is disclosing the database structure to everyone on the internet - form field names = database col names. This is generally a bad idea. Better is a kind of mapping table:

 $fields = array (
      'myFormName' => 'mySqlName',
      ....


 foreach( $fields as $fieldname => $sqlame)
 {
        if ( $i > 0 )
            $query .= ", ";
        $val = strip_tags($_POST[$fieldname]); 
        $query .= "`" . $sqlname. "` = '" . $val . "'"
        ....

which also will make the form more independent from the underlying data structures.

share|improve this answer
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.