Input size value to database PHP

Question

I have no idea where to get size value and input it to my database

this is my database table called transaksi with these column idtransaksi, noinvoice, idproduk, size, jumlah

and here is my script

chart.php

<?php
if (!isset($_SESSION)) {
session_start();
}
cek_status_login($_SESSION['idpelanggan']);
include ('chart.inc.php');
// Process actions
$chart = isset ($_SESSION['chart']) ? $_SESSION['chart'] : '';
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'add' :
    if ($chart) {
        $chart .= ',' . $_GET['id'];
    } else {
        $chart = $_GET['id'];
    }
    break;
//
//B002,5,S,B003,10,M
case 'delete' :
    if ($chart) {
        $items = explode(',', $chart);
        $newchart = '';
        foreach ($items as $item) {
            if ($_GET['id'] != $item) {
                if ($newchart != '') {
                    $newchart .= ',' . $item;
                } else {
                    $newchart = $item;
                }
            }
        }
        $chart = $newchart;
    }
    break;
case 'update' :
    if ($chart) {
        $newchart = '';
        foreach ($_POST as $key => $value) {
            if (stristr($key, 'qty')) {
                $id = str_replace('qty', '', $key);
                $items = ($newchart != '') ? explode(',', $newchart) : explode(',', $chart);
                $newchart = '';
                foreach ($items as $item) {
                    if ($id != $item) {
                        if ($newchart != '') {
                            $newchart .= ',' . $item;
                        } else {
                            $newchart = $item;
                        }
                    }
                }
                for ($i = 1; $i <= $value; $i++) {
                    if ($newchart != '') {
                        $newchart .= ',' . $id;
                    } else {
                        $newchart = $id;
                    }
                }
            }
        }
    }

    $chart = $newchart;
    break;
}
$_SESSION['chart'] = $chart;
?>

<section class="main-content">

<div class="row">
    <div class="span9">

        <?php echo writeShoppingchart();

echo showchart();

if (isset($_GET['s'])) {
    if ($_GET['status'] == OK) {
        echo "proses pembelian berhasil dilakukan sudah selesai";
    } else {
        echo "operasi gagal";
    }
}
        ?>

    </div>
    <script type="text/javascript">
$('.input').on('input',function(e){
 if($(this).data("lastval")!= $(this).val()){
 $(this).data("lastval",$(this).val());
    //change action
     alert('Anda Mengubah Jumlah SubTotal barang, Silahkan Update Keranjang Belanja');  
 };
 });
</script>
    <?php
    include ('inc/sidebar-front.php');
    ?>
</div>
</section>

chart.inc.php

<?php
function kd_transaksi() {
$kode_temp = fetch_row("SELECT noinvoice FROM invoice ORDER BY noinvoice DESC LIMIT 0,1");
if ($kode_temp == '')
    $kode = "E00001";
else {
    $jum = substr($kode_temp, 1, 6);
    $jum++;
    if ($jum <= 9)
        $kode = "E0000" . $jum;
    elseif ($jum <= 99)
        $kode = "E000" . $jum;
    elseif ($jum <= 999)
        $kode = "E00" . $jum;
    elseif ($jum <= 9999)
        $kode = "E0" . $jum;
    elseif ($jum <= 99999)
        $kode = "E" . $jum;
    else
        die("Kode pemesanan melebihi batas");
}
return $kode;
}

function writeShoppingchart() {
$chart = $_SESSION['chart'];
if (!$chart) {
    return '<h4 class="title"><span class="text pull-left"><strong>Keranjang Belanja Masih Kosong</strong></span></h4>';
} else {
    // Parse the chart session variable
    $items = explode(',', $chart);
    $s = (count($items) > 1) ? 's' : '';
    return '<h4 class="title"><span class="text pull-left"><strong>Periksa Jumlah Pesanan Anda Sebelum Check Out</strong></span></h4>';
}
}

function chartNotification() {
$chart = $_SESSION['chart'];
if (!$chart) {
    return '0';
} else {
    // Parse the chart session variable
    $items = explode(',', $chart);

    return count($items);
}
}
function getQty() {
$chart = $_SESSION['chart'];
if (!$chart) {
    return 0;
} else {
    // Parse the chart session variable
    $items = explode(',', $chart);
    $s = (count($items) > 1) ? 's' : '';
    return count($items);
}
}

function showchart() {
$chart = $_SESSION['chart'];
//  print_r($chart);
if ($chart) {
    $items = explode(',', $chart);
    $contents = array();
    $total='';
    foreach ($items as $item) {
        $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1;
    }
    $output[] = "<table class=\"table table-striped \">";
    $output[] = "<th><td>Nama</td><td>size</td><td> Harga</td><td>jumlah</td><td>diskon</td><td>subtotal</td><td>Aksi</td></th>";
    $output[] = '<form action="index.php?mod=chart&pg=chart&action=update" method="post" id="chart">';
    $no = 1;
    foreach ($contents as $id => $qty) {
        $sql = "SELECT produk.*, stok.harga_barang, stok.harga_jual, stok.jumlah, stok.ext_disc, stok.disc, stok.size FROM stok LEFT OUTER JOIN produk ON stok.idproduk = produk.idproduk WHERE produk.idproduk = '$id'";
        $result = mysql_query($sql);
        $row = mysql_fetch_object($result);
        $size = explode(',', $row->size);
        $quantity = ($row->jumlah);
        $diskonext =(($row->harga_jual)*($row->ext_disc)/100);
        $output[] = '<tr><td>' . $no . '</td>';

        $output[] = '<td>'.$row ->nama_produk. '<br /><img src=\'upload/produk/' . $row ->foto .' \' width=\'100px\' height=\'100px\'></td>';
        $output[] = '<td><select name="size" style="width:50px;">';
            for ($i = 0; $i < count($size); $i++){
                $output[] = '<option value="'. $size[$i] .'">'. $size[$i] .'</option>';
            }
        $output[] = '</select></td>';               
        $output[] = '<td>' . format_rupiah($row -> harga_barang) . '</td>';
        if ($qty >= 10){
        $total += (($row -> harga_jual) - $diskonext) * $qty;
        }else {
            $total += $row -> harga_jual * $qty;
        }
        if ($qty > $quantity){
        $output[] = '<td><input type="text" class="input-mini" name="qty' . $id . '" value="'.$quantity.'"/><br /><span class="label label-warning pull-right">Stok hanya '.$quantity.'</span></td>';           
        } else {
        $output[] = '<td><input type="text" onkeypress="alert(\'jumlah barang terganti, silahkan Update Keranjang belanja anda sebelum chekout\');" class="input-mini" name="qty' . $id . '" value="' . $qty . '"/></td>';
        }
        if ($qty >= 10){
            $output[] = '<td>' . $row->disc . ' % + '. $row -> ext_disc .'% </td>';
        } else {
            $output[] = '<td>' . $row->disc . ' %</td>';
        }           

        if ($qty >= 10){
            if ($qty > $quantity){
            $output[] = '<td>'.format_rupiah(($row->harga_jual - $diskonext)*$quantity).'</td>';
            } else {
                $output[] = '<td>'.format_rupiah(($row->harga_jual - $diskonext)*$qty).'</td>';
            }
        }else{
            if ($qty >= $quantity){
            $output[] = '<td>'.format_rupiah($row->harga_jual*$quantity).'</td>';
            } else {
                $output[] = '<td>'.format_rupiah($row->harga_jual*$qty).'</td>';
            }
        }

        $output[] = '<td><a href="index.php?mod=chart&pg=chart&action=delete&id=' . $id . '" class="btn btn-danger">Hapus</a></td></tr>';
        $no++;
    }
    $output[] = '<tr><td colspan=\'6\' ><h4>Total Belanja Anda</h4></td><td colspan=\'2\'><h4>'. format_rupiah($total) .'</h4></td></tr>';
    $output[] = "</table>";

    $qty = getQty();
    $_SESSION['totalbayar'] = $total;
    $output[] = '<button type="submit" class=\'btn btn-primary\'>Update Keranjang Belanja</button>';
    if ($qty >= ($row->jumlah)){
    $output[] ='<button type="submit" class=\'btn btn-success pull-right\'>Update Keranjang Belanja Anda</button>';
    } else {
        $output[] ='<a href=\'chart/chart_action.php\' class=\'btn btn-success pull-right\'>Check out</a>';
    }
    $output[] = '</form>';
} else {
    $output[] = '<p>Keranjang belanja masih kosong.</p>';
}
return join('', $output);
}

function insertToDB($kd_transaksi, $idpelanggan, $totalbayar, $sizes) {
$chart = isset($_SESSION['chart'])? $_SESSION['chart']: '';
if ($chart) {
    $items = explode(',', $chart);
    $contents = array();
    foreach ($items as $item) {
        $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1;
    }
    $sql_transaksi = "insert into invoice (noinvoice,tanggal,totalbayar,idpelanggan) 
    values( '$kd_transaksi', now(),'$totalbayar','$idpelanggan')";
    //echo "SQL transaksi:".$sql_transaksi;
    mysql_query($sql_transaksi) or die(mysql_error());
    foreach ($contents as $id => $qty) {
        $sql = "insert into transaksi(noinvoice,idproduk,size,jumlah)
        values('$kd_transaksi','$id','$sizes','$qty')";
        //      echo "SQL transaksi:".$sql;
        $result = mysql_query($sql) or die(mysql_error());
    }
} else {
    $output[] = '<p>Keranjang belanja masih kosong.</p>';
}
}
?>

and chart.action.php

<?php
session_start();

require_once ('../inc/config.php');
require_once ('../inc/function.php');
require_once ('../chart/chart.inc.php');
$idpelanggan=$_SESSION['idpelanggan'];
/* menambahkan kode pesan dan detail pesan kedalam database*/
$kd_transaksi = kd_transaksi();
$total_bayar = $_SESSION['totalbayar'];
insertToDB($kd_transaksi,$idpelanggan,$total_bayar);
//check if query successful

$link="location:../index.php?mod=chart&pg=chart_ship&total_bayar=$total_bayar&kd_transaksi=$kd_transaksi";
    header($link);
?>

Still get confused how to input size value to database. and if you need more information to help me just tell me what I have to do

Thanks

I don't understand what you mean by "size value", can you explain? If possible, show only the minimum amount of code that is needed to show the error. Also, I would recommend you to read something about "SQL injection" (for example https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work/332367#332367) — giraff, May 23 '15 at 16:01
on that script above i dont know how to make value of size in combobox to the database , feel something wrong on chart.inc.php files. — Andi Haidar, May 23 '15 at 16:08
size value means size data on chart.inc.php can u see that full code please.. i need some result asap -__- — Andi Haidar, May 23 '15 at 16:39

score 3 · Accepted Answer · answered May 23 '15 at 19:50

The function insertToDB is defined with 4 parameters in the code above:

function insertToDB($kd_transaksi, $idpelanggan, $totalbayar, $sizes) {

But it is called with only 3 values:

insertToDB($kd_transaksi,$idpelanggan,$total_bayar);

So I suggest passing the value posted for variable size when calling the function:

insertToDB($kd_transaksi,$idpelanggan,$total_bayar,$_POST["size"]);

Btw: commenter @giraff is absolutely right when meaning the SQL injection. Your scripts are vulnerable to it. You should definitely check and sanitize user-submitted data!

Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackoverflow.com/rooms/78651/discussion-on-answer-by-stj-input-size-value-to-database-php). — Taryn, May 24 '15 at 21:05

Input size value to database PHP

1 Answers1