-1

I'm trying to convert a script into PDO connection but need help with this part of the script. I've done most part but em stuck with this part as I have to swap that array and get it to session. 

if(!empty($_GET["action"])) {
switch($_GET["action"]) {
    case "add":
        if(!empty($_POST["quantity"])) {
            $productByCode = $handler->query("SELECT * FROM tooted WHERE kood='" . $_GET["code"] . "'");;


            $itemArray = array($productByCode[0]["code"]=>array('name'=>$productByCode[0]["name"], 'code'=>$productByCode[0]["code"], 'quantity'=>$_POST["quantity"], 'price'=>$productByCode[0]["price"]));

            if(!empty($_SESSION["cart_item"])) {
                if(in_array($productByCode[0]["code"],$_SESSION["cart_item"])) {
                    foreach($_SESSION["cart_item"] as $k => $v) {
                            if($productByCode[0]["code"] == $k)
                                $_SESSION["cart_item"][$k]["quantity"] = $_POST["quantity"];
                    }
                } else {
                    $_SESSION["cart_item"] = array_merge($_SESSION["cart_item"],$itemArray);
                }
            } else {
                $_SESSION["cart_item"] = $itemArray;
            }
        }
    break;
    case "remove":
        if(!empty($_SESSION["cart_item"])) {
            foreach($_SESSION["cart_item"] as $k => $v) {
                    if($_GET["code"] == $k)
                        unset($_SESSION["cart_item"][$k]);              
                    if(empty($_SESSION["cart_item"]))
                        unset($_SESSION["cart_item"]);
            }
        }
    break;
    case "empty":
        unset($_SESSION["cart_item"]);
    break;  
}
}
Darwin von Corax
  • 5,201
  • 3
  • 17
  • 28
F.Anton
  • 1
  • 1
  • Which part specifically are you having trouble with? – Darwin von Corax Mar 29 '16 at 22:12
  • Can't use PDO as array "Cannot use object of type PDOStatement as array" $itemArray = array($productByCode[0]["code"]=>array('name'=>$productByCode[0]["name"], 'code'=>$productByCode[0]["code"], 'quantity'=>$_POST["quantity"], 'price'=>$productByCode[0]["price"])); – F.Anton Mar 30 '16 at 14:02

1 Answers1

1

PDO::query returns an object of type PDOStatement, which really has no analogue in the old mysql_* API. As the error message says, it's an object, not an array; it really works more like a cursor in a MySQL stored procedure, meaning that the only way to get data out is to call one of its fetch* methods. In your case this would be PDOStatement::fetchAll, which returns an array containing all rows of the result.

Incidentally, one of the reasons to switch to PDO is the availability of prepared statements, which help protect against the sort of SQL injection attack to which your current code is particularly vulnerable. Prepared statements automagically handle the correct quoting, escaping and type-matching of variables inserted into the query. The relevant code would be

$sql = "SELECT * FROM tooted WHERE kood = :code";
$stmt = $handler->prepare($sql);
$stmt->execute(array(':code' => $)GET['code']));
$productByCode = $stmt->fetchAll(PDO::FETCH_ASSOC);

This sets $productByCode to a numeric array of rows, with each row an associative array.

If you know the result will contain only a single row, you could instead use

$productByCode = $stmt->fetch(PDO::FETCH_ASSOC);

which returns a single row as an associative array.

There are, of course, opportunities for error handling, but I leave those as an exercise for the reader.

Hope that helps.

Community
  • 1
  • 1
Darwin von Corax
  • 5,201
  • 3
  • 17
  • 28