0

orignal php code 

  $sql = "SELECT * FROM products WHERE id IN(";
            foreach($_SESSION['cart'] as $id => $value){
            $sql .=$id. ",";
          }
            $sql=substr($sql,0,-1) . ") ORDER BY id ASC";
            $query = mysql_query($sql);
            $totalprice=0;
            $totalqunty=0;
            if(!empty($query)){
            while($row = mysql_fetch_array($query)){
                $quantity=$_SESSION['cart'][$row['id']]['quantity'];
                $subtotal= $_SESSION['cart'][$row['id']]
                ['quantity']*$row['productPrice'];
                $totalprice += $subtotal;
                $_SESSION['qnty']=$totalqunty+=$quantity;

i tried like this 

            $sql = $conn->prepare("SELECT * FROM products WHERE id IN(");
            foreach($_SESSION['cart'] as $id => $value){
            $sql .= $id . ","; }
            $sql.=substr($sql,0,-1) . ") ORDER BY id ASC";
            $query = $conn->prepare($sql);
            $query->execute();
            $totalprice=0;
            $totalqunty=0;
            if(!empty($query)){
            while($row = $query->fetch(PDO::FETCH_ASSOC) ){
                $quantity=$_SESSION['cart'][$row['id']]['quantity'];
                $subtotal= $_SESSION['cart'][$row['id']]
                ['quantity']*$row['productPrice'];
                $totalprice += $subtotal;
                $_SESSION['qnty']=$totalqunty+=$quantity;

but this is not working, this is a shopping cart part code.so please can anybody tell me how I can change this code in pdo and what's wrong with my written code in pdo.

Pushpendra
  • 2,791
  • 4
  • 26
  • 49
Shubham
  • 1
  • 1
  • 2
    You prepare twice, and you don't bind. Your code is a mess. Have you read the manual on PDO at all? http://php.net/manual/en/book.pdo.php or done a tutorial? https://phpdelusions.net/pdo – KIKO Software Apr 07 '17 at 10:31
  • ok but how i can changed this lines of code $sql ="SELECT * FROM products WHERE id IN("; foreach($_SESSION['cart'] as $id => $value){ $sql .= $id . ","; } $sql.=substr($sql,0,-1) . ") ORDER BY id ASC"; if i dont prepare twice – Shubham Apr 07 '17 at 10:37
  • @Shubham remove the first $conn->prepare – jameshwart lopez Apr 07 '17 at 10:38
  • yes i have removed it but its some as before it was – Shubham Apr 07 '17 at 10:40

2 Answers2

-1

You have to add the parameters to execute

$query->execute(array_values($_SESSION['cart']));

However you should not use superglobals directly. You should always filter those values and take care, that the variables are not a security threat.

Sebastian
  • 416
  • 1
  • 6
  • 19
-1
For $conn->prepare you need to pass string as parameter. Pleas check the syntax of $sql string you are passing to conn->prepare.

I think it should be like :

'$sql = "SELECT * FROM products WHERE id IN(";
            foreach($_SESSION['cart'] as $id => $value){
            $sql .= $id . ","; }
            $sql.=substr($sql,0,-1) . ") ORDER BY id ASC";
            $query = $conn->prepare($sql);
            $query->execute();
            $totalprice=0;
            $totalqunty=0;
            if(!empty($query)){
            while($row = $query->fetch(PDO::FETCH_ASSOC) ){
                $quantity=$_SESSION['cart'][$row['id']]['quantity'];
                $subtotal= $_SESSION['cart'][$row['id']]
                ['quantity']*$row['productPrice'];
                $totalprice += $subtotal;
                $_SESSION['qnty']=$totalqunty+=$quantity;`
Bhagyashree Chavan
  • 21
  • 4