-1

I have a problem in inserting value into the database using foreach loop. The values inserted is 0 and only one row will be insert. Below is my input code.

<td bgcolor="#FFFFFF"><input id="id" name="pro_id[]"  type="text"></td>
<td bgcolor="#FFFFFF"><input id="name" name="pro_name[]"  type="text"></td>
<td bgcolor="#FFFFFF"><input id="quan" name="pro_quan[]"  type="text"></td>

Below is my insert code..

if (isset($_POST['Submit'])) {
$username = $_SESSION['admin_id'];

foreach ($_SESSION["products"] as $item)
{
    $ids = $item["pro_id"];
    $names = $item["pro_name"];
    $quans = $item["pro_quan"]; 

}

$query = "INSERT INTO product(username, pro_id, pro_name, pro_quan) VALUES ('$username', '$ids', '$names', '$quans')";
$result = mysqli_query($con, $query);
if($result)
{
    header("Location:delete.php");
}
else
{
    mysqli_error($con);
}
}

The values inserted will only be 0. I am not sure what is the error here. Please help me to see what has gone wrong with my code. Thanks for helping

June
  • 85
  • 1
  • 7
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 18 '17 at 12:24
  • @June what are you trying ,you want to insert data from loop to db? – webpic Apr 18 '17 at 12:24
  • yes, i want to insert the array value into the database – June Apr 18 '17 at 12:24
  • do all session arrays contain value? your inputs don't seem to match the arrays here – Funk Forty Niner Apr 18 '17 at 12:24
  • 1
    verify that `$_SESSION['products']` is not empty. Do a `var_dump($_SESSION['products'])` and please use prepared statements. Also it would be easier if everything were in the loop. Turn on error_reporting too. `error_reporting(E_ALL);` – Rotimi Apr 18 '17 at 12:25
  • can you show `$_SESSION` array – webpic Apr 18 '17 at 12:25
  • Move this inside your loop `$query = "INSERT INTO....` – Confidence Apr 18 '17 at 12:26
  • how should i change the input statement? and how to verify the $_SESSION['products']? – June Apr 18 '17 at 12:26
  • you should check this with `empty` or isset and move your query in for loop – webpic Apr 18 '17 at 12:27
  • Did you start the session? Is `session_start()` at the top of your PHP scripts? Where are you setting your session variables? – Jay Blanchard Apr 18 '17 at 12:28
  • If i put the query into the loop, it will show error which say invalid foreach argument – June Apr 18 '17 at 12:30
  • If it says that then `$_SESSION["products"]` is *not set* or it is not an array. Do a `print_r($_SESSION);` right after `session_start()` and let us know what is in your session array. – Jay Blanchard Apr 18 '17 at 12:31

1 Answers1

1

Nice spot @JayBlanchard regarding the session start. You must check if the products are the session array before proceeding with the loop

#start up session
    if(!isset($_SESSION)){
       session_start();
      }
#for debugging purposes. Comment the line below when done.
var_dump($_SESSION['products']);
        try{

         if (isset($_POST['Submit'])) {
            $username = $_SESSION['admin_id'];
            #verify that the product array in session is not empty
            if(!empty($_SESSION['products']) && count($_SESSION['products']) > 0){
               foreach ($_SESSION["products"] as $item)
              {
                $ids = $item["pro_id"];
                $names = $item["pro_name"];
                $quans = $item["pro_quan"]; 

              }else{
                   throw new Exception('no products for this session');
                }
            }

            $query = "INSERT INTO product(username, pro_id, pro_name, pro_quan) VALUES ('$username', '$ids', '$names', '$quans')";
            $result = mysqli_query($con, $query);
            if($result)
            {
                header("Location:delete.php");
            }
            else
            {
                mysqli_error($con);
            }
            }

       }catch(Exception $ex){
        echo $ex->getMessage();
        exit;
       }
Rotimi
  • 4,783
  • 4
  • 18
  • 27
  • I try to use the code, but it show this error Cannot use isset() on the result of an expression (you can use "null !== expression" instead) – June Apr 18 '17 at 12:52
  • apologies. i have updated my code. i was missing a bracket – Rotimi Apr 18 '17 at 12:53
  • but it show the error "Cannot use isset() on the result of an expression (you can use "null !== expression" instead)" – June Apr 18 '17 at 12:55
  • okay, it say no product. Why so?? It is problem at my insert code? – June Apr 18 '17 at 13:12
  • this is from your end. Meaning you do not have anything for that session. Try doing a `var_dump($_SESSION['products']);` – Rotimi Apr 18 '17 at 13:13
  • where should i add it? – June Apr 18 '17 at 13:14
  • it shows this..Undefined index: products in F:\xampp\htdocs\New folder\admin_product.php on line 7 NULL no products for this session – June Apr 18 '17 at 13:18
  • this is your issue. I dont know how you are developing "this". Go and check how you saved the products to the session products. The issue should be there – Rotimi Apr 18 '17 at 13:19