0

I use jQuery and PHP for seeing the quantity (Inventory) of a product in the database.

index.php code 

<table>
  <tr style="background-color:black;color: #fff;text-align: center;">
    <td style="width:30%">name</td>
    <td style="width:30%">qty</td>
  </tr>
  <tr>
    <td>
      <select name="jens_id[]" id="jens_id" required="" >
        <option ></option>
        <option >1</option>
        <option >2</option>
      </select>
    </td>
    <td>
      <span class="contentsr" id="contentsr" ></span></td>
  </tr>
<tr>
    <td>
      <select name="jens_id[]" id="jens_id" required="" >
        <option ></option>
        <option >1</option>
        <option >2</option>
      </select>
    </td>
    <td>
      <span class="contentsr" id="contentsr" ></span></td>
  </tr>
  <tr>
    <td colspan="8">
      <input style="margin-right: 44%" type="submit" id="sumbit" onclick="calc(this)  findTotal() allfees()" name="submit" value="submit"/>
    </td>
  </tr>
</table>

and mojodi_test code is this:

<?php  include 'db/db.php'; ?>
<script type="text/javascript">
    $(document).ready(function(){
        $('#jens_id').change(function() {
            if($(this).val() !=''){
                $.get('mojodi_data.php',{whats: $(this).val()}, function(data) {
                    $('#contentsr').html(data);
                });
            }
        });
    });
</script>
<?php       
    if(isset($_GET['whats'] )){
        $ids = $_GET['whats'];              
        $sql=$db->query("SELECT * FROM anbar WHERE jens_id='$ids'");
        while($row=$sql->fetch()){
            $mojodiha= ($row['kharid'] - $row['forosh']);    ?>
<td hidden="" > <input hidden=""  name="mojodi" type="text" value="<?php echo $mojodiha ?>" /></td>
<?php echo $mojodiha; ?>qty
<?php }  } ?>

This code works for the first row, but not afterwards. other rows qty is empty and only shows the first row's quantity.

hadi78m
  • 21
  • 3
  • 1
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Jun 27 '17 at 16:05
  • 2
    Please explain the actual problem better. – Difster Jun 27 '17 at 16:08
  • hi this is test for easy answer – hadi78m Jun 27 '17 at 17:41
  • we need show The amount left to the customer by this code only first row show and other rows empty . image of this http://uupload.ir/files/75ye_add.jpg – hadi78m Jun 27 '17 at 18:01

0 Answers0