-3

I am implementing clothing shopping cart and i am using session array for storing items to add to cart. now on place order button click i want that this cart table all rows which contains items on each row insert in to database. my code only inserts last row item and not inserting all rows data. here is my code:

<table align="center"  >
    <thead>
      <tr >
        <th>Product</th>
        <th>Price</th>
        <th>QTY</th>
        <th>SubTotal</th>

      </tr>
    </thead>

<?php 
if (!empty($_SESSION["shopping_cart"])) {
    $total=0;
    foreach ($_SESSION["shopping_cart"] as $keys => $values) {
?>
    <tr>
      <td><p>Product Code:<?php echo $values["item_id"]; ?> <br/>
      <?php  echo $values["item_description"]; ?> </p></td>

      <td>PKR<input type="number" name="price1" id="price1" value="<?php echo $values["item_price"];?>" readonly ></td>

      <td><input type="number"  name="qty[<?php echo $values["item_id"]; ?>]" id="qty" value="<?php  echo $values["item_quantity"];?>" readonly></td>

    <td>PKR<input type="number" name="total" id="total" value="<?php echo ($values["item_quantity"] * $values["item_price"]) ?>" readonly></td>

    </tr> 

<?php
        $total=$total+($values['item_quantity']*$values["item_price"]);  
    }
} 
?>
  </table>

      <input type="hidden" name="ID" value="<?php  echo $values["item_id"]; ?>"  >
      <input type="hidden" name="gender" value="<?php echo $values["item_gender"]; ?>"  >
      <input type="hidden" name="description" value="<?php  echo $values["item_description"]; ?>"  >
<input type="hidden" name="qty" value="<?php  echo $values["item_quantity"];?>"  >
<input type="hidden" name="grandtotal" value="<?php echo $total ?>"  >

<button style="margin-left: 750px;" type="submit" name="submit" class="btn btn-primary btn-lg">Place Order</button>

<?php
if (isset($_POST['submit'])) {
    $product_code = $_POST['ID'];
    $gender = $_POST['gender'];
    $price = $_POST['grandtotal'];
    $quantity = $_POST['qty'];
    $description = $_POST['description'];
    $email=$_SESSION["email"];

    $con=mysql_connect("localhost", "root", "");
    mysql_select_db("login",$con);

    $qry="INSERT INTO order1 ( order_description , product_code, gender, order_quantity, order_price, customer_name, email, customer_id) VALUES ('$description', '$product_code', '$gender', '$quantity', '$price', (SELECT name from users where email='$email'), '$email', (SELECT user_id from users where email='$email') ) ";                           
}                   
$result=mysql_query($qry,$con);
if($result) {
    echo '<script>alert("Your order has been placed")</script>';
    echo '<script>window.location="portfolionew.php"</script>';
} else {
    die("Error While Adding Stock ! Please Try Again .");
}

}
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Shoaib Sharoon
  • 3
  • 5
  • Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Aug 08 '17 at 12:15
  • Hi, dump your post data by print_r in your submit check, so we can sort what is going wrong. like this echo "
    "; print_r($_POST);
     – Muhammad Akber Khan Aug 08 '17 at 12:15
  • You should really upgrade to MySQLi or PDO. `mysql_*` functions are deprecated in PHP 5 and removed in PHP 7 – node_modules Aug 08 '17 at 12:16
  • https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php/14110189#14110189 – RiggsFolly Aug 08 '17 at 12:16
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Aug 08 '17 at 12:17
  • Add [error reporting](http://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php/845025#845025) to the top of your file(s) _while testing_ right after your opening PHP tag for example ` – RiggsFolly Aug 08 '17 at 12:17
  • can anyone update the code? – Shoaib Sharoon Aug 08 '17 at 12:18
  • I also DONT SEE a `session_start()` anywhere in this code. – RiggsFolly Aug 08 '17 at 12:20
  • session is started at the top sorry i forgot to write here – Shoaib Sharoon Aug 08 '17 at 12:20
  • You need to make all your `name="price1"` attribute on all your inputs into arrays as there are more than one of everything like `name="price1[]"` and then alter your code to expect the data in arrays – RiggsFolly Aug 08 '17 at 12:22
  • sir i have tried that already can you please in updating this code? – Shoaib Sharoon Aug 08 '17 at 12:24

1 Answers1

0

As mentioned by others, start using mysqli

Now for your specific issue, its inserting only one row because your hidden fields are setup to bind to only one row.

In this example I am using only one input. You need to change this for each input. Instead of 

<input type="hidden" name="ID" value="<?php  echo $values["item_id"]; ?>"  >
      <input type="hidden" name="description" value=...... etc etc

It should be setup as arrays

<input type="hidden" name="ID[]" value="<?php  echo $values["item_id"]; ?>"  >
      <input type="hidden" name="description[]" value=...... etc etc

and for insert you need to set it up like this

$id[]=$_POST['ID'];
$description[]=$_POST['description'];

    foreach($id as $key => $value){
$d=$description[$key]; /////// the id is key that binds every field in that row

insert into table (value1, value2) values ($value, $d. etc etc)

} /////// NOTE FOREACH IS after the insert query.
in.k
  • 102
  • 2
  • 12