multiple items are not inserting into cart

Question

I have designed a cart system. When a user clicks on add to cart it is refreshing the page and after clicking submit it is adding only one item. I tried adding items one by one and then after clicking on submit it only adds one item. I have done mistake somewhere but I don't understand what? can you please tell me?

Code: Place-Order.php

<?php
session_start();
require_once("dbcontroller.php");
?>
<div class="container">
    <?php
      $db_handle = new DBController();
      if(!empty($_GET["action"])) {
      if(!empty($_POST["quantity"])) {
            $productByCode = $db_handle->runQuery("SELECT * FROM tblproduct WHERE code='" . $_GET["code"] . "'");
            $itemArray = array($productByCode[0]["code"]=>array('name'=>$productByCode[0]["name"], 'code'=>$productByCode[0]["code"], 'quantity'=>$_POST["quantity"], 'price'=>$productByCode[0]["price"]));
            if(!empty($_SESSION["cart_item"])) {
                if(in_array($productByCode[0]["code"],array_keys($_SESSION["cart_item"]))) {
                    foreach($_SESSION["cart_item"] as $k => $v) {
                            if($productByCode[0]["code"] == $k) {
                                if(empty($_SESSION["cart_item"][$k]["quantity"])) {
                                    $_SESSION["cart_item"][$k]["quantity"] = 0;
                                } 
                                $_SESSION["cart_item"][$k]["quantity"] += $_POST["quantity"];
                            }
                    }
                } else {
                    $_SESSION["cart_item"] = array_merge($_SESSION["cart_item"],$itemArray);
                }
            } else {
                $_SESSION["cart_item"] = $itemArray;
            }
        }
    }
   ?>
 <div id="product-grid">
                                <div class="txt-heading">Products <a id="btnEmpty" href="reviewcart.php"><b>Submit</b></a></div>

                                 <?php
                                     $product_array = $db_handle->runQuery("SELECT * FROM tblproduct ORDER BY id ASC");
                                     if (!empty($product_array)) { 
                                        foreach($product_array as $key=>$value){
                                   ?>
                                   <div class="product-item">
                                        <form method="post" action="place-order.php?action=add&code=<?php echo $product_array[$key]["code"]; ?>">
                                            <div class="product-image"><img src="<?php echo $product_array[$key]["image"]; ?>"></div>
                                            <div><strong><?php echo $product_array[$key]["name"]; ?></strong></div>
                                            <div class="product-price"><?php echo "$".$product_array[$key]["price"]; ?></div>
                                            <div><input type="text" name="quantity" value="1" size="2" /><input type="submit" value="Add to cart" class="btnAddAction" /></div>
                                        </form>
                                    </div>
                                    <?php
                                        }
                                     }
                                    ?>
                                </div>

reviewcart.php

    <?php
 error_reporting(E_ERROR | E_PARSE);
session_start();
require_once("dbcontroller.php");
$db_handle = new DBController();
if(!empty($_GET["action"])) {
switch($_GET["action"]) {
    case "add":
        if(!empty($_POST["quantity"])) {
            $productByCode = $db_handle->runQuery("SELECT * FROM tblproduct WHERE code='" . $_GET["code"] . "'");
            $itemArray = array($productByCode[0]["code"]=>array('name'=>$productByCode[0]["name"], 'code'=>$productByCode[0]["code"], 'quantity'=>$_POST["quantity"], 'price'=>$productByCode[0]["price"]));

            if(!empty($_SESSION["cart_item"])) {
                if(in_array($productByCode[0]["code"],array_keys($_SESSION["cart_item"]))) {
                    foreach($_SESSION["cart_item"] as $k => $v) {
                            if($productByCode[0]["code"] == $k) {
                                if(empty($_SESSION["cart_item"][$k]["quantity"])) {
                                    $_SESSION["cart_item"][$k]["quantity"] = 0;
                                }
                                $_SESSION["cart_item"][$k]["quantity"] += $_POST["quantity"];
                            }
                    }
                } else {
                    $_SESSION["cart_item"] = array_merge($_SESSION["cart_item"],$itemArray);
                }
            } else {
                $_SESSION["cart_item"] = $itemArray;
            }
        }
    break;

    case "remove":
        if(!empty($_SESSION["cart_item"])) {
            foreach($_SESSION["cart_item"] as $k => $v) {
                    if($_GET["code"] == $k)
                        unset($_SESSION["cart_item"][$k]);              
                    if(empty($_SESSION["cart_item"]))
                        unset($_SESSION["cart_item"]);
            }
        }
    break;
    case "empty":
        unset($_SESSION["cart_item"]);
    break;  
}
}
?>
    <div class="c-layout-sidebar-content ">
        <!-- BEGIN: PAGE CONTENT -->
        <div class="c-content-title-1 c-margin-t-30">
            <h3 class="c-font-uppercase c-font-bold c-center ">Place Order</h3>

            <div class="c-content-panel">

                <div class="c-body">
                    <div class="row">
                        <div class="col-md-12">
                            <table class="table table-condensed">
                               <div id="shopping-cart">
                                 <div class="txt-heading">Shopping Cart <a id="btnEmpty" href="reviewcart.php?action=empty">Empty Cart</a></div>
                                 <?php
                                     if(isset($_SESSION["cart_item"])){
                                        $item_total = 0;
                                    ?>  
                                <table class="col-md-12" cellpadding="10" cellspacing="1" >
                                    <tbody class="col-md-12">
                                        <tr>

                                             <form action="reviewcart.php" method="post">
                                            <th class="col-md-4" style="text-align:center;"><strong>Name</strong></th>
                                            <th class="col-md-4" style="text-align:center;"><strong>Code</strong></th>
                                            <th class="col-md-4" style="text-align:center;"><strong>Quantity</strong></th>

                                            <th class="col-md-3" style="text-align:center;"><strong>Action</strong></th>
                                        </tr>   
                                        <?php       
                                            foreach ($_SESSION["cart_item"] as $item){
                                        ?>
                                        <tr>
                                            <td style="text-align:center;border-bottom:#F0F0F0 1px solid;" >
                                             <strong><?php echo  $item["name"]; ?></strong>
                                             <input type="hidden" name="name" value="<?php echo $item['name']?>">
                                         </td>
                                         <td style="text-align:center;border-bottom:#F0F0F0 1px solid;">
                                             <?php echo  $item["code"]; ?>
                                             <input type="hidden" name="code" value="<?php echo $item['code']?>">
                                            </td>
                                         <td style="text-align:center;border-bottom:#F0F0F0 1px solid;">
                                             <?php echo  $item["quantity"]; ?>
                                             <input type="hidden" name="quantity" value="<?php echo $item['quantity']?>">
                                         </td>
                                         <!-- <td style="text-align:center;border-bottom:#F0F0F0 1px solid;">
                                         <?php  $price=$_POST['price'] ; echo $price ?>
                                         </td> -->
                                         <td style="text-align:center;border-bottom:#F0F0F0 1px solid;">
                                             <a href="reviewcart.php?action=remove&code=<?php echo $item["code"]; ?>" class="btnRemoveAction">
                                              Remove Item
                                             </a>
                                         </td>
                                        </tr>

                                        <!-- <?php
                                            $item_total += ($item["price"]*$item["quantity"]);
                                            }
                                        ?>
 -->
                                        <tr>
                                            <td colspan="5" align=right><input type="submit" name="submit" value="submit" /></td>
                                        </tr></form>

                                    </tbody>
                                </table>        
                                <?php
                                    }
                                ?>
                                </div>

                            </table>
                        </div>
                    </div>

                </div>
            </div>

        </div>
    </div>

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Sep 28 '17 at 12:49
**Too much code**. You need to do a better job of troubleshooting this yourself. We are *not* debuggers. You need **isolate the problem** and debug from there. If you're stuck provide a **clear explanation of what isn't working** with a [**Minimal, Complete, and Verifiable example**](http://stackoverflow.com/help/mcve). I suggest reading **[ask]** a good question and **[the perfect question](http://codeblog.jonskeet.uk/2010/08/29/writing-the-perfect-question/)**. Also, be sure to take the **[tour]** and read **[this](//meta.stackoverflow.com/questions/347937/)**. — John Conde, Sep 28 '17 at 12:50
..and make a separation of concerns...start with separating layout and business logic — B001ᛦ, Sep 28 '17 at 12:51

score 0 · Answer 1 · answered Sep 28 '17 at 12:57

Why don't you NOT refresh the page?

You could treat each of the items listed on the page like a checkbox, and then on submit, simply add all the checkboxed items to your cart. Obviously there is no need to DESIGN it like a checkbox, simply make it work that way in the back-end code.

Then just make sure that everytime you submit to cart or navigate away from page, it first submits the form (if it is not empty), and then navigates.

multiple items are not inserting into cart

1 Answers1