PHP mysql session array

Question

I have a little question.

I have few stored values in session Array. These values are ID's of products. After that i want to display products from my database, but this is not working propertly for me. Can someone help me a little? :) (I am still learning :) )

<?php
include 'includes/dbconnect.php';
$orderid = $_SESSION['order'];
foreach ($orderid as $value) {
    $sql="SELECT * FROM product WHERE productID LIKE '%$value%'";
    $result=$conn->query($sql);
    while($row=$result->fetch_assoc()){ 
        echo '<tr>';
        echo '<td>'.$row["tag"].'</td>';
        echo '<td>'.$row["price"].',- Kč</td>';
        echo '<td><a href="product.php?id='.$row["productID"].'"><img src="images/'.$row["tag"].'.jpg" width=70"></a></td>';
        echo '<td>1</td>'   ;
        echo '<td><a href="#" class="btn btn-danger btn-lg">X</a></td>';
    }
}
?>

var_dump($orderid); shows:

array(1) {
    ["order"]=> array(10) {
        [0]=> string(2) "44"
        [1]=> string(2) "46"
        [2]=> string(2) "44"
        [3]=> string(2) "54"
        [4]=> string(1) "1"
        [5]=> string(2) "44"
        [6]=> string(1) "1"
        [7]=> string(2) "44"
        [8]=> string(2) "47"
        [9]=> string(2) "74"
    }
}

add the error message(s) you get.We cannot debug this for you without more information on what went wrong — Rotimi, Nov 21 '18 at 15:58
The list of products is not right , I want to display products, which has specific id. — Pe Tr, Nov 21 '18 at 16:00
Session_start() is above on the top of all this code :) This is something like shopping cart, I have stored values in session (that works) now i want to display products from database by ID's :) — Pe Tr, Nov 21 '18 at 16:01
What does `var_dump($orderid);` show after retrieving it from the session show? — Dave, Nov 21 '18 at 16:02
I have above this code, everything works correctly except displaying products — Pe Tr, Nov 21 '18 at 16:02
When I echo result of this array() , ill get ID's of products (array of ID's) — Pe Tr, Nov 21 '18 at 16:04
var_dump($orderid); shows: array(1) { ["order"]=> array(10) { [0]=> string(2) "44" [1]=> string(2) "46" [2]=> string(2) "44" [3]=> string(2) "54" [4]=> string(1) "1" [5]=> string(2) "44" [6]=> string(1) "1" [7]=> string(2) "44" [8]=> string(2) "47" [9]=> string(2) "74" } } — Pe Tr, Nov 21 '18 at 16:08
Looks like you need to do another foreach, since `$orderid` is an array of arrays. — aynber, Nov 21 '18 at 16:10
In $sql query instead of using `LIKE '%$value%'";` try this: `LIKE '". $value ."'";` — Studocwho, Nov 21 '18 at 16:10
why searching complicated when it's simple ? x) @Studocwho then you just have to make it an answer — Fanie Void, Nov 21 '18 at 16:16

score 0 · Answer 1 · answered Nov 21 '18 at 16:21

0

Just for the purposes of SO, I'll make my comment as an answer:

In the $sql query instead of using LIKE '%$value%'"; use this: LIKE '". $value ."'";

This ensures that we actually get the value of the variable.

answered Nov 21 '18 at 16:21

Studocwho

2,404
3
23
29

This is a massive security bug [waiting to happen](https://xkcd.com/327/). The only way to securely inject user data into a SQL queries is [parameterized queries](https://stackoverflow.com/a/60496/23118). – hlovdal Nov 07 '21 at 18:07

PHP mysql session array

1 Answers1