Getting individual element from session array php to put through MySQL SELECT statement

Question

I'm trying to get an individual element of my array (the product ID) then use a MYSQLi SELECT statement to get the additional information about the product. I've used print_r for testing purposes and everything is stored in the array correctly. I just can't work out how to select the individual item from a nested array in a Session variable and then use that to put it in a SQL statement and then loop through to display the items, as this is for a shopping cart.

Also I tried using mysqli_fetch_array and mysqli_fetch_assoc and both ways it comes up with an error Here is my code:

if (isset($_GET['add'])) {
            echo "true";
            $pid = $_GET['add'];
            $wasFound = false;
            $i = 0;
            // If the cart session variable is not set or cart array is empty
            if (!isset($_SESSION['cart_array']) || count($_SESSION['cart_array']) < 1) {
                // RUN IF THE CART IS EMPTY OR NOT SET
                $_SESSION['cart_array'] = array(0 => array('item_id' => $pid, 'quantity' => 1));
            } else {
                // RUN IF THE CART HAS AT LEAST ONE ITEM IN IT
                foreach ($_SESSION['cart_array'] as $each_item) {
                    $i++;
                    while (list($key, $value) = each($each_item)) {
                        if ($key == 'item_id' && $value == $pid) {
                        // That item is in cart already so let’s adjust its quantity using array_splice()
                            array_splice($_SESSION['cart_array'], $i-1, 1, array(array('item_id' => $pid, 'quantity' => $each_item['quantity'] + 1)));
                            $wasFound = true;
                        } // close if condition
                    } // close while loop
                } // close foreach loop
                if ($wasFound == false) {
                    array_push($_SESSION["cart_array"], array("item_id" => $pid, "quantity" => 1));
                }
                //print_r ($_SESSION["cart_array"]);
                $sql = "SELECT * FROM  `products` WHERE  `productID` = '$pid'";
    $result = mysqli_query(Database::dbConnect(),$sql);
    while($row = mysqli_fetch_array($result)) {
    $str = <<<EOD
    <tbody>
        <tr>
            <td>{$row['productName']}</td>
            <td>{$row['productID']}</td>
            <td>'quantity'</td>
            <td>{$row['price']}</td>

        </tr>
    </tbody>
EOD;
            echo $str;
    }
                }


            }

Answer 1

Try replacing $was_found with

$cart_product = null;

And replace your for loop and if with (same first line):

foreach ($_SESSION['cart_array'] as $each_item) {
    if ($each_item['item_id'] != $pid) {
        continue;
    }

    $cart_product = $each_item;
}

if (isset($cart_product)) {
    $cart_product['quantity']++;
} else {
    $cart_product = array('item_id' => $pid, 'quantity' => 1);
    array_push($_SESSION['cart_array'], $cart_product);
}

You should not have to loop through the contents of $each_item. The item ID should be available directly if your format is what is shown in the first part of the outer if.

Incidentally, this would be a lot easier if you defined a product class instead of arrays. You could have a cart object which you could query for cart_product objects.

Then replace

            <td>'quantity'</td>

with

            <td>{$cart_product['quantity']}</td>

I'm not at all clear how your SQL query relates to this.

Unrelated to your question, but

        $pid = $_GET['add'];

followed by

            $sql = "SELECT * FROM  `products` WHERE  `productID` = '$pid'";

is horribly insecure. See How can I prevent SQL injection in PHP?