Want to pass variables in foreach loop to another php file

Question

if (!empty($_SESSION["shopping_cart"])) {
    $total = 0;
    foreach ($_SESSION["shopping_cart"] as $keys => $values) {
?>
        <tr>
            <td><?php echo $values["item_name"]; //$GLOBALS['x']= $values["item_name"] $_COOKIE["iname"] = $values["item_name"] ?></td>

            <td><?php echo $values["item_quantity"];//$GLOBALS['y']= $values["item_quantity"]//$_SESSION["iquantity"] = $values["item_quantity"]?></td>

            <td>₹ <?php echo $values["item_price"]; //$GLOBALS['z']= $values["item_price"]//$_SESSION["iprice"] = $values["item_price"]?></td>

            <td>₹ <?php echo number_format($values["item_quantity"] * $values["item_price"], 2); ?></td>

<?php 
        $menus = array("name"=>$values["item_name"], 
                                    "quan"=>$values["item_quantity"], 
                                    "price"=>$values["item_price"], 
                                    "id"=>$values["item_id"]);
?>

            <td><a href="index.php?action=delete&id=<?php echo $values["item_id"]; ?>"><span class="text-danger">Remove</span></a></td>
        </tr>
<?php
        $total = $total + ($values["item_quantity"] * $values["item_price"]);
    }
?>
    <tr>
        <td colspan="3" align="right">Total</td>
        <td align="right">₹ <?php echo number_format($total, 2); ?></td>
        <td></td>
    </tr>
    <tr>
        <td colspan="5" align="right"> <input type="submit" value="Confirm" class="btn btn-primary">
        </td>
    </tr>
    </form>
<?php
}

Basically I am trying to create a cafeteria management system using sql, html and php. So I want to insert the items ordered by the user into a table for that I am supposed to pass the variables from a foreach of one php file to another php file. I want to pass the $values["item_name"], $values["item_quantity"], $values["item_price"] to the other php file to insert their values into a sql table which is below:

<?php
include_once('index.php');

$i_name = ("item_name");
$i_quantity =("item_quantity");
$i_price =("item_price");
$i_id = ("item_id");

/*$i_name = $_SESSION[$menus["name"]];;
$i_quantity =$_SESSION[$menus["quan"]];
$i_price = $_SESSION[$menus["price"]];
$i_id = $_SESSION[$menus["id"]];
*/

session_start();
$un = $_SESSION['username']; 

$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "cart";

$conn = new mysqli($host, $dbusername, $dbpassword, $dbname);

if (mysqli_connect_error()) {
    die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
} else {
    $sql = "INSERT INTO tbl_order (itemname, itemquantity, itemprice, itemid, username) values ('$i_name','$i_quantity','$i_price','$i_id','$un')";
    if ($conn->query($sql)) {
        header("location: lastpageFINAL.php");
    } else {
        echo "Error: " . $sql . "" . $conn->error;
    }
    $conn->close();
}
echo '<br /><a href="orderstatus1.php">';
//echo '<br /><a href="index.php">';
?>

I tried using global variables but couldn't make it.

Side note: Do not use string interpolation or concatenation to get values into SQL queries. That's error prone and might make your program vulnerable to SQL injection attacks. Use parameterized queries. See ["How to include a PHP variable inside a MySQL statement"](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) and ["How can I prevent SQL injection in PHP?"](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — sticky bit, Dec 26 '20 at 11:26
User functions (and classes) are a useful way of structuring your code and accessing particular bits of functionality wherever necessary. Even if you rig this to work as hoped, as code grows the "procedure per file" approach will become unbearably painful. Refactor your code. — Markus AO, Dec 26 '20 at 12:08
Why are you not using the session? GLOBALS are only there for the duration of the scripts execution you cannot pass values via a global to another script execution — RiggsFolly, Dec 26 '20 at 12:30
Does this answer your question? [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Rohit Sharma, Dec 27 '20 at 04:44

score 0 · Accepted Answer · answered Dec 26 '20 at 16:06

Back in the days when I was a university student, one of my teachers told us that the code that you repeatedly need to execute is called "function". She was right in my opinion. However, you can do without functions as well, even though it's not especially advisable. You can use include/require for this purpose:

foo.php

$something = 0;
for ($i = 1; $i < 100; $i++) {
    $something += $i;
    require "bar.php";
}

bar.php

echo $something."<br>";

As you can see, $something is visible in bar.php because it was initialized before the file was required. This is how you can "pass" variables to files. However, again, it is advisable to define functions, require them only once and call them whenever you need them. Even better is to implement classes, but learn function programming first.

And as a sidenote I should mention: beware SQL injection and use parameterized queries instead of string interpolation.

Want to pass variables in foreach loop to another php file

1 Answers1

foo.php

bar.php