-1

i have table of procuts (data come from database)

  <?php
    while($row3 = mysqli_fetch_array($result2)) {
     $prodname = $row3['name'];
     $supid = $row3['supplier'];
     $prodid = $row3['id'];
     $prodprice = $row3['price'];
  ?>
            <tr class='listtable'>
              <td><input type="checkbox" name="prod[]" id="prod[<?php echo $prodid; ?>]" value="<?php echo $prodid; ?>"><label for="prod[<?php echo $prodid; ?>]"><?php echo $prodname; ?></label>
              </td>
              <td><label for="prod[<?php echo $prodid; ?>]"><?php echo $prodprice; ?> NIS
              </td></label>
              <td><input type="text" name="qty" placeholder="Qty" minlength="1" maxlength="3" size="2">
              </td>
            </tr>
    <?php
    }
    ?>

i want to send the data of each row if the checkbox is selected... i can send the checkbox value (i sent the producs ID to get the data from the database for each one is selected but i cant send the Qty text box value (i want to send only the ones are checked)

<?php  
include "db.php";
  if(isset($_POST['submit'])){
      if(!empty($_POST['prod'])){
        foreach($_POST['prod'] as $pid){
          $proddetail = mysqli_query($con,"SELECT * FROM `products` WHERE id = $pid");
          while($prod = mysqli_fetch_array($proddetail)) {
            $pname = $prod['name'];
            $pprice = $prod['price'];
            echo $pname;
            echo $pprice;
            echo "<br>";
          }
        }
      } else {
        echo 'no items selected!';
      }
  }
?>
Saar Asor
  • 29
  • 8
  • There are many approaches for this : 1) Using JS, 2) Pure PHP : Change the name of the input text to match the checkbox id, and in the back-end, test if the selected checkboxes values matches the input names... – Hamza Abdaoui Dec 30 '20 at 16:55
  • What is not working? – Jason K Dec 30 '20 at 16:59
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Dec 30 '20 at 18:17
  • Does this answer your question? [How store multiple language textfield in mysql with php?](https://stackoverflow.com/questions/64910833/how-store-multiple-language-textfield-in-mysql-with-php) – Dharman Dec 30 '20 at 18:18

1 Answers1

0

You just need unique fields for the quantity text box. Try this

<?php
while($row3 = mysqli_fetch_array($result2)) {
    $prodname = $row3['name'];
    $supid = $row3['supplier'];
    $prodid = $row3['id'];
    $prodprice = $row3['price'];
?>
    <tr class='listtable'>
        <td><input type="checkbox" name="prod[]" id="prod[<?php echo $prodid; ?>]" value="<?php echo $prodid; ?>"><label for="prod[<?php echo $prodid; ?>]"><?php echo $prodname; ?></label>
        </td>
        <td><label for="prod[<?php echo $prodid; ?>]"><?php echo $prodprice; ?> NIS
        </td></label>
        <td><input type="text" name="qty_<?php echo $prodid; ?>" placeholder="Qty" minlength="1" maxlength="3" size="2">
        </td>
    </tr>
<?php
}

And then

<?php  
include "db.php";
  if(isset($_POST['submit'])){
      if(!empty($_POST['prod'])){
        foreach($_POST['prod'] as $pid){
          $proddetail = mysqli_query($con,"SELECT * FROM `products` WHERE id = $pid");
          while($prod = mysqli_fetch_array($proddetail)) {
            $pname = $prod['name'];
            $pprice = $prod['price'];
            $pqty = filter_input(INPUT_POST, 'qty_' . $pid, FILTER_SANITIZE_NUMBER_INT);
            printf('Name: %1$s<br>', $pname);
            printf('Price: %1$s<br>', $pprice);
            printf('Quantity: %1$d<br>', $pqty);
          }
        }
      } else {
        echo 'no items selected!';
      }
  }

I used the filter_input function instead of accessing $_POST directly because it will help ensure malicious attackers have less opportunities for breaking your code, but it's effectively the same $_POST['qty_' . $pid]

Lawrence Johnson
  • 3,924
  • 2
  • 17
  • 30