0

Where am i doing wrong ? Count($sepetler) => 2 row.İts ok.Not problem here values key in variables truth not problem here.But not working exec.All of code here.I trust to $sepet array and variables but.İnsert statement is problem.Please help me for find eror

    $dbConfig=new DBConfig();
    $baglanti = new PDO("mysql:host=".$dbConfig->host.";dbname=".$dbConfig->dbname, $dbConfig->dbuser, $dbConfig->password);
    $baglanti->exec("SET NAMES utf8");
    $baglanti->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $siparis_kodu=$post["merchant_oid"];
    $sepetGetirSql = "select * from sepetler where siparis_kodu='".$siparis_kodu."'";
    //
    $sepetler = array();


  $queryResultSepetList = $baglanti->query( $sepetGetirSql, PDO::FETCH_ASSOC );
  if ( $queryResultSepetList->rowCount() > 0 ) {
      foreach ( $queryResultSepetList as $row ) {
          array_push( $sepetler, $row );
        }
      }
            $sepet_say=count($sepetler);


            for ($i=0; $i <count($sepetler) ; $i++) {
                $statement = $baglanti->prepare("SELECT urun_adi,urun_fiyati FROM urunler WHERE urun_id = :urun_id");
                $statement->execute(array( ":urun_id" => $sepetler[0]["urun_id"] ));
                $urun_bilgileri = $statement->fetch(PDO::FETCH_ASSOC);

                $query = $baglanti->prepare("INSERT INTO siparisler SET
                  urun_id = ?,
                  miktar = ?,
                  urun_fiyati = ?,
                  siparis_kodu = ?,
                  kargo_takip_no = ?,
                  odeme_durumu = ?,
                  uye_id = ?");
                  $insert = $query->execute(array(
                    $sepetler[$i]["urun_id"], $sepetler[$i]["miktar"], $urun_bilgileri["urun_fiyati"],$sepetler[$i]["siparis_kodu"],"",0,$sepetler[$i]["uye_id"]
                  ));
                  $mesaj="başarılı sipariş";
              }
Emrah Çalışkan
  • 11
  • 6
  • 3
    There might be a syntax error in your query if you didn't enclose strings with a delimiter. That said, this would be easier if you used prepared statement which is not the case here and makes your code vulnerable to SQL injection. – AymDev Dec 31 '21 at 11:52
  • Please do some proper error handling (check your error log, config PDO to throw exceptions on errors) to see what it complaints about. But as @AymDev dev says, use prepared statements with placeholders instead of injecting data directly into your queries like that. It's way more error prone and insecure to do it the way you're currently doing it. – M. Eriksson Dec 31 '21 at 11:56
  • I'm edited code.Please help me friends – Emrah Çalışkan Dec 31 '21 at 12:04
  • You always fetch with `$sepetler[0]["urun_id"]` inside the loop, should this be `$sepetler[$i]["urun_id"]` (with `$i`) to pick up the relevant data. – Nigel Ren Dec 31 '21 at 12:44

2 Answers2

1

It looks like you are using the UPDATE syntax for an INSERT statement.

It should be:

INSERT INTO table_name (column1, column2, column3, ...) VALUES (value1, value2, value3, ...);

or if you are filling all of the columns in order then you can shorten it to:

INSERT INTO table_name VALUES (value1, value2, value3, ...);
szt
  • 86
  • 3
0
  $prepare = $baglanti->prepare("INSERT INTO siparisler SET urun_id = :urun_id,miktar=:miktar,urun_fiyati=:urun_fiyati,siparis_kodu=:siparis_kodu,kargo_takip_no=:kargo_takip_no,odeme_durumu=:odeme_durumu,uye_id=:uye_id");

  $veriler = [
      "urun_id" =>  $sepetler[$i]["urun_id"],
      "miktar" =>  $sepetler[$i]["miktar"],
      "urun_fiyati" =>  $urun_bilgileri["urun_fiyati"],
      "siparis_kodu" =>  $sepetler[$i]["siparis_kodu"],
      "kargo_takip_no" =>  "",
      "odeme_durumu" => 1,
      "uye_id" => $sepetler[$i]["uye_id"]
  ];
  // verileri çalıştır
  $prepare->execute($veriler);

İt's working for me.Problem is fixed.Thank you all of them

Emrah Çalışkan
  • 11
  • 6