-1

I have a product gallery in which products are displayed from the database. they have productID product_name product_price etc and a checkbox under the product detail on every product. the functionality I want is when I checked multiple products they should add to the selection table with a unique userID.

<form action="add_selection_script.php" method="POST" enctype="multipart/form-data">
<select class="form-select tw-capitalize" name="u_id">
                      <option value="">Select a Customer</option>
                      <?php
                      $get_users = "SELECT * FROM users";
                      $run_users = mysqli_query($con, $get_users);

                      while ($row_users = mysqli_fetch_array($run_users)) {
                        $u_id = $row_users['u_id'];
                        $username = $row_users['user_username'];
                        echo "<option value='$u_id'>$username</option>";
                      }
                      ?>
                    </select>
<?php
      $get_products = "SELECT * FROM products";
      $run_products = mysqli_query($con, $get_products);

      while ($row_products = mysqli_fetch_array($run_products)) {
        $id = $row_products['id'];
        $pro_id = $row_products['product_id'];
        $pro_cat = $row_products['product_cat'];
        $pro_title = $row_products['product_title'];
        $pro_size = $row_products['product_size'];
        $pro_price = $row_products['product_price'];
        $pro_image = $row_products['product_image'];
      ?>
        <div class="col-lg-2 col-12">
        <input type="hidden" name="price" value="">
        
        <input type="hidden" name="product_title" value="<? echo $pro_title; ?>">
        <input type="hidden" name="product_image" value="<? echo $pro_image; ?>">
          <div class="card mb-3">
            <div class="tw-aspect-w-4 tw-aspect-h-4">
              <img src="../includes/product_images/<? echo $pro_image ?>" class="card-img-top" alt="...">
            </div>
            <div class="card-body">
              <h5 class="card-title"><? echo $pro_title ?></h5>
              <p class="card-text mb-3">Price <? echo $pro_price ?> EUR</p>
              <a href="#" class="btn btn-primary">Go somewhere</a>
            </div>
            <div class="card-footer">
              <div class="form-check mb-2">
                <input type="checkbox" class="form-check-input" name="pid[]" id="<?echo $pro_id?>" value="<?echo $pro_id?>">
                <label class="form-check-label" for="<?echo $pro_id?>">
                  Select
                </label>
              </div>
            </div>
          </div>
        </div>
      <? } ?>
</form>

and in my add_selection_script.php

    <?php
include '../includes/conn.php';

if (isset($_POST['insert_selection'])) {
  $u_id = $_POST['u_id'];
  $tradexx_price = $_POST['tradexx_price'];
  $product_title = $_POST['product_title'];
  $product_image = $_POST['product_image'];

  $pid = implode(',', $_POST['pid']);

  $insert_selection = "INSERT INTO selection (c_id,p_id,tradexx_price,pvp,product_name,img) VALUES ('$u_id','$checkBox','$tradexx_price','$pvp','$product_title','$product_image')";
  echo $insert_selection;
  die();
  $insert_sel = mysqli_query($con, $insert_selection);
  if ($insert_sel) {
    echo "<script>alert('Selection has been added!')</script>";
    echo "<script>window.open('add_selection.php', '_self')</script>";
  }
}
?>

I do can get the pid comma separate form but how can I get the others? i am not good at PHP and trying to figure it out. my goal is to insert all checked products as separate entries in database. Thanks

Kashmiri Ammar
  • 163
  • 2
  • 12
  • You've got `name="price"` inside a loop, so you're getting multiple elements with the same name. You'll have to either make a different name for each like `name="price_1"` or make each an array like pid is `name="price[]"` – Alex Howansky Nov 17 '22 at 17:23
  • 1
    Also please note that your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. Instead of building queries with string concatenation, always use [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) with [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). See [**this page**](https://phptherightway.com/#databases) and [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for some good examples. – Alex Howansky Nov 17 '22 at 17:24
  • @AlexHowansky yes I also try name=`"price[]"` but it give me all the data from the database but not only checked products – Kashmiri Ammar Nov 17 '22 at 17:26
  • You can check which items are checked by the value in your checkbox `pid[]`. – Alex Howansky Nov 17 '22 at 17:30
  • @AlexHowansky yes i can see the values of `pid[]` when its checked – Kashmiri Ammar Nov 17 '22 at 17:31
  • Right, so loop over all the values, if `pid[$i]` is checked then insert `price[$i]`. – Alex Howansky Nov 17 '22 at 17:33
  • @AlexHowansky Thanks can you please write the snippet? sorry I didn't get it – Kashmiri Ammar Nov 17 '22 at 17:35

1 Answers1

2

Right now you have this inside a loop:

<input type="hidden" name="price" value="">

This gives you multiple uses of the same name price, which isn't going to work. I think the best way to handle this is to use your product id as the value for the checkbox:

<input type="checkbox" name="pid[]" value="<?php echo $pro_id; ?>">

Then, in the page that processes the form, you can just loop over the array:

foreach ($_POST['pid'] as $pid) {
    // $pid now contains the product id to insert
}

I also note that all the values you're inserting are coming from hidden form elements. Don't do this. Even though the values are hidden, that won't stop the user from being able to provide new values. Instead, just take the product id, and then lookup the associated values at the time of the insert. Something like this:

foreach ($_POST['pid'] as $pid) {
    // $product = SELECT * FROM products WHERE product_id = $pid
    // now you have $product['product_image'] to insert into the selection table
}
Alex Howansky
  • 50,515
  • 8
  • 78
  • 98
  • Thanks for your answer. please tell me how can I insert data into `selection` table after getting the values from the loop? – Kashmiri Ammar Nov 17 '22 at 18:58