How to differentiate between each isset and update a specific table row in PHP

Question

The first part of my code creates some entries in a table using $_POST.

foreach ($_POST['form_item'] as $key => $value) {
    $item = $_POST['form_item'][$key];
    $barcode = $_POST['form_barcode'][$key];
    $task = $_POST['form_task'][$key];

    $bottom_items = $pdo->prepare("INSERT INTO carpet_items_extra (`item_id`,`item_task`, `item_barcode`) VALUES ('$log_id', '$task', '$barcode')");
    $bottom_items->execute();

The next part contains the data I need to update the entries with.

    if(isset($_POST['form_price_standard'][$key]) && $_POST['form_price_standard'][$key] != ''){
        $price_standard = $_POST['form_price_standard'][$key];
        
    }
    else{
        $price_standard = 0;
    }

    if(isset($_POST['form_price_daily_1'][$key]) && $_POST['form_price_daily_1'][$key] != '' && isset($_POST['form_duration_2'][$key]) && $_POST['form_duration_2'][$key] != ''){
        $price_daily_1 = $_POST['form_price_daily_1'][$key];
        $duration_2 = $_POST['form_duration_2'][$key];
    }
    else{
        $price_daily_1 = 0;
        $duration_2 = 0;
    }

    $update = $pdo->prepare("UPDATE carpet_items_extra SET `price_standard` = '$price_standard', `price_daily_1` = '$price_daily_1', `duration_2` = '$duration_2' WHERE item_id = '$log_id AND item_task = '$task' AND item_barcode = '$barcode'");

    $update->execute();
}

The problem is when the data is only from the first isset it's saved as it should be, but when there's data in the second isset as well, only the first row in the table gets update. How can I differentiate between the two?

I have tried using for to execute the query once for every $barcode item, as well as using nested foreach. The result though was multiple extra entries in the database table.

You are open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized prepared statements instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) and [MySQLi](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even by trusted users, [you are still at risk of corrupting your data](https://bobby-tables.com/). [Escaping is not enough](https://stackoverflow.com/q/5741187). — Jason K, Nov 21 '22 at 16:35
Why are you using a separate `INSERT` and `UPDATE`? Put the conditions before the `INSERT` and include those columns. — Barmar, Nov 21 '22 at 16:37
Where is the `$log_id` variable in the queries coming from? Shouldn't it be `$item`? — Marleen, Nov 21 '22 at 16:39
You're missing the quote after `'$log_id` in the `UPDATE` query. It shouldn't work with either `isset()` condition. But if you used prepared statements this wouldn't be a problem. — Barmar, Nov 21 '22 at 16:40
@barmar I have tried putting the conditions before the ```INSERT``` and including the columns but the same thing happens. as for the quote I forgot to type it as I was typing the question it is included in the original code. @Marleen the ```$log_id``` variable is above the code and it works as intended I just did not want to include too much code. — lazy_titan94, Nov 21 '22 at 17:13

How to differentiate between each isset and update a specific table row in PHP

0 Answers0