Jump to content

PHP Array Form issues


Go to solution Solved by LDS,

Recommended Posts

Hello,

Have the following form that takes data from the DB when u click on the text the left input increments when u click on it the same input decrement its value.

Have 2 main issues now:

1- the value of the input fields needs to be set after the post is submitted and having issue with that since it's an array.

2-after the submit the post is saved in an array (the out is showing in the attched image), need to choose each related item , price and quantity like product 1 price 1 quantity 1 so i can update the db later on.

All the Best

<form method='POST' action=''>
<?php 
if ($err1==0) {

  /*DB CODES...*/
  $num_rows = mysqli_num_rows($sql_1);

  if (isset($_POST["form_Order"]) && $_POST["form_Order"] == "form_Order") {
    
    $orderID=clean_input($_POST["orderID"]);
    $cat_Code=$_POST["cat_Code"];
    $sub_Cat_Code=$_POST["sub_Cat_Code"];

    $array_Order = array($_POST);
    print_r ($array_Order)."<br>";
    /*DB CODES...*/
    $res_sql_1 = mysqli_query($connection, $sql_2);

    /*additional codes*/


  }//end if $_POST

        while ($row_sql_Item = mysqli_fetch_assoc($res_sql_Item)) {

            $product_Name = $row_sql_Item["item"];
            $product_Price = $row_sql_Item["price"];
            $subCatCode=$row_sql_Item["sub_cat_code"];

            if(isset($_POST['productName[]'])){ $productname=$_POST['productName[]'];}else{ $productname=$product_Name;}
            if(isset($_POST['product_Price[]'])){ $productPrice=$_POST['product_Price[]'];}else{ $productPrice=$product_Price;}

            echo "<div>
            <input type='number' min='0' max='10' name='quantity[]' value='";
            if(isset($_POST['quantity']) && is_array($_POST['quantity'])){
              $quantitiez = array();
              foreach ($quantitiez as $quant){
                print $quant;
              }
            }else{ echo "0";}

            echo "' onclick=\"this.parentNode.querySelector('input[type=number]').stepDown();this.form.submit();\" class='productQuantity' readonly>
            <input type='text' min='0' max='10' name='productName[]' value='$productname' onclick=\"this.parentNode.querySelector('input[type=number]').stepUp();this.form.submit();\" class='productName' readonly>
            <input type='text' name='product_Price[]' value='$productPrice' class='productPrice' onclick=\"this.form.submit()\" readonly>
            <input type='hidden' name='orderID' value='$orderID'>
            <input type='hidden' name='cat_Code' value='$catCode'>
            <input type='hidden' name='sub_Cat_Code' value='$subCatCode'>
            <input type='hidden' name='form_Order' value='form_Order'></div>
            ";

        }//end While

}//end if $err1

?>
</form>

 

form.png

Link to post
Share on other sites

When naming the quantity fields, I would use the row ID from the database as the key that goes between the square brackets. If your "Cherry" product's ID is 5, for example, the input tag for the quantity field in the HTML code would look like this:

<input type='number' min='0' max='10' name='quantity[5]' ...

That way you don't need to pass the product names and prices with the form submission. And you don't need to worry about the customer trying to change a price on you in the form. Note that the "readonly" flag is very easy to bypass for someone who's familiar with the Console feature built into all the major browsers.

After the form is submitted, the ID from the "quantity" array can be used to pull the necessary information from the database. The ID will also make it easier to redisplay the form, because you can access the necessary quantity value with the ID (e.g. $_POST['quantity'][5]).

 

Side note: In case you're not aware, you'll want to use caution with using variables like in the following line:

<input type='text' min='0' max='10' name='productName[]' value='$productname' ...

Have you tried adding a product name that contains an apostrophe? It's going to cause problems with the form. The problem is potentially worse when that variable contains a value that can be tampered with by the user. See XSS attacks for more information.

If you haven't done so already, you'll want to look into escaping variables for output.
https://www.php.net/manual/en/function.htmlspecialchars.php

Link to post
Share on other sites
  • cyberRobot changed the title to PHP Array Form issues

Hello cyberRobot, Thanks for the reply

"Regarding the XSS I agree just did not post everything about it... the read only just for design purpose and this is for personal use but I have implemented the security measures for this."

I added the id to the quantity section as suggested it s better yet still stuck as the value after that input is submitted .

<input type='number' min='0' max='10' name='quantity[]' value='";
            if(isset($_POST['quantity']) && is_array($_POST['quantity'])){
              $quantitiez = array($_POST['quantity']);
              foreach ($quantitiez as $quant){
                print $quant;
              }
            }else{ echo "0";}

 

Link to post
Share on other sites

Update:

I ve reverted back to my initial coding implementing the suggested array in the name.
 

$i=1;

while ($row_sql_Item = mysqli_fetch_assoc($res_sql_Item) AND $i <= $num_rows) {
                                                                            
	if(isset($_POST['quantity'])){$quantity=$_POST['quantity'][$i];}else{$quantity= "0";}
echo "<input type='number' min='0' max='10' name=\"quantity[$i]\" value='".$quantity."' onclick=\"this.parentNode.querySelector('input[type=number]').stepDown();this.form.submit();\" class='productQuantity' readonly>";

             
$i++;

}//end While

Returning:

Array (
    [0] => Array (
        [quantity] => Array ( [1] => 7 [2] => 0 )
        [productName] => Array ( [1] => cherry [2] => martini )
        [product_Price] => Array ( [1] => 3 [2] => 3 )
        )
    )

All all fields are correct now, Thanks for your suggestions.

Need to do one more thing how to select all POST keys values bases on the quantity being !=0?

 

All the Best

Link to post
Share on other sites
  • Solution

Update 2:

Solved it:

if (isset($_POST["quantity"])) {
  
  foreach ($_POST["quantity"] as $key => $value) {

    if ( $value > 0) {
      echo "quan:".$_POST['quantity'][$key]." ".$_POST['productName'][$key]."=".$_POST['product_Price'][$key]."<br>";
    }
  }
}

I'll Keep it open till I finish the DB then I ll mark it as solved, thanks a lot.

Link to post
Share on other sites
On 5/1/2021 at 3:07 PM, LDS said:

Update 2:

Solved it:


if (isset($_POST["quantity"])) {
  
  foreach ($_POST["quantity"] as $key => $value) {

    if ( $value > 0) {
      echo "quan:".$_POST['quantity'][$key]." ".$_POST['productName'][$key]."=".$_POST['product_Price'][$key]."<br>";
    }
  }
}

I'll Keep it open till I finish the DB then I ll mark it as solved, thanks a lot.

@cyberRobot Thank you all fixed now, Kindly delete last post "Update 3: DB" can't find a way to delete it, thanks for fixing the arrya dictation error on the topic too.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.