order form problem

fibonacci

heyya..

i wanted to do an order cookies form which will submit the data into database.
however, i don't get it to work well as i don't know how i can post the data to be submitted.. especially when i'm using the dripdown menu to choose the quantity ordered. here is my code

 
<form name="orderCookie" method="post" action="cookie.order.php">
<table>
<tr><td>Type</td><td>Price</td><td>Quantity</td><td>&nbsp;</td></tr>
<tr>

<?
    $stmt  = "select cookieid, type, price from cookie";
    $query = mysql_query($stmt)or die(mysql_error());
    while($res=mysql_fetch_array($query)){

    echo "<td>".$res['type']."</td>";
    echo "<td>".$res['price']."</td>";
?>
    <td><select name="quantity">
    <option>&nbsp;</option>
    <option>1</option>
    <option>2</option>
    <option>3</option>
    <option>4</option>
    <option>5</option>
    <option>6</option>
    <option>7</option>
    <option>8</option>
    <option>9</option>
    <option>10</option>
    </select> box</td>

<td><input type="text" name="cookieid" value="<? echo $res['cookieid'];?>"></td>

<?
        echo "</tr>";
    } 

?>
<tr>&nbsp</tr>
<tr><td>&nbsp<td></tr>
<tr>
<td colspan="2"><div align="center">
<input type="submit" name="Submit" value="Submit">
</div></td>
</tr>
</table>
</form>

i tried to post the quantity for cookie A and cookie B, but i just got 1 value when i echo it at order.cookie.php. I also wanted to get the data of the cookie which I ordered only e.g: i just only order cookie A so only data of cookie A will be post. can anybody help me?

thanks in advanced

fibonacci

latest update..

when i post the value..

i just only get last value ..
e.g: i order cookies A n quantity 2 & cookies B quantity 6

then, once i submit, i used to echo the value at order.cookie.php

echo $POST['cookieid'];
echo $POST['quantity'];

it's only display cookieid and quantity for cookies B.
i wish to display both of the values cookies A and B

please advice..

bradgrafelman

You can't have multiple HTML elements with the same name - they will overwrite the previous one's values (as you're seeing here).

The best approach would probably to do something like this:

    <td><select name="quantity[<?php echo $row['cookieid']; ?>]">

Assuming that 'cookieid' isn't a misleading name and that it contains a unique, idenfitying integer for that row.

Then, $_POST['quantity'] would be an array, and you'd loop through it with a foreach(), grabbing the key and value as you go, and update your DB that way.

fibonacci

hi..
thanks bradgrafelman... it works..

however now i got a problem to insert the value into the table since the value
cookieID: 1; Quantity: 4 cookieID: 2; Quantity: 6

i got a order_cookie table with orderid, cookieid, quantity,date.
below is my code

$_SESSION['userid'];

$qty = $_POST['quantity']; 

//print_r($qty);  
foreach($qty as $key => $value){
    echo "cookieID: $key; Quantity: $value\n";

}

$date = date('Y-m-d');

$stmt = "insert into cookie_order values ('','".$date."','".$key."','".$_SESSION['userid']."','".$value."')";
$query = mysql_query($stmt)or die (mysql_error());

once insert the value, only one row effected which only inserted quantity n cookieid of the last value e.g: cookieid 2 quantity 6..

please help

bradgrafelman

That's because you need to create and execute the statement within the foreach() loop. As it is, your query is built an executed after the foreach loop has run, meaning you're only borrowing the last value obtained from the loop.

Alternatively, a better way might be to build a string inside the foreach loop (constantly adding on to the end of it) like so:

$values = '';
foreach($qty as $key => $value) {
	$values .= "(CURDATE(),'".$key."',".$_SESSION['userid'].",'".$value."'), ";
}
$stmt = 'INSERT INTO cookie_order (dateColumn, cookieID, userid, quantity) VALUES ' . rtrim($values, ', ');

Here's a few things I need to mention about your SQL queries:

You're not sanitizing the data! You should NEVER place user-supplied data directly into a SQL query - you're leaving yourself vulnerable to SQL injection attacks. Instead, you should the output of a function such as [man]mysql_real_escape_string/man.
It's not considered good SQL query practice to use a VALUES() clause in an INSERT query without naming the columns.
Because of you not using a column list, you use a blank string for the auto_increment field. Instead, you should simply omit this field entirely from your SQL queries and let the DB handle it.
Instead of having PHP generate a date (and creating another variable), I just let MySQL take care of the date with the CURDATE() function.
How are these "orders" identified? You have new rows for each product... how do you select all of the rows for an order I place? I'm guessing you have a WHERE clause that identified both my user id as well as the date that I placed the order. Now, what happens if I place two separate orders on the same day? How do you know which items belong to which order? I think a slight redesign of your SQL structure might be in need here.