Php get method

PHP
1

Hi, I am a student and learning PHP. I have gotten myself really confused with my code. At the moment, i have gotten a link from men.php to item.php using the get method. Now I am trying to build a shopping cart (cart.php). Below is my code, I truely am lost right now! I have a size and qty table, product table and customers table. I hope someone can help. Please bare in mind that I have not been learning PHP for long and this is my first time doing something like this to this extent.

*** item.php****

<h2>Product Details</h2>
                <div class="col-md-4 showcase">
                  <div class="showcase-last">
                           
              <?php
   $id=$_GET['id1'];
   $show_men="SELECT * FROM products WHERE id='$id'";
  $query_men=mysqli_query($conn,$show_men);

   while($row=mysqli_fetch_array($query_men,MYSQLI_ASSOC)){
    echo "<form action=item.php?id=".$row['id']." method=post>";
    echo '<br><br><table class="table"><tbody>
  <tr>
       <div><h4> '.$row['model'].'</h4></div>
	   <div><h4>£'.$row['price'].'</h4></div>

    </tr>
</tbody>
</table>';

     }
	 ?></div>
	
                       
                    <hr class="featurette-divider">
                    <div class="shocase-rt-bot">
                        <div class="float-qty-chart">
                        <ul>
			    <?php
														   
				 $id=$_GET['id1'];
				 $show_men="SELECT * FROM products WHERE id='$id'";
												  $query_men=mysqli_query($conn,$show_men);
												   while($row=mysqli_fetch_array($query_men,MYSQLI_ASSOC)){
	echo "<form action=item.php?id=".$row['id']." method=post>";
	echo '<table class="table"><tbody>
		 <tr>
			 <div>'.$row['proddesc'].'</div>

		</tr>
	</tbody>
	</table>';
	 }
 ?> 
  </div>
 <h4>Size</h4>
 <form action="item.php" method="POST">		
			  
    <?php include 'mysql.php';?>
    <?php
	$sql = "SELECT *  FROM size";
	$result = mysqli_query($conn, $sql);
	$size=$_POST['size'];

	echo '<select class="form-control quantity">';

	while ($row = mysqli_fetch_array($result)) {
		echo "<option value='" .$row['size'] . "'>" .$row['size'] .  "</option>";
	}
	echo "</select>"; 											
?>    

 <h4>Quantity</h4>
                              						  
<?php include 'mysql.php';?>
<?php
	$sql = "SELECT *  FROM qty";
	$result = mysqli_query($conn, $sql);
	$qty=$_POST['qty'];

	echo '<select class="form-control quantity">';

	while ($row = mysqli_fetch_array($result)) {
	echo "<option value='" .$row['qty'] . "'>" .$row['qty'] .  "</option>";
												}
	echo "</select>"; 
																		
	?>    
	</ul>
	<h3 class="intro-text text-center">  
             <a href="../php/cart.php
		.'" class="btn btn-primary">Add to cart</a>   <a href="#" class="btn btn-default">Buy now</a>      </h3>
        <div class="clearfix"></div>
         </div>
<?php
						
	$id=$_GET['id1'];
	$custid=$_GET['custid'];
	$model = $_POST['model'];
	$size = $_POST['size'];
	$qty = $_POST['qty'];
	$price = $_POST['price'];
						
$sql = "INSERT INTO cart (custid, model, size, qty, price) VALUES ('$id','$custid','$model', '$size', '$qty','$price');";
mysqli_query($conn, $sql);

?>

</form>       
</div>

*** cart.php *****

<?php include 'mysql.php';?> 
 <?php
														   
	 $custid=$_GET['custid'];
	 $show_cart="SELECT * FROM cart WHERE custid='$custid'";
	  $query_cart=mysqli_query($conn,$show_cart);
									   while($row=mysqli_fetch_array($query_men,MYSQLI_ASSOC)){
	echo "<form action=cart.php?custid=".$row['custid']." method=post>";
	echo '<table class="table"><tbody>
		 <tr>
		      <div>'.$row['model'].'</div>
		      <div>'.$row['size'].'</div>
			<div>'.$row['price'].'</div>

		</tr>
		</tbody>
		</table>';
		 }
	 ?>
2

Hi jjjjjjjj welcome to the forum.

First, although relatively unimportant at this point, GET and POST are not PHP methods, more correctly they are HTTP methods. PHP provides access to the values via the global $_GET and $_POST arrays. Typically, POST values are sent from form inputs and GET values are sent in URLs.

More important is the HTML that your script is outputting. When HTML is not valid all bets are off on whether or not things will work as you expect them to.
You should open the page in your browser, open “view source”, and copy paste the HTML into

and fix errors.

Most important are your database queries. It is good that you are using mysqli instead of the obsolete mysql to work with your MySQL database. It is not good that you are putting raw user supplied input directly into your queries. mysqli has a great feature - prepared statements - that can go a long way towards making your script more secure and help ensure the integrity of table values.

3

You can also do some validation of the data submitted by the user, for example if $id is going to be an integer:

$id = (int) $_GET['id1'];

That uses what’s known as typecasting to define the $id variable as being an integer. If the value for $_GET[‘id1’] isn’t a valid integer then $id becomes 0 by default.

Also:

<?php
	$sql = "SELECT *  FROM size";
	$result = mysqli_query($conn, $sql);
	$size=$_POST['size'];

	echo '<select class="form-control quantity">';

	while ($row = mysqli_fetch_array($result)) {
		echo "<option value='" .$row['size'] . "'>" .$row['size'] .  "</option>";
	}
	echo "</select>"; 											
?>

$size is almost certainly to be an integer so that can be typecast as an integer.

With the query there you’ve used what @r937 describes as the “dreaded, evil, select *”, even if the database table has only one field, get into the habit of instead of using the “dreaded, evil, select *” list in the SELECT clause just the fields that you require only

4

Won’t this query fail?

$sql = "INSERT INTO cart (custid, model, size, qty, price) VALUES ('$id','$custid','$model', '$size', '$qty','$price');";

because you specify five fields, but give six values? I’m never quite sure with id fields, but I can’t imagine how MySQL will know how to decide which field the extra value gets pushed into. Even if it just decides to ignore the ‘extra’ value field, I’d have thought it would pick them off in order which would mean everything gets into the wrong columns because the spare value is at the start.

5

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.