how to loop through a set of GET values in php

Question

I'm making a simple online store like program. What can you suggest that I would do so that I can loop through the inputs I've made in my program.

I'm still using get so that I could see how the data looks like, I'll change it to post later. This is what the url looks like, when I commit the buying of all the products added in the cart: http://localhost/pos/php/checkout.php?ids=2;&qoh=12;&qbuys=&ids=6;&qoh=2304;&qbuys=304&ids=4;&qoh=699;&qbuys=99

This is the code that I'm using to commit only one product, it doesn't work when I had something like in the above url:

<?php

$id=$_GET['ids'];
$qtyhnd=$_GET['qoh'];
$qtytbuy=$_GET['qbuys'];
$left=$qtyhnd-$qtytbuy;



if($qtyhnd>=$qtytbuy){
$update=query_database("UPDATE prod_table SET  QTYHAND='$left' WHERE PID='$id'", "onstor", $link);
}


?>

Please comment if you need more details,thanks

Answer 1

You have semicolons after some values maybe you should pass just the integer this are qoh and qbuys. Apart of that you should use mysql_real_escape_string() and (int) before integer values to prevent SQL injection e.g.:

$int = (int)$_GET['price'];
$string = $_GET['val'];
mysql_real_escape_string($string);

Also if you want to pass multiple values you have to use array for them:

HTML

<input type="hidden" name="ids[]" value="1">
<input type="hidden" name="ids[]" value="2">
<input type="hidden" name="ids[]" value="3">

PHP

$ids = $_GET['ids'];
foreach($ids as $id) {
    $sql = 'UPDATE table SET field=? WHERE id='.(int)$id;
    ....
}

Answer 2

Either convert the parameters to array parameters (e.g. qoh[]) and then iterate in parallel, or parse the query string manually.

Answer 3

You can use the $_SERVER['QUERY_STRING'] with foreach loop like this:

foreach($_SERVER['QUERY_STRING'] as $key => $value){
  echo "$key - $value <br />";
}

This way you can get the values of GET and use in your database query in similar fashion using foreach loop.

Answer 4

I assume that PID in prod_table is of integer type. Doesn't $id variable contain "2;" instead of 2? Anyway, what kind of error do you get?

Answer 5

Have your url like http://localhost/pos/php/checkout.php?ids[]=2&qoh[]=12&qbuys[]=&ids[]=6&qoh[]=2304&qbuys[]=304&ids[]=4&qoh[]=699&qbuys[]=99... using a HTML structure like infinity pointed out.

Then:

foreach ($_GET['ids'] as $k => $v) {
    $id = (int)$v;
    $qtyhnd = (int)$_GET['qoh'][$k];
    $qtytbuy = (int)$_GET['qbuys'][$k];
    $left = $qtyhnd - $qtytbuy;

    if ($qtyhnd >= $qtytbuy) {
        $update = query_database(
            "UPDATE prod_table SET QTYHAND='$left' WHERE PID='$id'",
            "onstor",
            $link);
    }
}

And if the database type of QTYHAND and PID are int, exclude single quotes (') from your SQL queries.