How to insert specific row of table data selected, into database table?

Question

This is my BAShop.php file

<?php      
    if(isset($_POST['insert'])){                
    $queryinsert = "insert into cart(productid,productname,cartquantity,amount) SELECT productid,productname,'$_POST[cartquantity]', '50' FROM product WHERE productid='$_POST[hidden]'";       
   mysqli_query($dbconn,$queryinsert);                                             
    }   
    ?>
<script>                      
                function sortproduct(str) {

                        if (window.XMLHttpRequest) {
                            // code for IE7+, Firefox, Chrome, Opera, Safari
                            xmlhttp = new XMLHttpRequest();
                        } else {
                            // code for IE6, IE5
                            xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
                        }
                        xmlhttp.onreadystatechange = function() {
                            if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
                                document.getElementById("txtHint").innerHTML = xmlhttp.responseText;
                            }
                        };
                        xmlhttp.open("GET","BAShopSort.php?q="+str,true);
                        xmlhttp.send();

                }

            </script>

And this is my ShopSort.php file where i do my ajax so that users can click on a button and the page changes without refreshing it.

$q = $_GET['q'];
$sql="SELECT * FROM product WHERE productname like '$q%'";
$result = mysqli_query($dbconn,$sql);
echo "<table border=3>
<tr>
<th>Productid</th>
<th>Productname</th>
<th>Retailprice</th>
<th>Pointsformula</th>
<th>Quantity</th>
</tr>";
while($row = mysqli_fetch_array($result)) {   
echo "<tr><form method='POST'>";
echo "<td>"."<input type = 'text' id ='productid' name='productid' value=". $row['productid'] ."></td>";
echo "<td>"."<input type = 'text' id = 'productname' name='productname' value=". $row['productname'] ."></td>";
echo "<td>" . $row['retailprice'] . "</td>";
echo "<td>" . $row['pointsformula'] . "</td>";
echo "<td>"."<button type='button' class='quantityaddsub' id='sub' onclick='quantitysub(".$row['productid'].")'>-</button>".
                "<input type='text' class='quantity' name='cartquantity' id='quantity".$row['productid']."' value=1>". //**name of quanitty text
                "<button type='button' class='quantityaddsub' id='add' onclick='quantityadd(".$row['productid'].")'>+</button>".
"<input type='hidden' name='hidden' value=".$row['productid']."></td>";
echo "<td>" . "<input type='submit' id = 'insert' name='insert' value='Add To Cart'" . "></td>";
echo "</form></tr>";
}echo "</table>";

So after i run the BAShop.php file, lets say i would want to add the item 'Soap' to cart When i go to the cart page, the soap isnt there, instead, the shampoo is there.

Please have a look at my code and let me know what is wrong... I have been stuck with this problem for my school project for 3 weeks, and time is running out.. FYI: the data for the table that I have displayed for the BAShop.php page is drawn from mysql database.

Answer 1

The problem is, if you have several articles displayed at the same time in your table, then your document contains several inputs named hidden within the same form. Because of the way POST variables are handled by PHP, only the first one will be taken into account upon form submission. This is why the first article displayed in the table (in your example, soap) will be added to the cart no matter what.

To change this, you might either want to give a more specific ID to your hidden field and modify your JS code to react accordingly, or make one form per row (this is probably the fastest way to solve your problem).

P.S. : you should also take care of those SQL queries if this script is meant to be run anywhere else than locally. They are dangerously unsafe.