0

I have a script that creates the total of each row after adding the product, price, quantity, product width, product height in multiple records. When I enter the numeric values in all input fields including product name, the query runs and enters the records, but when I type an alphabetic product name, the query does not run.

<!DOCTYPE html>
<html>
<head>
    <title></title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<form method="POST" action="">
<table>
  <thead>
    <th>Product</th>
    <th>Price</th>
    <th>Quantity</th>
    <th>Width</th>
    <th>Height</th>
    <th>Total</th>
  </thead>

  <tbody id="product_table">
    <tr>
        <td><input type="text" name="product[]"></td>
        <td><input type="text" name="price[]"></td>
        <td><input type="text" name="quantity[]"></td>
        <td><input type="text" name="width[]" value="0"></td>
        <td><input type="text" name="height[]" value="0"></td>
        <td><input type="text" name="total[]" class="totalPrice" readonly></td>
    </tr>
    <tr>
        <td><input type="text" name="product[]"></td>
        <td><input type="text" name="price[]"></td>
        <td><input type="text" name="quantity[]"></td>
        <td><input type="text" name="width[]" value="0"></td>
        <td><input type="text" name="height[]" value="0"></td>
        <td><input type="text" name="total[]" class="totalPrice" readonly></td>
    </tr>
  </tbody>
<button name="send">Submit</button>
</table>
</form>
</body>
<?php
include('database.php');

if (isset($_POST['send'])) {
$product = $_POST['product'];
$price = $_POST['price'];
$quantity = $_POST['quantity'];
$width = $_POST['width'];
$height = $_POST['height'];
$total = $_POST['total'];
$invoice_number = 1;

for($i=0; $i<count($_POST['total']); $i++) {
        if($i <> count($_POST['total'])) {

  $sql = "INSERT INTO invoice_order(invoice_number, product, price, quantity, width, height, total) 
      VALUES (".$invoice_number.",".$_POST['product'][$i].",".$_POST['price'][$i].",".$_POST['quantity'][$i].",".$_POST['width'][$i].",".$_POST['height'][$i].",".$_POST['total'][$i].")";

      $query = mysqli_query($connect, $sql);  
    }}
  if ($query) {
          echo "Record inserted Successfully";
       }else{
          echo "Unable to insert Record";
       }}?>

<script>
const table = document.getElementById('product_table');
table.addEventListener('input', ({ target }) => {
  const tr = target.closest('tr');
  const [product, price, quantity, width, height, total] = tr.querySelectorAll('input');

  var size = width.value * height.value;
  var rate = price.value * quantity.value;
  var nameproduct = product.value;
  if (size != "") {
    total.value = size * rate;
  }else{
    total.value = rate; 
  }
  totalPrice();
});
</script>
<style>
    table,tr,td,th { border: 1px black solid;}
</style>
</html>
Improve this question
0

1 Answer 1

Reset to default
1

First thing first. You should study about SQL injection before you make this code go live.

Now your answer. You need to wrap your product parameter with single quotes like :

$sql = "INSERT INTO invoice_order(invoice_number, product, price, quantity, width, height, total) 
  VALUES (".$invoice_number.",'".mysqli_real_escape_string($connect, $_POST['product'][$i])."',".$_POST['price'][$i].",".$_POST['quantity'][$i].",".$_POST['width'][$i].",".$_POST['height'][$i].",".$_POST['total'][$i].")";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.