How can I put var_dump or

Beginners - Learning PHP
#1

I am trying to insert the below code snippet into the database but it is not entering and I don’t know what I did wrong.
Please, how can I output whatever I selected to the browser using var_dump or

<pre>
<?php if ($_POST) { print_r($_POST); } ?>
</pre>

here is the code snippet

<?php

                                    if(isset($_GET['add_cart'])){

                                       $ip_add = getRealUserIp();

                                                                      

                                       $p_id = $_GET['add_cart'];

                                       $product_qty = $_POST['product_qty'];

                              

                                       $size = $_POST['size'];

                                                                              

                                       $query = "insert into cart (p_id,ip_add,qty,size) values ('$p_id','$ip_add','$product_qty','$size ')";

                                      

                                       $run_query = mysqli_query($connection,$query);

                                                                              

                                       echo "<script>window.open('single-product.php?id=$p_id','_self')</script>";

                                                                                  

                                       }

                                                                      

                                   ?>
#2

The print_r() should be unconditional. Since you are using both $_GET and $_POST data, you would need to print_r() both of them. However, your ‘add to cart’ should use ALL post data, i.e. supply the product id as a hidden field in the post method form.

There are actually a number of issues with what this code is doing -

  1. Your post method form processing code should detect if a post method form was submitted.
  2. Keep the form data as a set in an array variable, i.e. don’t copy variables to other variables for nothing.
  3. Trim all the input data at once (after you do item #2 on this list, you can trim all the data using one single php statement.)
  4. Validate all input data before using it, storing user/validation errors in an array using the field name as the array index.
  5. The ip address is not unique. All the users on any particular local network will all have the same ip address. You should actually use a session based cart, which will keep the data for each different browser session separate, and you would only insert the data into a database when the user ‘finalizes’ an order, converting it from a cart to an actual order. If you still want to use a database based cart, start a session and use the session id as the cart id in the rows of data. Hopefully, your database based cart has a datetime field so that you have a way of detecting and cleaning up abandoned carts (a session based cart will automatically delete abandoned carts)?
  6. If you were doing this for real, each size and/or color of an item is a different item id (SKU.) This would allow you to order items and keep track of inventory. Note: you also have a typo mistake in the size value being put into the sql query statement. It has an extra space following the value.
  7. After the end of all the validation logic, if the array holding the errors is empty, use the submitted form data.
  8. If an item is already in the cart, you need to decide what should occur if someone adds the same item again. Are you going to ignore the new quantity, add the new quantity to the existing quantity, or are you going to replace the quantity in the cart with the new quantity?
  9. If you are doing something that involves an sql query, don’t put external, unknown, dynamic values directly into an sql query statement, since any sql special characters in a value will break the sql query syntax, which is how sql injection is accomplished. Instead, use a prepared query, and use the much simpler and better designed PDO database extension.
  10. For an insert (or update) query that can result in duplicates for user submitted data, you need to handle that error in your application code.
  11. After the end of all the form processing logic, if there are no errors, redirect to the exact same url of the current page to cause a get request for that page. This will prevent the browser from trying to resubmit the form data if the user reloads that page or navigates away from and back to that page.
  12. Every redirect needs an exit/die statement to stop php code execution.
  13. If you want to display a one-time success message, store it in a session variable, then test, display, and clear the session variable at the appropriate location in the html document.
  14. If there are errors after the end of the form processing logic, your code will continue on to redisplay the current html page, display any errors, and redisplay the post method form, repopulating any form fields with existing value(s) so that the user doesn’t need to keep reentering/selecting data over and over.
  15. Any dynamic value you output on a web page needs to have htmlentities() applied to it to help prevent cross site scripting.
#3

Thanks very much. I have resolved the issues.

Sponsor our Newsletter | Privacy Policy | Terms of Service