How to get the existing value and update it?

cthlnlmd · December 2, 2020, 8:02am

why I cannot get the value of the quantity and the id seems not readable? i have a product name, and once the product has been selected, the quantity of that product is already shown, and i want to add a another quantity from the existing quantity if i want to update it, but it is not adding at all. here is the code:

    $product_name='';
    $add_minus_quantity='';
    $quantity='';
    $msg='';
    
    PHP CODE
    ---------------
    if(isset($_POST['submit'])){
     	 $product_id = get_safe_value($con,$_POST['id']);
     	 $quantity = get_safe_value($con,$_POST['qty']);
     	 $product_name = get_safe_value($con,$_POST['name']);
         $add_minus_quantity = $_POST['add_minus_quantity'];  
         $sum = $add_minus_quantity + $quantity;  //quantity is not readable
         mysqli_query($con,"update product set qty='$sum' where id='$product_id' and name = '$product_name'"); 
    	
    	if($msg==''){
    		if(isset($_GET['id']) && $_GET['id']!=''){
    			     mysqli_query($con,"update product set qty='$sum' where id='$product_id and name = '$product_name'");
    		}
    		header('location:product.php');
    		die();
    	}
    }
    
    HTML CODE
    ---------------------
    <form method="post" enctype="multipart/form-data">
    	<div class="card-body card-block">
    		 <div class="form-group">
    		<label for="product_name" class=" form-control-label">Product Name</label>
    			<select class="form-control" name="product_name" id="product_name" 							 
   onchange="get_quantity('')"required>
    				<option>Select Product Name</option>
    
    <?php														
    	$res=mysqli_query($con,"select id,name from product order by name asc");
    	  	while($row=mysqli_fetch_assoc($res)){
    			if($row['id']==$product_name){
    				echo "<option value=".$row['id']." selected>".$row['name']."</option>";
    			}else{
    				echo "<option value=".$row['id'].">".$row['name']."</option>";
    			}
    		}
    	?>
    		</select>
    	</div>
    								
    <div class="form-group">
    	<label for="quantity" class=" form-control-label">Original quantity</label>
    		<select class="form-control" disabled name="quantity" id="quantity">
    			<option></option>
    		</select>				
    </div>
    <div class="form-group">
    	<label for="add_minus_quantity" class=" form-control-label">Add / Minus Quantity</label>
    		<input type="number" name="add_minus_quantity" placeholder="Enter qty" class="form-control" required value="<?php echo $add_minus_quantity?>">
    	</div>
    	 <button id="payment-button" name="submit" type="submit" class="btn btn-lg btn-info btn-block">
    		 <span id="payment-button-amount">Submit</span>
    	  </button>
      <div class="field_error"><?php echo $msg?>
    </div>

for example, the existing quantity of the product is 5, then i want to add 10 qty, i want the result to be updated in the database / table that the quantity of that product is 15, but it is not working. why?

chorn · December 2, 2020, 12:05pm

enable error reporting for mysql

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

and check every variable with var_dump()

phdr · December 2, 2020, 3:49pm

Most of the code, variables, and form data don’t match up and aren’t needed for this task. You may want to display the current quantity, but don’t need to submit it in order to add/subtract an amount, and in fact if there are concurrent instances of your script being used, will cause an incorrect result.

Start by defining what input data you need for this task, product_id and the +/- quantity. This is all the information your form should submit.

Next, your form processing code needs detect if a post method form was submitted, then trim, and validate all inputs before using them. External data can be anything and cannot be trusted. You should also be using a prepared query when supplying external, unknown, dynamic values to the query when it gets executed (whatever your get_safe_value() function is doing can probably be bypassed.)

Lastly, updating a column in a table doesn’t provide an audit trail, so that you would know if a programming mistake, multiple form submissions, or nefarious activity altered a value. You should instead insert a new row into a table for each transaction that affects a value. To get the current total, you would just SUM(…) the amount/quantity column in an sql query.

Edit: unless your assignment includes using ajax to get the quantity for the selected product, I would just display the quantity as part of the option label text, next to the product name.