-1

I want to add an array of hidden inputs to a database. Somehow an error occurs:

(index):6772 crbug/1173575, non-JS module files deprecated.

HTTP ERROR 500

The site is hosted. Changing browsers and similar methods do not help, the error is somewhere in the code

<?php

require_once '../vendor/connect.php';

$name = $_POST['name'];
$price = $_POST['price'];
$quantity = $_POST['quantity'];

$orders = array_map(
    fn($name, $price, $quantity) => ['name' => $name, 'price' => $price, 'quantity' => $quantity],
    $name,
    $price,
    $quantity
);



$sqlValues = [];
foreach ($orders as $order) {
    $sqlValues[] = '('
        . implode(', ', array_map(fn($val) => "'" . mysqli_real_escape_string($connect, $val) . "'", $order))
        . ')';
    
}
$sql .= implode(', ', $sqlValues);
var_dump($sql);


$sql = 'insert into `zakaz` (`name`, `price`, `quantity`) values '($order['name'], $order['price'], $order['quantity'])';


?>

Data comes from

<input type="hidden" name="name[]" value="${name}">
                    <input class="js-cart-input-quantity" type="hidden" name="quantity[]" value="${quantity}">
                    <input class="js-cart-input-price" type="hidden" name="price[]" value="${price * quantity}">

May be need to connect to the database somehow differently? My connect.php:

<?php


     $connect = mysqli_connect('localhost', 'a0634339_base', 'root', 'a0634339_base');

    if (!$connect) {
        die('Error connect to DataBase');
    }

    ?>

My database

CREATE TABLE `zakaz` (
  `name` varchar(255) DEFAULT NULL,
  `price` varchar(255) DEFAULT NULL,
  `quantity` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
COMMIT;
Daniil
  • 11
  • 1
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 19 '22 at 12:17
  • 2
    As we keep saying here over and over and over again - the first thing you should always do, when you get a 500 Internal Server Error, is go and check what the error log has to say about its actual cause. – CBroe May 19 '22 at 12:17
  • `sql = 'insert into \`zakaz\` (\`name\`, \`price\`, \`quantity\`) values ($order['name'], ...` - that line for example is missing the $ before the variable name; and the text literal you _began_ with a single quote, of course also _ends_ at the first unescaped single quote - which here is the one after `$order[`. The rest that follows is gibberish that the PHP parser can't make sense of. – CBroe May 19 '22 at 12:23
  • FYI: Thank you for letting _me_ determine the price I want to pay, most shop providers are not this considerate towards their customers :-) (Although you might find that this will come bite you in the a##, at the latest when I manipulate this to a _negative_ amount, so that effectively _you_ now owe _me_ money, after I placed an order.) – CBroe May 19 '22 at 12:25
  • Yes, I found errors, but the data does not pass into the database, what could be wrong? – Daniil May 19 '22 at 13:39

0 Answers0