0

Hope someone can advise.

I'm facing a small issue of handling errors while the inputs are empty inside the for loop. I have to use for loop in this case because I'm inserting multiple inputs in the same time.

On checking if inputs are empty the only thing is happen is looping on nothing just loop and return nothing.

PHP code:

public function Add_new_order($tableno, $cashier_name, $date, $time, $name, $quantity, $price, $sub_total, $total) {
    $stmt = $this->conn->prepare("SELECT MAX(order_num) AS order_number FROM all_orders");
    $stmt->execute(); 
    while ($row = $stmt->fetch()) {
        $order_num = $row["order_number"];
        if(is_null($order_num)) {
            $order_num = '100000';
        }
        else {
            $order_num += 1;
        }   
    }

    for($i = 0; $i < count($name); $i++) {   
        if($quantity[$i] > 0) {
            if($name[$i] != "" && !empty($quantity[$i]) && $price[$i] != "") {
                $stmt1 = $this->conn->prepare("INSERT INTO `all_orders` (`ID`, `order_num`, `tablenum`,`cashier_name`, `date`, `time`, `item_name`, `item_code`, `quantity`, `price`, `total`) VALUES ('','".$order_num."','".$tableno."','".$cashier_name."','".$date."','".$time."','".$name[$i]."','','".$quantity[$i]."','".$price[$i]."','".$sub_total[$i]."')");
                $stmt1->execute();                         
            } 
        } else {
            $this->Error_msg('Error.'); 
        }        
    }
    
    $stmt2 = $this->conn->prepare("INSERT INTO `biling`(`ID`, `order_num`, `tablenum`,`cashier_name`, `date`, `time`, `total`) VALUES ('','".$order_num."','".$tableno."','".$cashier_name."','".$date."','".$time."','".$total."')");
    $stmt2->execute();
    if($stmt1 && $stmt2) {
        $this->Success_msg('Done.');
    } else {
        $this->Error_msg('Error occurred.');
    }
}
Phil
  • 157,677
  • 23
  • 242
  • 245
Hazem Behairy
  • 89
  • 1
  • 7
  • 2
    You can perform multiple row inserts at the same time using comma separated bracket notations in your values... `insert into blah (cola,colb,colc) values (val1a,val1b,val1c),(val2a,val2b,val2c),(val3a,val3b,val3c)` – Scuzzy Nov 30 '21 at 22:19
  • What if I'm inserting unknown numbers of rows. Which is I already did, I'm inserting dynamic inputs – Hazem Behairy Nov 30 '21 at 22:23
  • You're using prepared statements so why aren't you binding parameters? – Phil Nov 30 '21 at 22:25
  • Actually it's working without binding parameters. Is that necessary in this case or it's ok if not binding? – Hazem Behairy Nov 30 '21 at 22:29
  • 1
    You're doing a lot in that one function. For example, the first query will only have one result: the max order_number. Pull that out in its own method and then all you have to do is `$order_num = $this->getMaxOrderNumber();` . You can also break out the first `insert` into its own method and then just call that method within the loop. Same with the second; make its own method, called if there are values. It isn't as efficient as the way described above, but it's doubtful that it would be noticeable. – Tim Morton Nov 30 '21 at 22:30
  • 1
    re: binding. Yes, it works as you are doing it; but it is insecure. You're asking for SQL injection. – Tim Morton Nov 30 '21 at 22:32
  • @TimMorton I will. – Hazem Behairy Nov 30 '21 at 22:34
  • 4
    @HazemBehairy well with a dynamic number of items to insert you can still build a single insert statement, think of prepared statement as a template, build your template first then bind the values to it. – Scuzzy Nov 30 '21 at 22:35
  • @Scuzzy make sense to me. I'll try it. – Hazem Behairy Nov 30 '21 at 22:37

0 Answers0