0

I've been reading in every thread in here that is related to this but I always get it wrong.

Please help cause I always get the error

<?php   

require_once 'core.php';

$valid['success'] = array('success' => false, 'messages' => array(), 'order_id' => '');

if($_POST) {    

$orderDate = date('Y-m-d', strtotime($_POST['orderDate'])); 
$clientName = $_POST['clientName'];

$sql = "INSERT INTO orders (order_date, client_name, order_status) VALUES ('$orderDate', '$clientName', 1)";

$order_id;
$orderStatus = false;
if($connect->query($sql) === true) {
    $order_id = $connect->insert_id;
    $valid['order_id'] = $order_id; 
    $orderStatus = true;
}

$orderItemStatus = false;

$orderItemSql = "INSERT INTO order_item (order_id, id_bahan, kuantiti, jenis_kuantiti, harga_per_unit, jumlah, order_item_status) 
VALUES ('$order_id', '".$_POST['namaBahan']."', '".$_POST['kuantiti']."', '".$_POST['jenisKuantiti']."', '".$_POST['harga']."', '".$_POST['jumlahValue']."', 1)";

$connect->query($orderItemSql);

$valid['success'] = true;
$valid['messages'] = "Successfully Added";      

$connect->close();

    echo json_encode($valid);
}

But when the code runs I get an error like:

Notice: Array to string conversion in C:\xampp\htdocs\inventori\php_action\createOrder.php on line 25

Notice: Array to string conversion in C:\xampp\htdocs\inventori\php_action\createOrder.php on line 25

Notice: Array to string conversion in C:\xampp\htdocs\inventori\php_action\createOrder.php on line 25

Notice: Array to string conversion in C:\xampp\htdocs\inventori\php_action\createOrder.php on line 25

Notice: Array to string conversion in C:\xampp\htdocs\inventori\php_action\createOrder.php on line 25 {"success":true,"order_id":1,"messages":"Successfully Added"}

Improve this question
3
  • 2
    I want to point out that you have some severe sql injection vulnerabilities in this code. Commented Sep 25, 2018 at 2:00
  • You have many, many errors in your code. Too many for this to be working code. Commented Sep 25, 2018 at 2:06
  • hello there, you could use PHP "prepared statement", it is safer and easier to read. Commented Sep 25, 2018 at 2:30

1 Answer 1

Reset to default
2

Perhaps you could try to echo out your $_POST data before the $orderItemSql = ... line to see what it contains:

echo '<pre>'.print_r($_POST, true).'</pre>';

This should at least tell you if any of the $_POST data you are trying to use in your SQL insert is not a string when it should be.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

this should be a comment, while useful, its not actually an "answer"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.