I'm not sure why you think you have a problem. The cID
should be known because the customer is logged in. The pID
should be known because your form should be using a dropdown list of products with the pID
being used as the value
.
Then it's a simple matter of doing an INSERT
using those values, i.e.
<select id="product">
<option value="pid001">Product One</option>
<option value="pid002">Product Two</option>
... etc. ...
</select>
In other words, these values are all known before they hit your form.
Don't match product names with ID's after the fact; that's just adding extra work. If you have a value available then you should use it. Your form should already contain the association.
Create the dropdown based on a SELECT
query from your Products table. Use the pID
for the value
and the pName
for the content. That way, the data sent in the form is the foreign key you need in your INSERT
.
<?php
/*
* $arrProducts is the result from a query like
* SELECT * FROM Products;
*/
print '<select id="products">';
foreach ($arrProducts as $arrProduct) {
printf('<option value="%s">%s</option>', $arrProduct['pID'], $arrProduct['pName']);
}
print '</select>';
?>
Similarly, when you log your user in, get their cID
and insert it into the session.
One other note, cease from using PHP's mysql_
family of functions. These are deprecated and due to be removed from a future release. They are prone to SQL Injection. You should be using either mysqli_
or PDO in your application. Both offer parameterized queries and prepared statement.