[RESOLVED] Storing Data Problem

cash09

Hi,

I am trying to create an ecommerce system and am having problems with the submitting order section of the site.

At present, after the user is happy with the items they have in their shopping basket, they are taken to a 'Checkout' page where they are asked to enter payment and delivery details. The payment details are entered into the database and the delivery details are stored in sessions for use later.

After the 'Checkout' page has been completed, the script redirects the user to the 'Submit Order' page. This page takes the items from the shopping basket along with the delivery information that was stored in the previous page and inserts these into the database.

The problem that i have is that the order table in the database has a payment_id field that links it to the payment table. At present, the payment_id field is blank but i want it to have the same payment_id that is created when the user enters their payment details on the 'Checkout' page.

Is this possible as I have been racking my brains for hours?

Here is the php code for the 'Checkout' page

<?php 
// This is the payment detail and delivery page for the site.

// Sets the page title and includes the PHP header.
$page_title = 'Enter Payment & Delivery Details';
include ('./includes/header.php');

if (isset($_POST['submitted'])) { // Handles the form.

require_once ('mysql_connect.php'); 

if (eregi ('^[[:alpha:]\'\ \-]{2,20}$', stripslashes(trim($_POST['name_on_card'])))) {
	$name_on_card = escape_data($_POST['name_on_card']); 
} else {
	$name_on_card = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid name on card</font></p>';
}

if (eregi ('^[[:alnum:]\'\ \-]{5,40}$', stripslashes(trim($_POST['delivery_address'])))) {
	$delivery_address = escape_data($_POST['delivery_address']); 
} else {
	$delivery_address = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid delivery address</font></p>';
}

if (eregi ('^[[:alpha:]\'\ \-]{3,30}$', stripslashes(trim($_POST['delivery_town'])))) {
	$delivery_town = escape_data($_POST['delivery_town']);
} else {
	$delivery_town = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid delivery town</font></p>';
}

if (eregi ('^[[:alnum:]\ \]{6,7}$', stripslashes(trim($_POST['delivery_postcode'])))) {
	$delivery_postcode = escape_data($_POST['delivery_postcode']);
} else {
	$delivery_postcode = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid delivery postcode</font></p>';
}

if (eregi ('^[[:alnum:]\ \]{10,20}$', stripslashes(trim($_POST['card_no'])))) {
	$card_no = escape_data($_POST['card_no']);
} else {
	$card_no = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid card number</font></p>';
}

if (eregi ('^[[:alnum:]\ \-]{6,8}$', stripslashes(trim($_POST['sortcode'])))) {
	$sortcode = escape_data($_POST['sortcode']);
} else {
	$sortcode = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid sortcode</font></p>';
}

if (eregi ('^[[:alnum:]\/\ \-]{5,5}$', stripslashes(trim($_POST['end_date'])))) {
	$end_date = escape_data($_POST['end_date']);
} else {
	$end_date = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid end date</font></p>';
}

if (eregi ('^[[:alnum:]\/\ \-]{5,5}$', stripslashes(trim($_POST['start_date'])))) {
	$start_date = escape_data($_POST['start_date']);
} else {
	$start_date = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid start date</font></p>';
}

if (eregi ('^[[:alnum:]]{3,3}$', stripslashes(trim($_POST['security_no'])))) {
	$security_no = escape_data($_POST['security_no']);
} else {
	$security_no = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid security number</font></p>';
}

// If all data entered is valid.
if ($name_on_card && $delivery_address && $delivery_town && $delivery_postcode && $card_no && $sortcode && $end_date && $start_date && $security_no) {


		// Add the user.
		$query = "INSERT INTO payment (payment_id, name_on_card, card_number, sort_code, end_date, start_date, security_number) 
		VALUES ('$pid', '$name_on_card', '$card_no', '$sortcode', '$end_date', '$start_date', '$security_no')";		
		$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

		if (mysql_affected_rows() == 1) { // Data insterted.

		$_SESSION['delivery_address'] = $delivery_address;
		$_SESSION['delivery_town'] = $delivery_town;
		$_SESSION['delivery_postcode'] = $delivery_postcode;
		$_SESSION['payment_id'] = $pid;

			// Finish the page.
			echo '<h3>Thank you for checking out.</h3>';
			echo $_SESSION['payment_id'];
			include ('./includes/footer.php'); // Include the PHP footer.
			exit();				

		} else { // If it did not run OK.
			echo '<p><font color="red" size="+1">You could not check out due to a system error. We apologise for any inconvenience.</font></p>'; 
		}		


} else { // If one of the data tests failed.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

mysql_close(); // Close the database connection.

} // End of the main Submit conditional.
?>

<h1>Checkout</h1>
<form action="checkout.php" method="post">
	<fieldset>

<p><b>Name On Card:</b> <input type="text" name="name_on_card" size="20" maxlength="20" value="
<?php if (isset($_POST['name_on_card'])) echo $_POST['name_on_card']; ?>" /></p>

<p><b>Delivery Address:</b> <input type="text" name="delivery_address" size="40" maxlength="40" value="
<?php if (isset($_POST['delivery_address'])) echo $_POST['delivery_address']; ?>" /></p>

<p><b>Delivery Town:</b> <input type="text" name="delivery_town" size="30" maxlength="30" value="
<?php if (isset($_POST['delivery_town'])) echo $_POST['delivery_town']; ?>" /></p>

<p><b>Delivery Postcode:</b> <input type="text" name="delivery_postcode" size="8" maxlength="8" value="
<?php if (isset($_POST['delivery_postcode'])) echo $_POST['delivery_postcode']; ?>" /></p>

<p><b>Card Number:</b> <input type="text" name="card_no" size="20" maxlength="20" value="
<?php if (isset($_POST['card_no'])) echo $_POST['card_no']; ?>" /></p 

><p><b>Sortcode:</b> <input type="text" name="sortcode" size="8" maxlength="8" value="
<?php if (isset($_POST['sortcode'])) echo $_POST['sortcode']; ?>" /></p 

><p><b>End Date:</b> <input type="text" name="end_date" size="5" maxlength="5" value="
<?php if (isset($_POST['end_date'])) echo $_POST['end_date']; ?>" /></p

><p><b>Start Date:</b> <input type="text" name="start_date" size="5" maxlength="5" value="
<?php if (isset($_POST['start_date'])) echo $_POST['start_date']; ?>" /> </p

><p><b>Security Number:</b> <input type="text" name="security_no" size="3" maxlength="3" value="
<?php if (isset($_POST['security_no'])) echo $_POST['security_no']; ?>" /> </p>

<div align="center"><input type="submit" action="submit_order.php" name="submit" value="Submit Order" /></div>
<input type="hidden" name="submitted" value="TRUE" />

</form>

<?php // Include the PHP footer.
include ('./includes/footer.php');
?>

An here is the code from the 'Submit Order' page

<?php # Script 14.11 - submit_order.php
// This page inserts the order information into the table.

// Set the page title and include the HTML header.
$page_title = 'Order Confirmation';
include ('./includes/header.php');

$customer = (int) $_SESSION['customer_id'];
$total = (float) $_SESSION['total'];
$delivery_address = $_SESSION['delivery_address'];
$delivery_town = $_SESSION['delivery_town'];
$delivery_postcode = $_SESSION['delivery_postcode'];

require_once ('/mysqli_connect.php'); // Connect to the database.

// Turn autocommit off.
mysqli_autocommit($dbc, FALSE);

// Add the order to the orders table.
$query = "INSERT INTO orders (customer_id, total, order_date, delivery_address, delivery_town, delivery_postcode) 
VALUES ('$customer', '$total', CURDATE(), '$delivery_address', '$delivery_town', '$delivery_postcode')";
$result = mysqli_query($dbc, $query) or die("Error: ".mysqli_error($dbc));
if (mysqli_affected_rows($dbc) == 1) {

// Need the order ID.
$oid = mysqli_insert_id($dbc);

// Insert the specific order contents into the database.
$query = "INSERT INTO order_lines (order_id, isbn, quantity, price) VALUES ";
foreach ($_SESSION['cart'] as $isbn => $value) {
	$query .= "($oid, $isbn, {$value['quantity']}, {$value['price']}), ";
}
$query = substr($query, 0, -2); // Chop off last two characters.
$result = mysqli_query($dbc, $query);


if (mysqli_affected_rows($dbc) == count($_SESSION['cart'])) { 

	// Commit the transaction.
	mysqli_commit($dbc);
	mysqli_close($dbc);

	// Clear the cart.
	unset($_SESSION['cart']);

	// Message to the customer.
	echo '<p>Thank you for your order. You will be notified when the items ship.</p>';

	// Send emails and do whatever else.

} else { // Rollback and report the problem.

	mysqli_rollback($dbc);
	mysqli_close($dbc);

	echo '<p>Your order could not be processed due to a system error. You will be contacted in order to have the problem fixed. We apologize for the inconvenience.</p>';


}

} else {

mysqli_rollback($dbc);
mysqli_close($dbc);

echo '<p>Your order could not be processed due to a system error. You will be contacted in order to have the problem fixed. We apologize for the inconvenience.</p>';


}

include ('./includes/footer.php');
?>

Sorry for the long explanation. Hopefully somebody can help me?

Thanks

halojoy

See if you get any number
using [man]mysql_insert_id[/man]

mysql_insert_id — Get the ID generated in the last query

Return Values
The ID generated for an AUTO_INCREMENT column by the previous query on success,
0 if the previous query does not generate an AUTO_INCREMENT value,
or FALSE if no MySQL connection was established.

So, this I should try

            // Add the user.
            $query = "INSERT INTO payment (payment_id, name_on_card, card_number, sort_code, end_date, start_date, security_number)
            VALUES ('$pid', '$name_on_card', '$card_no', '$sortcode', '$end_date', '$start_date', '$security_no')";        

            $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

        if (mysql_affected_rows() == 1) { // Data insterted.

        $_SESSION['delivery_address'] = $delivery_address;
        $_SESSION['delivery_town'] = $delivery_town;
        $_SESSION['delivery_postcode'] = $delivery_postcode;
        $_SESSION['payment_id'] = mysql_insert_id();    //THIS VALUE

            // Finish the page.

cash09

halojoy;10949161 wrote:

See if you get any number
using [man]mysql_insert_id[/man]

So, this I should try

            // Add the user.
            $query = "INSERT INTO payment (payment_id, name_on_card, card_number, sort_code, end_date, start_date, security_number)
            VALUES ('$pid', '$name_on_card', '$card_no', '$sortcode', '$end_date', '$start_date', '$security_no')";        

            $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

        if (mysql_affected_rows() == 1) { // Data insterted.

        $_SESSION['delivery_address'] = $delivery_address;
        $_SESSION['delivery_town'] = $delivery_town;
        $_SESSION['delivery_postcode'] = $delivery_postcode;
        $_SESSION['payment_id'] = mysql_insert_id();    //THIS VALUE

            // Finish the page.

That worked perfectly... Thank you very very much 🙂