skoobi Posted October 26, 2009 Share Posted October 26, 2009 Hi im having a problem with my webform for a shopping cart im creating... Ive been on this for some time and now im really stuck... As im learning ive used a free shopping cart script and im trying to adapt it for my use... basicly what i want is for the customer to add a product then it goes to the shopping cart and then we can press the order button which takes you to the User info section. In there they will enter their details and then click Pay by Paypal or Pay by Phone... Then after pressing the payment method the order gets inputed into the database and then gets posted to the 'process.php' file which controls the paypal IPN... But it wont work... Ive tried so many variations im lost now... I want the form to update mysql no matter what and it to divert to whichever payment oprion they choose so if it was paypal it would use the process.php file and if it was the phone option it would display a message to confirm the order has been recieved and give the details on which to ring and the order number... Here is the user info page... <? include("includes/db.php"); include("includes/functions.php"); if($_REQUEST['command']=='update'){ $firstname=$_REQUEST['firstname']; $lastname=$_REQUEST['lastname']; $address1=$_REQUEST['address1']; $address2=$_REQUEST['address2']; $city=$_REQUEST['city']; $state=$_REQUEST['state']; $zip=$_REQUEST['zip']; $email=$_REQUEST['email']; $phone=$_REQUEST['phone']; $result=mysql_query("insert into customers values('','$firstname','$lastname','$address1','$address2','$city','$state','$zip','$email','$phone')"); $customerid=mysql_insert_id(); $date=date('Y-m-d'); $result=mysql_query("insert into orders values('','$date','$customerid')"); $orderid=mysql_insert_id(); $max=count($_SESSION['cart']); for($i=0;$i<$max;$i++){ $pid=$_SESSION['cart'][$i]['productid']; $q=$_SESSION['cart'][$i]['qty']; $price=get_price($pid); mysql_query("insert into order_detail values ($orderid,$pid,$q,$price)"); } die('Thank You! your order has been placed!'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Billing Info</title> <script language="javascript"> function validate(){ var f=document.form1; if(f.name.value==''){ alert('Your name is required'); f.name.focus(); return false; } f.command.value='update'; f.submit(); } </script> </head> <body> <form action="process" method="post" name="form1" onsubmit="return validate()"> <input type="hidden" name="command" /> <div align="center"> <h1 align="center">Your Info</h1> <table border="0" cellpadding="2px"> <tr><td>Order Total:</td><td>£<?=get_order_total()?></td></tr> <tr><td>First Name:</td><td><input type="text" name="firstname" /></td></tr> <tr><td>Last Name:</td><td><input type="text" name="lastname" /></td></tr> <tr><td>Address 1:</td><td><input type="text" name="address1" /></td></tr> <tr><td>Address 2:</td><td><input type="text" name="address2" /></td></tr> <tr><td>City:</td><td><input type="text" name="city" /></td></tr> <tr><td>State / County:</td><td><input type="text" name="state" /></td></tr> <tr><td>Zip / Post Code:</td><td><input type="text" name="zip" /></td></tr> <tr><td>Email:</td><td><input type="text" name="email" /></td></tr> <tr><td>Phone:</td><td><input type="text" name="phone" /></td></tr> <input type="hidden" name="amount" value="<?=get_order_total()?>"> <input type="hidden" name="item_name" value="Celtic Blue Rock 2010 Tickets"> <tr><td> </td><td><label><input type="radio" name="radio" id="paypal" value="paypal" />Paypal</label></td></tr> <tr><td> </td><td><label><input type="radio" name="radio" id="phone" value="phone" />Phone</label></td></tr> <tr><td> </td><td><input type="submit" value="Process Order" /></td></tr> <tr><td></td><td><a href="shoppingcart.php">Back to Cart</a> | <a href="products.php">Back to Shop</a></td></tr> </table> </div> </form> </body> </html> any help or advise would be most appreciated... Thank you in advance.. Chris Link to comment https://forums.phpfreaks.com/topic/179042-form-post-problem/ Share on other sites More sharing options...
skoobi Posted October 26, 2009 Author Share Posted October 26, 2009 Right im getting a little further... Ive now changed the payment method to a drop down and everyhting is going into the mysql... but now i need to redirect the page to the relevant payment pages depnding on selection... <? include("includes/db.php"); include("includes/functions.php"); if($_REQUEST['command']=='update'){ $firstname=$_REQUEST['firstname']; $lastname=$_REQUEST['lastname']; $address1=$_REQUEST['address1']; $address2=$_REQUEST['address2']; $city=$_REQUEST['city']; $state=$_REQUEST['state']; $zip=$_REQUEST['zip']; $email=$_REQUEST['email']; $phone=$_REQUEST['phone']; $payment=$_REQUEST['payment']; $result=mysql_query("insert into customers values('','$firstname','$lastname','$address1','$address2','$city','$state','$zip','$email','$phone')"); $customerid=mysql_insert_id(); $date=date('Y-m-d'); $result=mysql_query("insert into orders values('','$date','$customerid')"); $orderid=mysql_insert_id(); $max=count($_SESSION['cart']); for($i=0;$i<$max;$i++){ $pid=$_SESSION['cart'][$i]['productid']; $q=$_SESSION['cart'][$i]['qty']; $price=get_price($pid); mysql_query("insert into order_detail values ($orderid,$pid,$q,$price,'$payment')"); } die('Thank You! your order has been placed!'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Billing Info</title> <script language="javascript"> function validate(){ var f=document.form1; if(f.name.value==''){ alert('Your name is required'); f.name.focus(); return false; } f.command.value='update'; f.submit(); } </script> </head> <body> <form name="form1" onsubmit="return validate()"> <input type="hidden" name="command" /> <div align="center"> <h1 align="center">Your Info</h1> <table width="324" border="0" cellpadding="2px"> <tr><td width="116">Order Total:</td><td width="180">£<?=get_order_total()?></td></tr> <tr><td>First Name:</td><td><input type="text" name="firstname" /></td></tr> <tr><td>Last Name:</td><td><input type="text" name="lastname" /></td></tr> <tr><td>Address 1:</td><td><input type="text" name="address1" /></td></tr> <tr><td>Address 2:</td><td><input type="text" name="address2" /></td></tr> <tr><td>City:</td><td><input type="text" name="city" /></td></tr> <tr><td>State / County:</td><td><input type="text" name="state" /></td></tr> <tr><td>Zip / Post Code:</td><td><input type="text" name="zip" /></td></tr> <tr><td>Email:</td><td><input type="text" name="email" /></td></tr> <tr><td>Phone:</td><td><input type="text" name="phone" /></td></tr> <input type="hidden" name="amount" value="<?=get_order_total()?>"> <input type="hidden" name="item_name" value="Celtic Blue Rock 2010 Tickets"> <tr> <td>Payment Method:</td><td><label> <select name="payment" id="payment"> <option value="phone">Credit / Debit Card</option> <option value="paypal">Paypal</option> <option value="other">Other</option> </select> </label></td></tr> <tr><td> </td><td><input type="submit" value="Process Order" /></td></tr> <tr><td></td><td><a href="shoppingcart.php">Back to Cart</a> | <a href="products.php">Back to Shop</a></td></tr> </table> </div> </form> </body> </html> Link to comment https://forums.phpfreaks.com/topic/179042-form-post-problem/#findComment-944649 Share on other sites More sharing options...
Bricktop Posted October 26, 2009 Share Posted October 26, 2009 Hi skoobi, A simple if statement with a meta redirect should do what you need: if($payment=='paypal') { echo '<meta http-equiv="refresh" content="0;url=http://www.paypal.com">'; } else if($payment=='phone') { echo '<meta http-equiv="refresh" content="0;url=http://www.yourdomain.com/phonepayment.php">'; } else if($payment=='other') { echo '<meta http-equiv="refresh" content="0;url=http://www.yourdomain.com/other.php">'; } else { echo 'You did not select a valid payment type.'; } Also, you are not sanitising any of the data being entered into your MySQL database which is a major security issue. Have a look at Daniel's excellent security tutorial for further information. Hope this helps. Link to comment https://forums.phpfreaks.com/topic/179042-form-post-problem/#findComment-944656 Share on other sites More sharing options...
skoobi Posted October 26, 2009 Author Share Posted October 26, 2009 Exellent thank you for that ill have a look at the security tutorials next.. Thanks ill let you know how ive got on... Link to comment https://forums.phpfreaks.com/topic/179042-form-post-problem/#findComment-944661 Share on other sites More sharing options...
mrMarcus Posted October 26, 2009 Share Posted October 26, 2009 don't use meta redirects. use header() to do your redirect: if ($payment == 'paypal') { header ('Location: http://www.paypal.com'); exit (0); } and continue with the rest. Link to comment https://forums.phpfreaks.com/topic/179042-form-post-problem/#findComment-944716 Share on other sites More sharing options...
Bricktop Posted October 26, 2009 Share Posted October 26, 2009 don't use meta redirects. use header() to do your redirect: if ($payment == 'paypal') { header ('Location: http://www.paypal.com'); exit (0); } and continue with the rest. As long as you're not outputting anything before the header is called (looking at your code you're not) then as mrMarcus says header is the better option. Link to comment https://forums.phpfreaks.com/topic/179042-form-post-problem/#findComment-944720 Share on other sites More sharing options...
skoobi Posted October 27, 2009 Author Share Posted October 27, 2009 Wow... Thats exellent it works... Thank you very much to everyone that was the biggest bit i was dreading... Thanks again... It wont be long before i get stuck again... Link to comment https://forums.phpfreaks.com/topic/179042-form-post-problem/#findComment-945308 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.