IdkPHP Posted November 27, 2016 Share Posted November 27, 2016 (edited) Hi, I've question regards to the topic title above for, "how to get/post myorder page code to payment page??" which didn't retrieve any data from myorder page or do I need a database for myorder page?. As myorder page uses GET function to collect information from product page that using mysqli SELECT function to get data from the database. Also "how to get/post the Total from the myorder page to payment page??". Below are the following code: - myorder.php page <?php session_start(); include 'db2.php'; if ( !empty($_SESSION["firstname"])) { } else { $_SESSION["firstname"]=null; } ?> <?php session_start(); if(isset($_POST["add_to_cart"])) { if(isset($_SESSION["shopping_cart"])) { $item_array_id = array_column($_SESSION["shopping_cart"], "item_id"); if(!in_array($_GET["id"], $item_array_id)) { $count = count($_SESSION["shopping_cart"]); $item_array = array( 'item_id' => $_GET["id"], 'item_name' => $_POST["hidden_vname"], 'item_price' => $_POST["hidden_vprice"], 'item_quantity' => $_POST["quantity"] ); $_SESSION["shopping_cart"][$count] = $item_array; } else { echo '<script>alert("Item Already Added")</script>'; echo '<script>window.location="myorder.php"</script>'; } } else { $item_array = array( 'item_id' => $_GET["id"], 'item_name' => $_POST["hidden_vname"], 'item_price' => $_POST["hidden_vprice"], 'item_quantity' => $_POST["quantity"] ); $_SESSION["shopping_cart"][0] = $item_array; } } if(isset($_GET["action"])) { if($_GET["action"] == "delete") { foreach($_SESSION["shopping_cart"] as $keys => $values) { if($values["item_id"] == $_GET["id"]) { unset($_SESSION["shopping_cart"][$keys]); echo '<script>alert("Item Removed")</script>'; echo '<script>window.location="myorder.php"</script>'; } } } } ?> <div class="panel"> <div class="panel-heading clearfix"> <h4 class="panel-title pull-left" style="padding-top: 7.5px;">Your Order Summary</h4> </div><!-- end panel-heading --> <div class="table-responsive"> <?php if (null==$_SESSION["firstname"]) { echo "You got to <a href='signin.php'>Sign In </a>to see Your Order summary"; exit(); } else { $sql = "Select * from register where firstname = "."'".$_SESSION["firstname"]."'"; $result = mysqli_query($con, $sql); $userinfo = mysqli_fetch_assoc($result); echo '<h5>'; echo $userinfo["firstname"]." ".$userinfo["lastname"]; echo '<br>'; echo $userinfo["address"]; echo '<br>'; echo $userinfo["country"]." ".$userinfo["zipcode"]; echo '</h5>'; } ?> <br /> <table class="table table-bordered"> <tr> <th width="40%">Item Name</th> <th width="10%">Quantity</th> <th width="20%">Price</th> <th width="15%">Total</th> <th width="5%">Action</th> </tr> <?php if(!empty($_SESSION["shopping_cart"])) { $total = 0; foreach($_SESSION["shopping_cart"] as $keys => $values) { ?> <tr> <td><?php echo $values["item_name"]; ?></td> <td><?php echo $values["item_quantity"]; ?></td> <td>$ <?php echo $values["item_price"]; ?></td> <td>$ <?php echo number_format($values["item_quantity"] * $values["item_price"], 2); ?></td> <td><a href="myorder.php?action=delete&id=<?php echo $values["item_id"]; ?>"><span class="text-danger">Remove</span></a></td> </tr> <?php $total = $total + ($values["item_quantity"] * $values["item_price"]); } ?> <tr> <td colspan="3" align="right">Total</td> <td align="right">$ <?php echo number_format($total, 2); ?></td> <td></td> </tr> <?php } ?> </table> </div> <form method="post"> <a href="index.php" class="btn btn-default">Continue Browsing</a> <a href="checkout.php" class="btn btn-default">Check Out</a></form> </div> - payment.php page <?php session_start(); if ( !empty($_SESSION["firstname"])) { } else { $_SESSION["firstname"]=null; } ?> <?php if (null==$_SESSION["firstname"]) { echo "You got to <a href='signin.php'>Sign In </a>to see Your Checkout summary"; exit(); } else { } ?> <?php // define variables and set to empty values $firstnameErr = $lastnameErr = $addressErr = $countryErr = $zipcodeErr = $emailErr = $creditcardnoErr = $expireMMErr = $expireYYErr = $creditcardexpiryErr = ""; $firstname = $lastname = $address = $country = $zipcode = $email = $creditcardno = $expireMM = $expireYY = $creditcardexpiry= ""; $haserror = false; global $con; if (null==$_SESSION["firstname"]) { echo "Sign in <a href='signin.php'>Sign in</a> first before making payment"; exit(); } else { } if ($_SERVER["REQUEST_METHOD"] == "Post") { if (empty($_POST["firstname"])) { $firstnameErr = "Firstname is required"; } else { $firstname = test_input($_POST["firstname"]); } if (empty($_POST["lastname"])) { $lastnameErr = "Lastname is required"; } else { $lastname = test_input($_POST["lastname"]); } if (empty($_POST["email"])) { $emailErr = "Email is required"; } else { $email = test_input($_POST["email"]); } if (empty($_POST["address"])) { $addressErr = "Address is required"; } else { $address = test_input($_POST["address"]); } if (empty($_POST["country"])) { $countryErr = "Country is required"; } else { $country = test_input($_POST["country"]); } if (empty($_POST["zipcode"])) { $zipcodeErr = "Zipcode is required"; } else { $zipcode = test_input($_POST["zipcode"]); } if (empty($_POST["creditcardno"])) { $creditcardnoErr = "Credit Card number is required"; $haserror = true; } else { $creditcardno = test_input($_POST["creditcardno"],$con); // Check if Creditcard only contains numbers if (!preg_match("/^[0-9]{15,16}$/",$creditcardno)) { $creditcardnoErr = "Only numbers allowed and minimum 15 digits"; $haserror = true; } } if (empty($_POST["expireMM"])) { $expireMMErr = "Expiry Month is required"; $haserror = true; } else { $expireMM = test_input($_POST["expireMM"],$con); } if (empty($_POST["expireYY"])) { $expireYYErr = "Expiry Year is required"; $haserror = true; } else { $expireYY = test_input($_POST["expireYY"],$con); } $creditcardexpiry = $expireMM.$expireYY; // Post to Database if no error if (!$haserror) { $sql = "INSERT INTO usercheckout (firstname, lastname, address, country, zipcode, email, creditcardno,creditcardexpiry,amount) VALUES (". "'".$firstname."'" . ", " . "'".$lastname."'" . ", " . "'".$address."'" . ", " . "'".$country."'" . ", " . "'".$zipcode."'" . ", " . "'".$email."'" . ", " . "'".$creditcardno."'" . ", " . "'".$creditcardexpiry."'" . ",". $_SESSION['total'].")"; if(mysqli_query($con, $sql)){ $sql0="SELECT MAX(paymentID) as paymentIDVal FROM usercheckout"; $result0 = mysqli_query($connection, $sql0); $pay = mysqli_fetch_assoc($result0); if (mysqli_query($connection, $sql0)){ $_SESSION['payid'] = $pay['paymentIDVal']; } $sql1 = "Select a.*, b.vname FROM shopping_cart a INNER JOIN video_products b ON a.vid=b.vid where checkout = 0"; $result1 = mysqli_query($con, $sql1); // Send out email for confirmed orders $subject = "Cherry Online Orders Confirmation"; $body = "<h2>Receipt Number: " . $_SESSION['payid'] . "</h2><br><br>"; $body .= "<table border='1'>"; $body .="<tr>"; $body .="<th>Product</th>"; $body .="<th>Unit Price</th>"; $body .="<th>Quantity</th>"; $body .="<th>Subtotal</th>"; $body .="</tr>"; while($row = mysqli_fetch_assoc($result1)){ $body .="<tr>"; $body .="<td>" . $row['vname'] . "</td>"; $body .="<td>" . $row['scprice'] . "</td>"; $body .="<td>" . $row['scquantity'] . "</td>"; $body .="<td>" . $row['scprice']*$row['scquantity'] . "</td>"; $body .="</tr>"; } $body .="</table>"; $headers = "From: StayONFLIX < stayonflix1234@gmail.com > \r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=utf-8\r\n"; mail($email,$subject,$body,$headers); // Set Checkout flag to 1 to signify item checked out $sql2 = "UPDATE shopping_cart SET Checkout = '1', paymentid =".$_SESSION['payid']." WHERE checkout = 0"; if(mysqli_query($con, $sql2)){ mysqli_close($con); header("Location: index.php"); } } // exit(); } } function test_input($data,$connection) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); $data = mysqli_real_escape_string($connection, $data); return $data; } ?> <div class="row"> <div class="col-md-6 col-sm-6 col-xs-6"> <div class="panel panel-default"> <div class="panel-heading">Payment Address</div> <div class="panel-body"> <p><span class="error">* required field.</span></p> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> First Name: <input type="text" name="firstname" value="<?php echo $firstname;?>"> <span class="error">* <?php echo $firstnameErr;?></span> <br><br> Last Name: <input type="text" name="lastname" value="<?php echo $lastname;?>"> <span class="error">* <?php echo $lastnameErr;?></span> <br><br> E-mail: <input type="text" name="email" value="<?php echo $email;?>"> <span class="error">* <?php echo $emailErr;?></span> <br><br> Address: <input type="text" name="address" value="<?php echo $address;?>"> <span class="error">* <?php echo $addressErr;?></span> <br><br> Country: <input type="text" name="country" value="<?php echo $country;?>"> <span class="error">* <?php echo $countryErr;?></span> <br><br> Zipcode: <input type="text" name="zipcode" value="<?php echo $zipcode;?>"> <span class="error">* <?php echo $zipcodeErr;?></span> <br><br> Credit Card Number: <input type="text" name="creditcardno" value="<?php echo $creditcardno;?>" size="16" maxlength="16"> <span class="error">* <?php echo $creditcardnoErr;?></span> <br><br> Credit Card Expiry: <select name='expireMM'> <option value=''>Month</option> <option value='01'>January</option> <option value='02'>February</option> <option value='03'>March</option> <option value='04'>April</option> <option value='05'>May</option> <option value='06'>June</option> <option value='07'>July</option> <option value='08'>August</option> <option value='09'>September</option> <option value='10'>October</option> <option value='11'>November</option> <option value='12'>December</option> </select> <?php echo "<select name='expireYY'>"; echo "<option value=''>Year</option>"; for($i=0;$i<=10;$i++){ $expireYY=date('Y',strtotime("last day of +$i year")); echo "<option name='$expireYY'>$expireYY</option>"; } echo "</select>"; ?> <span class="error">* <?php echo $expireMMErr;?> <?php echo $expireYYErr;?></span> <br><br> Amount: $<?php echo $_SESSION['total'];?> <br><br> <input type="submit" name="submit" value="Submit"> </form> </div> </div> </div> <div class="col-md-6 col-sm-6 col-xs-6"> <div class="panel panel-success"> <div class="panel-heading"> Review Order</div> <div class="panel-body"> <div class="row"> <div class="col-md-4 col-sm-4"> <span style="font-size:14px;"></span> </div> <div class="col-md-4 col-sm-4"> <span style="font-size:14px;">Item Name</span><br> <span style="color:rgba(99, 95, 95, 0.86);">Quantity: 1</span> </div> <div class="col-md-3 col-sm-3"> <span class="pull-right" style="font-weight:bold;font-size:20px;">$15.00</span> </div> </div> <hr> <div class="row"> <div class="col-md-6 col-sm-6"> <span style="font-weight:bold;font-size:20px;">Total Price</span> </div> <div class="col-md-5 col-sm-5"> <span class="pull-right" style="font-weight:bold;font-size:20px;">$15.00</span> </div> </div> </div> </div> </div> </div> Thanks for helping Appreciate alot, if someone could help. Edited November 27, 2016 by Barand add code tags Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 28, 2016 Share Posted November 28, 2016 (edited) from your statement, it's not entirely clear what sort of problem you need help with. however, in looking at the code, what you have now isn't going to work. you have a session based cart at one point and a database based cart at another. programming requires that you have a clear definition of what you are trying to accomplish and what the data is going to be, before you write any code. some overall suggestions - 1) any action that modifies data should use a post method form. your 'delete from cart' should use a post method form. 2) simplify your cart definition. if you use the item id as the cart's array index and the quantity as the value, all the code will be simplified. you should pass the minimum of information through a form, since you must validate all the submitted form data. the item name and price is known on the server. passing it through the form and storing it in the cart is just more work and more code you have to write and test. 3) if the cart is empty, you should output a message stating so. at the point where you are trying to display the cart or inputting the customer information during checkout, if the cart is empty, display a message stating so. don't leave the visitor guessing why the page isn't doing anything. 4) you have a <form></form> that you have put href/links into. that makes no sense, just output the navigation links. 5) aside from your payment.php code using a database based cart, which is not where the myorder.php code is storing the cart, this code looks like a w3schools copy/paste fail. all those variables you wrote out is not how to do this. you would use an array to hold the validation errors and also serve as the error flag. if the array is empty, there are no errors. if it's not empty, there are errors. 6) you should also not input or store the credit card number, even if this is just a programming class exercise. 7) you cannot (successfully) retrieve the MAX() column value from a database table and use it. multiple rows could have been inserted due to concurrent visitors and you can get the wrong value. to get the correct auto-increment id value following an INSERT query, use the last insert id property/method for the php database extension you are using. for the mysqli extension, it would be the mysqli::$insert_id property. this test_input() function is nonsense from the web. please DON'T copy code you find on the web. actually learn how to validate input data and safely supply it as input to sql query statements. to safely supply data as input to sql query statements, you should use a prepared query, which the php mysqli extension doesn't do very well. if you can, witch to use the php PDO extension. 9) since the visitor must be logged in to display the cart, your code should require the visitor to be logged in to add or delete items to/from the cart. the add to cart and delete from cart form processing code should only be executed if the visitor is logged in. i would store the user's id, not the user's first name, in the session variable to indicate who the visitor is. Edited November 28, 2016 by mac_gyver Quote Link to comment Share on other sites More sharing options...
IdkPHP Posted November 29, 2016 Author Share Posted November 29, 2016 Hi mac_gyver, thanks for pointing out, what I'm trying to accomplish is that: 1) Do I need an database for myorder.php page?? and how should I insert those code to the page, with insert and delete function for the page? probably you could have any recommendation/ suggestion?. 2) I've taken those form away as you mention in your 4th method. 3) Sorry I'm confused of what your saying for your 5th method, on your 6th method, if I don't store the credit card number, how can I able to retrieve it from that database? 4) On your 7th, are you referring to this section? if(isset($_SESSION["shopping_cart"])) { * Here for $insert_id ? * -> $item_array_id = array_column($_SESSION["shopping_cart"], "item_id"); if(!in_array($_GET["id"], $item_array_id)) { $count = count($_SESSION["shopping_cart"]); $item_array = array( 'item_id' => $_GET["id"], 'item_name' => $_POST["hidden_vname"], 'item_price' => $_POST["hidden_vprice"], 'item_quantity' => $_POST["quantity"] ); $_SESSION["shopping_cart"][$count] = $item_array; } else { echo '<script>alert("Item Already Added")</script>'; echo '<script>window.location="myorder.php"</script>'; } } else { $item_array = array( 'item_id' => $_GET["id"], 'item_name' => $_POST["hidden_vname"], 'item_price' => $_POST["hidden_vprice"], 'item_quantity' => $_POST["quantity"] ); $_SESSION["shopping_cart"][0] = $item_array; } } 5) I've not learn PDO yet, and I've recently learn php but I'm not that good yet for your 8th. 6) This the reason why I used firstname then user's id. - signin page <?php if (isset($_SESSION['password'])) { ?> <li><p class="navbar-text"><span class="glyphicon glyphicon-user"></span>Signed in as <?php echo $_SESSION['firstname']; ?></p></li> <li><a href="signout2.php"><span class="glyphicon glyphicon-off"></span>Sign Out</a></li> <?php } else { ?> <li><a href="signin.php"><span class="glyphicon glyphicon-user"></span>Sign In</a></li> <li><a href="register.php">Register</a></li> <?php } ?> <form accept-charset="UTF-8" role="form" id="signin-form" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <h4 class=""> Sign-in </h4> <fieldset> <div class="form-group input-group"> <span class="glyphicon glyphicon-user"></span> <input type="text" name="firstname" placeholder="Your Firstname"> <br><br> </div> <div class="form-group input-group"> <span class="input-group-addon"> <i class="glyphicon glyphicon-lock"> </i> </span> <input type="password" name="password" placeholder="Password"> </div> <div class="form-group"> <button type="submit" class="btn btn-primary btn-block" name="commit">Sign In </button> </div> </fieldset> </form> <span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span> Quote Link to comment Share on other sites More sharing options...
IdkPHP Posted November 29, 2016 Author Share Posted November 29, 2016 If so that I need a database for myorder.php page, what should be inside that database table?. As these is my table for product page: CREATE TABLE `video_products` ( `vid` INT(11) NOT NULL AUTO_INCREMENT, `vname` TEXT NOT NULL, `vprice` DECIMAL(10,2) NOT NULL, `vimage` VARCHAR(60) NOT NULL, PRIMARY KEY (`vid`) Thanks. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 29, 2016 Share Posted November 29, 2016 (edited) 1) Do I need an database for myorder.php page?? and how should I insert those code to the page, with insert and delete function for the page? probably you could have any recommendation/ suggestion?. you need to decide if you are going to use a session or a database table for the cart. there are advantages and disadvantages to both, the main ones being - session based cart - 1) simpler sql queries - easier for someone just starting out 2) if the cart gets 'abandoned' it is deleted when the browser is closed database based cart - 1) requires more knowledge of sql queries, but uses overall less code and queries 2) if the cart gets 'abandoned' you must periodically clean up the entries in the database table. for a first time project, using a session to hold the cart will be the easiest to understand, design, and write code for. and once you simplify the data being stored in the cart (my item #2), the code to add/delete items in the cart is very simple. 3) Sorry I'm confused of what your saying for your 5th method, the code you have posted for payment.php is very badly written and either came directly or indirectly from code at w3schools. this code can be greatly simplified, just by using an array to hold the errors. on your 6th method, if I don't store the credit card number, how can I able to retrieve it from that database? it is a huge security risk to input and store credit card numbers on your site. if you are doing this for real, and you have a merchant account that you process credit cards through, they will have a list of security requirements you must meet for them to allow you to keep your account with them if you want to input and store credit card numbers. instead, you would transfer the visitor to the merchant's online payment gateway and the only place the credit card information would be input and used is on the merchant's site. the merchant's site would send your site payment confirmation information. 4) On your 7th, are you referring to this section? no. this refers to the code with the - "SELECT MAX(paymentID) as paymentIDVal FROM usercheckout" query. 5) I've not learn PDO yet, and I've recently learn php but I'm not that good yet for your 8th. actually, the PDO extension is simpler and more consistent then the mysqli extension. 6) This the reason why I used firstname then user's id. the reason for recommending that you store the user's id in the session variable is so the code is general purpose and any queries are slightly faster. you don't have to do this, but if you ever allow a user to change his username, you will have to also change the value in the session variable to avoid logging the user out. on any page that you want to display user information, you would query for it using the user_id, rather than the username that you are doing now. If so that I need a database for myorder.php page, what should be inside that database table?. the most straight forward implementation would be to have two tables - 1) orders - order_id (auto-increment) - assigns an id to the order/cart user_id - the user's id date_time_created - the data/time the order/cart was created - also used when cleaning up abandoned carts. status - the order status. initially, the status value would indicate this is a pending order, i.e. just a cart with items in it. when the cart is converted to an actual order, the status would be updated with a value that indicates this. when the payment is verified, the status would be updated to again. other columns unique to each order 2) order_items - id (auto-increment) - assigns an id to the items in the order/cart order_id - from the orders table - identifies all the items that are part of the same order item_id - the item id from your product/item table (note: if you will have different types of items, they should all be in the same table with a category column.) quantity - quantity of the item status - status of the item (this would be things like back-ordered, shipped) when the visitor adds an item to the cart, if there isn't a record for the user's id with a status = cart in the orders table, a new one is inserted, the last insert id would be retrieved and stored in a session variable. this assigns an order_id for this cart. you would use this order_id when inserting rows in the order_items table. if you update the quantity or delete the item from the cart, you would runs queries on the order_items table. Edited November 29, 2016 by mac_gyver Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 30, 2016 Share Posted November 30, 2016 i would add to the above, those two database tables are required even in the case of a session based cart. at the point where the cart is finalized and converted to an order, you have to move the data from the session into the database tables so that you have a record of the order. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.