Inserting values via php to sql database

Code Snippets
#1

Hi guys,

I am building a website with basic e-commerce functionality, using php and using xampp to test it.
I am having issues when attempting to submit a quantity (into table orders) using a form and validating it against an existing value (from table products), giving a response on whether there is sufficient quantity in the second table. I am then, in another page (same one performing the validations), attempting to then show a result based on the initial quantity entered, with a summary of the order details and calculation of the quantity * price to display a total as well. This is my first time building a site with this type of ecommerce functionality synchronized with a database, however I may have taken the wrong approach for these two pages… any assistance or insight as to where I am going wrong would be greatly appreciated.

Here is the page I have placed the products, existing quantity and a text field they are able to enter their desired quantity:

[code]<?php
session_start();
require_once “…/database/db.php”;
require_once “…/includes/functions.php”;

$page_title = ‘Product Catalogue’;
include_once “header.php”;

$conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname);

$query = “SELECT * from products”;

$result = mysqli_query($conn, $query);

if (!$result)
{
include_once “header.php”;
die (“Error, could not query the database”);
}

else
{ $rows = mysqli_num_rows($result);

if ($rows>0)
{

while ($row = mysqli_fetch_array($result))
{
	?>
			<form>
            <br />
            <br />
            <br />
            <table>
            <tr>
            <td style="width: 200px">Product Code:</td>
            <td><?php echo $row['ProductCode']; ?></td>
            </tr>
            <tr>
            <td>Product Name:</td>
            <td><?php echo $row['ProductName']; ?></td>
            </tr>
            <tr>
            <td>Product Description:</td>
            <td><?php echo $row['ProductDescription']; ?></td>
            </tr>
            <tr>
            <td>Product Colour:</td>
            <td><?php echo $row['ProductColour']; ?></td>
            </tr>
            <tr>
            <td>Product Price:</td>
            <td>$<?php echo number_format($row['ProductPrice'],2); ?></td>
            </tr>
            <tr>
            <td>Product Image:</td>
            <td><img src="<?php echo $row['ProductImagePath']?>"/></td>
            </tr>
            <tr>
            <td>Quantity in Stock:</td>
            <td><?php echo $row['ProductQuantity']; ?></td>
            </tr>
            </table>
            </form>
            <form method="post"action="processQuantity.php">
            <table>
            <tr>
            <td style="width: 200px">Quantity:</td>
            <td><input type="number" name="Quantity" id="Quantity" value="<?php if (isset ($quantity)) echo $quantity; ?>"size = "20" /></td>
            <td><input type="submit" name="Purchase" value= "Purchase" /></td>
            </tr>
            </table>
            </form>
            <hr />
            <?php
	}
		include "footer.html";
}

}
?> [/code]

Here is the page that I am using to validate the data as well as show a result based on the entered amount:

[code]<?php

session_start();

require_once “…/includes/functions.php”;
require_once “…/database/db.php”;

$quantity = $_POST[‘Quantity’];
$productquantity = $_POST[‘ProductQuantity’];
$orderid = $_POST[‘orderid’];
$productcode = $_POST[‘productcode’];
$productprice = $_POST[‘productprice’];
$total = $quantity * $productprice;

$error_message = ‘’;

if ($error_message != ‘’)
{
include_once “displayCatalogue-PlaceOrder.php”;
exit();

$conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname);

if (!$conn)
{
echo “Error”;
}
else
{
//sanitise date
$scustomerid = sanitiseMySQL($customerid);
$sproductcode = sanitiseMySQL($productcode);
$squantity = sanitiseMySQL($quantity);
$sproductprice = sanitiseMySQL($productprice);
$sorderdate = sanitiseMySQL($orderdate);

$query = "select productquantity from products where productcode = '$sproductcode'";

$result = msqli_query ($conn, $query);

$productquantity = mysqli_num_rows($result);

if ($quantity <= $productquantity)
{
	$error_message = "You cannot order more than what is currently instock";
		include_once "displayCatalogue-PlaceOrder.php";
		exit ();
}
else
{
	$row = mysqli_fetch_row($result);
	
	$query = "INSERT into orders (customerid, productcode, quantity, productprice, orderdate) values ('$scustomerid', '$sproductcode', '$squantity', '$sproductprice', '$sorderdate')";
	
	$result = mysqli_query($conn, $query);
	
	$row = mysqli_affected_rows($conn);
	
	if ($row > 0)
	{
		include "header.php";?>
        <h3>Order Confirmation</h3>
        <p>Thank you, your order is now being processed.</p>
            <table>
			<tr>
			<td style="width: 200px">Order Number:</td>
            <td><?php echo $orderid; ?></td>
           	</tr>
            <tr>
            <td>Product Code:</td>
            <td><?php echo $productcode; ?></td>
            </tr><tr>
            <td>Quantity:</td>
            <td><?php echo $quantity; ?></td>
            </tr>
            <tr>
            <td>Price:</td>
            <td><?php echo $productPrice; ?></td>
            </tr>
            <tr>
            <td>Total Cost of Order:</td>
            <td><?php echo $total; ?></td>
            </tr>
            </table>
		
            <?php
			include "footer.html";
	}
	else
	{
		$error_message ="Error placing your order, please try again";
		include "displayCatalogue-PlaceOrder.php";
		exit();
	}
}

}
}
//this is used to validate the quantity entered against what is available in the database
?>[/code]

Sponsor our Newsletter | Privacy Policy | Terms of Service