function saveOrder()
{
$orderId = 0;
$shippingCost = 5;
$requiredField = array('hidShippingFirstName', 'hidShippingLastName', 'hidShippingAddress1', 'hidShippingCity', 'hidShippingPostalCode', 'hidPaymentFirstName', 'hidPaymentLastName', 'hidPaymentAddress1', 'hidPaymentCity', 'hidPaymentPostalCode');
if (checkRequiredPost($requiredField)) {
extract($_POST);
// make sure the first character in the
// customer and city name are properly upper cased
$hidShippingFirstName = ucwords($hidShippingFirstName);
$hidShippingLastName = ucwords($hidShippingLastName);
$hidPaymentFirstName = ucwords($hidPaymentFirstName);
$hidPaymentLastName = ucwords($hidPaymentLastName);
$hidShippingCity = ucwords($hidShippingCity);
$hidPaymentCity = ucwords($hidPaymentCity);
$cartContent = getCartContent();
$numItem = count($cartContent);
// save order & get order id
$sql = "INSERT INTO tbl_order(od_date, od_last_update, od_shipping_first_name, od_shipping_last_name, od_shipping_address1, \r\n\t\t od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city, od_shipping_postal_code, od_shipping_cost,\r\n od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2, \r\n\t\t\t\t\t\t\t\t\t od_payment_phone, od_payment_state, od_payment_city, od_payment_postal_code)\r\n VALUES (NOW(), NOW(), '{$hidShippingFirstName}', '{$hidShippingLastName}', '{$hidShippingAddress1}', \r\n\t\t\t\t '{$hidShippingAddress2}', '{$hidShippingPhone}', '{$hidShippingState}', '{$hidShippingCity}', '{$hidShippingPostalCode}', '{$shippingCost}',\r\n\t\t\t\t\t\t'{$hidPaymentFirstName}', '{$hidPaymentLastName}', '{$hidPaymentAddress1}', \r\n\t\t\t\t\t\t'{$hidPaymentAddress2}', '{$hidPaymentPhone}', '{$hidPaymentState}', '{$hidPaymentCity}', '{$hidPaymentPostalCode}')";
$result = dbQuery($sql);
// get the order id
$orderId = dbInsertId();
if ($orderId) {
// save order items
for ($i = 0; $i < $numItem; $i++) {
$sql = "INSERT INTO tbl_order_item(od_id, pd_id, od_qty)\r\n\t\t\t\t\t\tVALUES ({$orderId}, {$cartContent[$i]['pd_id']}, {$cartContent[$i]['ct_qty']})";
$result = dbQuery($sql);
}
// update product stock
for ($i = 0; $i < $numItem; $i++) {
$sql = "UPDATE tbl_product \r\n\t\t\t\t SET pd_qty = pd_qty - {$cartContent[$i]['ct_qty']}\r\n\t\t\t\t\t\tWHERE pd_id = {$cartContent[$i]['pd_id']}";
$result = dbQuery($sql);
}
// then remove the ordered items from cart
for ($i = 0; $i < $numItem; $i++) {
$sql = "DELETE FROM tbl_cart\r\n\t\t\t\t WHERE ct_id = {$cartContent[$i]['ct_id']}";
$result = dbQuery($sql);
}
}
}
return $orderId;
}
$toreturn = searchProducts($_GET['value']);
break;
case 'searchsubcat':
$toreturn = searchSubCategories($_GET['value']);
break;
case 'searchproductcheap':
$toreturn = searchProductCheap($_GET['value']);
break;
case 'searchproductname':
$toreturn = searchProductName($_GET['value']);
break;
case 'getcarts':
$toreturn = getAllCarts($_GET['value']);
break;
case 'getcartcontent':
$toreturn = getCartContent($_GET['value']);
break;
case 'savecarts':
$toreturn = saveCart($_GET['name'], $_GET['user'], $_GET['value']);
break;
default:
$toreturn = array("status" => 0, "title" => "Forbidden", "msg" => "Forbidden attempt at backend functionallity.");
break;
}
echo json_encode($toreturn);
exit;
function searchProducts($subcatname)
{
$query = sprintf("SELECT sub.subcategory_id FROM subcategories sub WHERE sub.subcategory_name = '%s'", $subcatname);
$results = do_query($query);
$row = parse_results($results);
<?php
if (!defined('WEB_ROOT')) {
exit;
}
$cartContent = getCartContent();
$numItem = count($cartContent);
?>
<style type="text/css">
#aa {
color: #FFF;
}
</style>
<table width="100%" border="1" cellspacing="0" cellpadding="2" id="minicart" bgcolor="#a40202" class="aa">
<?php
if ($numItem > 0) {
?>
<tr>
<td colspan="2"><span id="aa">Cart Content</span></td>
</tr>
<?php
$subTotal = 0;
for ($i = 0; $i < $numItem; $i++) {
extract($cartContent[$i]);
$pd_name = "{$ct_qty} x {$pd_name}";
$url = "main.php?c={$cat_id}&p={$pd_id}";
$subTotal += $pd_price * $ct_qty;
?>
<tr>
<td><span id="aa"><a href="<?php
function saveOrder()
{
$orderId = 0;
$shippingCost = 5;
$requiredField = array('txtShippingFirstName', 'txtShippingLastName', 'txtShippingAddress1', 'txtShippingAddress2', 'txtShippingCity', 'txtShippingState', 'txtShippingPostalCode', 'txtShippingPhone', 'txtShippingEmail', 'txtPaymentFirstName', 'txtPaymentLastName', 'txtPaymentAddress1', 'txtPaymentAddress2', 'txtPaymentCity', 'txtPaymentState', 'txtPaymentPostalCode', 'txtPaymentPhone');
//if (checkRequiredPost($requiredField)) {
extract($_POST);
// make sure the first character in the
// customer and city name are properly upper cased
$hidShippingFirstName = $hidShippingFirstName;
$hidShippingLastName = $hidShippingLastName;
$hidPaymentFirstName = $hidPaymentFirstName;
$hidPaymentLastName = $hidPaymentLastName;
$hidShippingCity = $hidShippingCity;
$hidPaymentCity = $hidPaymentCity;
$hidOrdernotes = $hidOrdernotes;
$hidDiscount = $hidDiscount;
$cartContent = getCartContent();
$numItem = count($cartContent);
$coupon = $_SESSION["coupon_code"];
$pay_mode = $_SESSION['pay_mode'];
$p_notes = $_SESSION['pay_notestext'];
$p_where = $_SESSION['pay_wherefrom'];
$pcode = $_SESSION["pcode"];
$ship_method = $_SESSION["shipprice"];
$tax = $_SESSION["tax"];
$final_amt = $_SESSION['final_total'];
// save order & get order id
$sql = "INSERT INTO tbl_order(od_date, od_last_update, od_shipping_first_name, od_shipping_last_name, od_shipping_address1, \n\t\t od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city, od_shipping_postal_code, od_shipping_email, od_shipping_cost, od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2, od_payment_phone, od_payment_state, od_payment_city, od_payment_postal_code, order_notes ,discount_percent,payment_mode ,hear_abt ,add_note, coupon_code,ship_method,tax,pcode,final_amt,od_status)\n VALUES (NOW(), NOW(), '{$hidShippingFirstName}', '{$hidShippingLastName}', '{$hidShippingAddress1}','{$hidShippingAddress2}', '{$hidShippingPhone}', '{$hidShippingState}', '{$hidShippingCity}', '{$hidShippingPostalCode}','{$hidShippingEmail}','{$shippingCost}','{$hidPaymentFirstName}', '{$hidPaymentLastName}', '{$hidPaymentAddress1}', '{$hidPaymentAddress2}', '{$hidPaymentPhone}', '{$hidPaymentState}', '{$hidPaymentCity}', '{$hidPaymentPostalCode}', '{$hidOrdernotes}' ,'{$hidDiscount}', '{$pay_mode}' ,'{$p_where}' ,'{$p_notes}','{$coupon}','{$ship_method}','{$tax}','{$pcode}','{$final_amt}','Not Shipped')";
mysql_query($sql) or die(mysql_error());
//$result = dbQuery($sql);
// get the order id
$orderId = mysql_insert_id();
//$orderId = dbInsertId();
if ($_SESSION['pay_creditcardnum']) {
$pay_creditcardnum = $_SESSION['pay_creditcardnum'];
$pay_c_vaild = $_SESSION['pay_c_vaild'];
$pay_c_exp_m = $_SESSION['pay_c_exp_m'];
$pay_c_exp_y = $_SESSION['pay_c_exp_y'];
$update_sql = mysql_query("update tbl_order set card_num='{$pay_creditcardnum}' ,card_vaild_num='{$pay_c_vaild}' ,card_exp_mnth='{$pay_c_exp_m}', card_exp_yr='{$pay_c_exp_y}' where od_id={$orderId}");
}
$ordernum = date("Ymd") . '-BI' . $orderId;
$update_sql = mysql_query("update tbl_order set order_number='{$ordernum}' where od_id={$orderId}");
if ($orderId) {
// save order items
for ($i = 0; $i < $numItem; $i++) {
extract($cartContent[$i]);
$b_s = addslashes($banner_size);
$p_s = addslashes($pole_size);
$p_m_n = addslashes($pd_model_number);
$p_n = addslashes($pd_name);
$sql = "INSERT INTO `tbl_order_item` (`order_id` ,`order_number`,`pd_id` ,`pd_model_number`,`pd_name` ,`banner_size` ,`banner_qty` ,`banner_unitprice` ,\n\t\t\t\t`pole_size` ,`pole_qty` ,`pole_unitprice` ,`color`,`color2`,`banner_custom_text`,`logo_image`,`info_status`)VALUES ('{$orderId}','{$ordernum}', '{$pd_id}','{$p_m_n}' ,'{$p_n}', '{$b_s}', '{$banner_qty}', '{$banner_unitprice}', '{$p_s}', '{$pole_qty}', '{$pole_unitprice}','{$color}', '{$color2}' ,'{$banner_custom_text}' ,'{$logo_image}' ,'{$info_status}')";
mysql_query($sql) or die(mysql_error());
/*$sql = "INSERT INTO tbl_order_item(od_id, pd_id, od_qty)
VALUES ($orderId, {$cartContent[$i]['pd_id']}, {$cartContent[$i]['ct_qty']})";
$result = dbQuery($sql);*/
}
// update product stock
for ($i = 0; $i < $numItem; $i++) {
/*$sql = "UPDATE tbl_product
SET pd_qty = pd_qty - {$cartContent[$i]['ct_qty']}
WHERE pd_id = {$cartContent[$i]['pd_id']}";
mysql_query($sql)or die(mysql_error());*/
//$result = dbQuery($sql);
}
// then remove the ordered items from cart
for ($i = 0; $i < $numItem; $i++) {
$sql = "DELETE FROM tbl_cart\n\t\t\t\t WHERE ct_id = {$cartContent[$i]['ct_id']}";
mysql_query($sql) or die(mysql_error());
//$result = dbQuery($sql);
}
}
//}
return $orderId;
}
