function saveOrder() { $orderId = 0; $shippingCost = 5; $requiredField = array('hidShippingFirstName', 'hidShippingLastName', 'hidShippingAddress1', 'hidShippingCity', 'hidShippingPostalCode', 'hidPaymentFirstName', 'hidPaymentLastName', 'hidPaymentAddress1', 'hidPaymentCity', 'hidPaymentPostalCode'); if (checkRequiredPost($requiredField)) { extract($_POST); // make sure the first character in the // customer and city name are properly upper cased $hidShippingFirstName = ucwords($hidShippingFirstName); $hidShippingLastName = ucwords($hidShippingLastName); $hidPaymentFirstName = ucwords($hidPaymentFirstName); $hidPaymentLastName = ucwords($hidPaymentLastName); $hidShippingCity = ucwords($hidShippingCity); $hidPaymentCity = ucwords($hidPaymentCity); $cartContent = getCartContent(); $numItem = count($cartContent); // save order & get order id $sql = "INSERT INTO tbl_order(od_date, od_last_update, od_shipping_first_name, od_shipping_last_name, od_shipping_address1, \r\n\t\t od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city, od_shipping_postal_code, od_shipping_cost,\r\n od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2, \r\n\t\t\t\t\t\t\t\t\t od_payment_phone, od_payment_state, od_payment_city, od_payment_postal_code)\r\n VALUES (NOW(), NOW(), '{$hidShippingFirstName}', '{$hidShippingLastName}', '{$hidShippingAddress1}', \r\n\t\t\t\t '{$hidShippingAddress2}', '{$hidShippingPhone}', '{$hidShippingState}', '{$hidShippingCity}', '{$hidShippingPostalCode}', '{$shippingCost}',\r\n\t\t\t\t\t\t'{$hidPaymentFirstName}', '{$hidPaymentLastName}', '{$hidPaymentAddress1}', \r\n\t\t\t\t\t\t'{$hidPaymentAddress2}', '{$hidPaymentPhone}', '{$hidPaymentState}', '{$hidPaymentCity}', '{$hidPaymentPostalCode}')"; $result = dbQuery($sql); // get the order id $orderId = dbInsertId(); if ($orderId) { // save order items for ($i = 0; $i < $numItem; $i++) { $sql = "INSERT INTO tbl_order_item(od_id, pd_id, od_qty)\r\n\t\t\t\t\t\tVALUES ({$orderId}, {$cartContent[$i]['pd_id']}, {$cartContent[$i]['ct_qty']})"; $result = dbQuery($sql); } // update product stock for ($i = 0; $i < $numItem; $i++) { $sql = "UPDATE tbl_product \r\n\t\t\t\t SET pd_qty = pd_qty - {$cartContent[$i]['ct_qty']}\r\n\t\t\t\t\t\tWHERE pd_id = {$cartContent[$i]['pd_id']}"; $result = dbQuery($sql); } // then remove the ordered items from cart for ($i = 0; $i < $numItem; $i++) { $sql = "DELETE FROM tbl_cart\r\n\t\t\t\t WHERE ct_id = {$cartContent[$i]['ct_id']}"; $result = dbQuery($sql); } } } return $orderId; }
$toreturn = searchProducts($_GET['value']); break; case 'searchsubcat': $toreturn = searchSubCategories($_GET['value']); break; case 'searchproductcheap': $toreturn = searchProductCheap($_GET['value']); break; case 'searchproductname': $toreturn = searchProductName($_GET['value']); break; case 'getcarts': $toreturn = getAllCarts($_GET['value']); break; case 'getcartcontent': $toreturn = getCartContent($_GET['value']); break; case 'savecarts': $toreturn = saveCart($_GET['name'], $_GET['user'], $_GET['value']); break; default: $toreturn = array("status" => 0, "title" => "Forbidden", "msg" => "Forbidden attempt at backend functionallity."); break; } echo json_encode($toreturn); exit; function searchProducts($subcatname) { $query = sprintf("SELECT sub.subcategory_id FROM subcategories sub WHERE sub.subcategory_name = '%s'", $subcatname); $results = do_query($query); $row = parse_results($results);
<?php if (!defined('WEB_ROOT')) { exit; } $cartContent = getCartContent(); $numItem = count($cartContent); ?> <style type="text/css"> #aa { color: #FFF; } </style> <table width="100%" border="1" cellspacing="0" cellpadding="2" id="minicart" bgcolor="#a40202" class="aa"> <?php if ($numItem > 0) { ?> <tr> <td colspan="2"><span id="aa">Cart Content</span></td> </tr> <?php $subTotal = 0; for ($i = 0; $i < $numItem; $i++) { extract($cartContent[$i]); $pd_name = "{$ct_qty} x {$pd_name}"; $url = "main.php?c={$cat_id}&p={$pd_id}"; $subTotal += $pd_price * $ct_qty; ?> <tr> <td><span id="aa"><a href="<?php
function saveOrder() { $orderId = 0; $shippingCost = 5; $requiredField = array('txtShippingFirstName', 'txtShippingLastName', 'txtShippingAddress1', 'txtShippingAddress2', 'txtShippingCity', 'txtShippingState', 'txtShippingPostalCode', 'txtShippingPhone', 'txtShippingEmail', 'txtPaymentFirstName', 'txtPaymentLastName', 'txtPaymentAddress1', 'txtPaymentAddress2', 'txtPaymentCity', 'txtPaymentState', 'txtPaymentPostalCode', 'txtPaymentPhone'); //if (checkRequiredPost($requiredField)) { extract($_POST); // make sure the first character in the // customer and city name are properly upper cased $hidShippingFirstName = $hidShippingFirstName; $hidShippingLastName = $hidShippingLastName; $hidPaymentFirstName = $hidPaymentFirstName; $hidPaymentLastName = $hidPaymentLastName; $hidShippingCity = $hidShippingCity; $hidPaymentCity = $hidPaymentCity; $hidOrdernotes = $hidOrdernotes; $hidDiscount = $hidDiscount; $cartContent = getCartContent(); $numItem = count($cartContent); $coupon = $_SESSION["coupon_code"]; $pay_mode = $_SESSION['pay_mode']; $p_notes = $_SESSION['pay_notestext']; $p_where = $_SESSION['pay_wherefrom']; $pcode = $_SESSION["pcode"]; $ship_method = $_SESSION["shipprice"]; $tax = $_SESSION["tax"]; $final_amt = $_SESSION['final_total']; // save order & get order id $sql = "INSERT INTO tbl_order(od_date, od_last_update, od_shipping_first_name, od_shipping_last_name, od_shipping_address1, \n\t\t od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city, od_shipping_postal_code, od_shipping_email, od_shipping_cost, od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2, od_payment_phone, od_payment_state, od_payment_city, od_payment_postal_code, order_notes ,discount_percent,payment_mode ,hear_abt ,add_note, coupon_code,ship_method,tax,pcode,final_amt,od_status)\n VALUES (NOW(), NOW(), '{$hidShippingFirstName}', '{$hidShippingLastName}', '{$hidShippingAddress1}','{$hidShippingAddress2}', '{$hidShippingPhone}', '{$hidShippingState}', '{$hidShippingCity}', '{$hidShippingPostalCode}','{$hidShippingEmail}','{$shippingCost}','{$hidPaymentFirstName}', '{$hidPaymentLastName}', '{$hidPaymentAddress1}', '{$hidPaymentAddress2}', '{$hidPaymentPhone}', '{$hidPaymentState}', '{$hidPaymentCity}', '{$hidPaymentPostalCode}', '{$hidOrdernotes}' ,'{$hidDiscount}', '{$pay_mode}' ,'{$p_where}' ,'{$p_notes}','{$coupon}','{$ship_method}','{$tax}','{$pcode}','{$final_amt}','Not Shipped')"; mysql_query($sql) or die(mysql_error()); //$result = dbQuery($sql); // get the order id $orderId = mysql_insert_id(); //$orderId = dbInsertId(); if ($_SESSION['pay_creditcardnum']) { $pay_creditcardnum = $_SESSION['pay_creditcardnum']; $pay_c_vaild = $_SESSION['pay_c_vaild']; $pay_c_exp_m = $_SESSION['pay_c_exp_m']; $pay_c_exp_y = $_SESSION['pay_c_exp_y']; $update_sql = mysql_query("update tbl_order set card_num='{$pay_creditcardnum}' ,card_vaild_num='{$pay_c_vaild}' ,card_exp_mnth='{$pay_c_exp_m}', card_exp_yr='{$pay_c_exp_y}' where od_id={$orderId}"); } $ordernum = date("Ymd") . '-BI' . $orderId; $update_sql = mysql_query("update tbl_order set order_number='{$ordernum}' where od_id={$orderId}"); if ($orderId) { // save order items for ($i = 0; $i < $numItem; $i++) { extract($cartContent[$i]); $b_s = addslashes($banner_size); $p_s = addslashes($pole_size); $p_m_n = addslashes($pd_model_number); $p_n = addslashes($pd_name); $sql = "INSERT INTO `tbl_order_item` (`order_id` ,`order_number`,`pd_id` ,`pd_model_number`,`pd_name` ,`banner_size` ,`banner_qty` ,`banner_unitprice` ,\n\t\t\t\t`pole_size` ,`pole_qty` ,`pole_unitprice` ,`color`,`color2`,`banner_custom_text`,`logo_image`,`info_status`)VALUES ('{$orderId}','{$ordernum}', '{$pd_id}','{$p_m_n}' ,'{$p_n}', '{$b_s}', '{$banner_qty}', '{$banner_unitprice}', '{$p_s}', '{$pole_qty}', '{$pole_unitprice}','{$color}', '{$color2}' ,'{$banner_custom_text}' ,'{$logo_image}' ,'{$info_status}')"; mysql_query($sql) or die(mysql_error()); /*$sql = "INSERT INTO tbl_order_item(od_id, pd_id, od_qty) VALUES ($orderId, {$cartContent[$i]['pd_id']}, {$cartContent[$i]['ct_qty']})"; $result = dbQuery($sql);*/ } // update product stock for ($i = 0; $i < $numItem; $i++) { /*$sql = "UPDATE tbl_product SET pd_qty = pd_qty - {$cartContent[$i]['ct_qty']} WHERE pd_id = {$cartContent[$i]['pd_id']}"; mysql_query($sql)or die(mysql_error());*/ //$result = dbQuery($sql); } // then remove the ordered items from cart for ($i = 0; $i < $numItem; $i++) { $sql = "DELETE FROM tbl_cart\n\t\t\t\t WHERE ct_id = {$cartContent[$i]['ct_id']}"; mysql_query($sql) or die(mysql_error()); //$result = dbQuery($sql); } } //} return $orderId; }