function saveOrder()
{
$orderId = 0;
$shippingCost = 5;
$requiredField = array('hidShippingFirstName', 'hidShippingLastName', 'hidShippingAddress1', 'hidShippingCity', 'hidShippingPostalCode', 'hidPaymentFirstName', 'hidPaymentLastName', 'hidPaymentAddress1', 'hidPaymentCity', 'hidPaymentPostalCode');
if (checkRequiredPost($requiredField)) {
extract($_POST);
// make sure the first character in the
// customer and city name are properly upper cased
$hidShippingFirstName = ucwords($hidShippingFirstName);
$hidShippingLastName = ucwords($hidShippingLastName);
$hidPaymentFirstName = ucwords($hidPaymentFirstName);
$hidPaymentLastName = ucwords($hidPaymentLastName);
$hidShippingCity = ucwords($hidShippingCity);
$hidPaymentCity = ucwords($hidPaymentCity);
$cartContent = getCartContent();
$numItem = count($cartContent);
// save order & get order id
$sql = "INSERT INTO tbl_order(od_date, od_last_update, od_shipping_first_name, od_shipping_last_name, od_shipping_address1, \r\n\t\t od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city, od_shipping_postal_code, od_shipping_cost,\r\n od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2, \r\n\t\t\t\t\t\t\t\t\t od_payment_phone, od_payment_state, od_payment_city, od_payment_postal_code)\r\n VALUES (NOW(), NOW(), '{$hidShippingFirstName}', '{$hidShippingLastName}', '{$hidShippingAddress1}', \r\n\t\t\t\t '{$hidShippingAddress2}', '{$hidShippingPhone}', '{$hidShippingState}', '{$hidShippingCity}', '{$hidShippingPostalCode}', '{$shippingCost}',\r\n\t\t\t\t\t\t'{$hidPaymentFirstName}', '{$hidPaymentLastName}', '{$hidPaymentAddress1}', \r\n\t\t\t\t\t\t'{$hidPaymentAddress2}', '{$hidPaymentPhone}', '{$hidPaymentState}', '{$hidPaymentCity}', '{$hidPaymentPostalCode}')";
$result = dbQuery($sql);
// get the order id
$orderId = dbInsertId();
if ($orderId) {
// save order items
for ($i = 0; $i < $numItem; $i++) {
$sql = "INSERT INTO tbl_order_item(od_id, pd_id, od_qty)\r\n\t\t\t\t\t\tVALUES ({$orderId}, {$cartContent[$i]['pd_id']}, {$cartContent[$i]['ct_qty']})";
$result = dbQuery($sql);
}
// update product stock
for ($i = 0; $i < $numItem; $i++) {
$sql = "UPDATE tbl_product \r\n\t\t\t\t SET pd_qty = pd_qty - {$cartContent[$i]['ct_qty']}\r\n\t\t\t\t\t\tWHERE pd_id = {$cartContent[$i]['pd_id']}";
$result = dbQuery($sql);
}
// then remove the ordered items from cart
for ($i = 0; $i < $numItem; $i++) {
$sql = "DELETE FROM tbl_cart\r\n\t\t\t\t WHERE ct_id = {$cartContent[$i]['ct_id']}";
$result = dbQuery($sql);
}
}
}
return $orderId;
}
/*
Line 1 : Make sure this file is included instead of requested directly
Line 2 : Check if step is defined and the value is two
Line 3 : The POST request must come from this page but the value of step is one
*/
if (!defined('WEB_ROOT') || !isset($_GET['step']) || (int) $_GET['step'] != 2 || $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1') {
exit;
}
$errorMessage = ' ';
/*
Make sure all the required field exist is $_POST and the value is not empty
Note: txtShippingAddress2 and txtPaymentAddress2 are optional
*/
$requiredField = array('txtShippingFirstName', 'txtShippingLastName', 'txtShippingAddress1', 'txtShippingPhone', 'txtShippingState', 'txtShippingCity', 'txtShippingPostalCode', 'txtPaymentFirstName', 'txtPaymentLastName', 'txtPaymentAddress1', 'txtPaymentPhone', 'txtPaymentState', 'txtPaymentCity', 'txtPaymentPostalCode');
if (!checkRequiredPost($requiredField)) {
$errorMessage = 'Input not complete';
}
$cartContent = getCartContent();
?>
<table width="550" border="0" align="center" cellpadding="10" cellspacing="0">
<tr>
<td>Step 2 Of 3 : Confirm Order </td>
</tr>
</table>
<p id="errorMessage"><?php
echo $errorMessage;
?>
</p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
