$product_sql = "INSERT INTO orderproducts(orderid, productid) VALUES (?,?)";
$stock_sql = "UPDATE stock SET quantity=? WHERE productsid=?";
$success = false;
try {
$db->connection->autocommit(false);
//Insert a new order in the database
$db->param_query($order_sql, "i", $data['total_price']);
if ($db->statement->affected_rows == 0) {
throw new Exception('order_sql not added');
}
$id = $db->connection->insert_id;
$db->close_statement();
//Inserts delivery information in the database
//The data should already have been processed but just for safety in case I missed it, I will apply htmlspecialchars here as well.
$array = array($id, htmlspecialchars($data['delivery']['first_name']), htmlspecialchars($data['delivery']['last_name']), htmlspecialchars($data['delivery']['email']), htmlspecialchars($data['delivery']['address']), htmlspecialchars($data['delivery']['zip_code']), htmlspecialchars($data['delivery']['area']));
$db->param_query_array($deliver_sql, "issssss", $array);
if ($db->statement->affected_rows == 0) {
throw new Exception('deliver_sql not added');
}
$db->close_statement();
//For each product, add it in the database table related to orders. Also alter the stock quantity.
foreach ($data['products'] as $row) {
for ($i = 0; $i < $row['buy_quantity']; $i++) {
$array = array($id, $row['id']);
$db->param_query_array($product_sql, "ii", $array);
if ($db->statement->affected_rows == 0) {
throw new Exception('product_sql not added');
}
$db->close_statement();
}
if ($row['buy_quantity'] > $row['quantity']) {
