function get_stock($id) { $db = new Database_Connection(); $sql = 'SELECT quantity FROM stock WHERE productsid = ?'; $result = $db->param_query($sql, 'i', $id); $data = $result->fetch_assoc(); $db->close_statement(); return !empty($data['quantity']) ? $data['quantity'] : 0; }
function add_product($id) { try { if (session_status() == PHP_SESSION_NONE) { session_start(); } $db = new Database_Connection(); $sql = 'SELECT quantity FROM stock WHERE productsid = ?'; $result = $db->param_query($sql, 'i', $id); $data = $result->fetch_assoc(); $db->close_statement(); if ($data['quantity'] < 1) { throw new Exception('Product is not in stock'); } $quantity = 0; if (!empty($_SESSION['cart'][$id])) { $quantity = $_SESSION['cart'][$id]; } $_SESSION['cart'][$id] = ++$quantity; return true; } catch (Exception $e) { return false; } }
} include_once 'db_data.php'; $db = new Database_Connection(); include_once 'model/confirm_checkout_model.php'; //turns out this page needs just about the exact kind of data... $p = new Confirm_Checkout(); $data = $p->build(); $order_sql = "INSERT INTO orders(totalprice) VALUES (?)"; $deliver_sql = "INSERT INTO orderdelivery(orderid, firstname, lastname, email, address, zipcode, area) VALUES (?,?,?,?,?,?,?)"; $product_sql = "INSERT INTO orderproducts(orderid, productid) VALUES (?,?)"; $stock_sql = "UPDATE stock SET quantity=? WHERE productsid=?"; $success = false; try { $db->connection->autocommit(false); //Insert a new order in the database $db->param_query($order_sql, "i", $data['total_price']); if ($db->statement->affected_rows == 0) { throw new Exception('order_sql not added'); } $id = $db->connection->insert_id; $db->close_statement(); //Inserts delivery information in the database //The data should already have been processed but just for safety in case I missed it, I will apply htmlspecialchars here as well. $array = array($id, htmlspecialchars($data['delivery']['first_name']), htmlspecialchars($data['delivery']['last_name']), htmlspecialchars($data['delivery']['email']), htmlspecialchars($data['delivery']['address']), htmlspecialchars($data['delivery']['zip_code']), htmlspecialchars($data['delivery']['area'])); $db->param_query_array($deliver_sql, "issssss", $array); if ($db->statement->affected_rows == 0) { throw new Exception('deliver_sql not added'); } $db->close_statement(); //For each product, add it in the database table related to orders. Also alter the stock quantity. foreach ($data['products'] as $row) {