function saveOrder() { $orderId = 0; $shippingCost = 5; $requiredField = array('hidShippingFirstName', 'hidShippingLastName', 'hidShippingAddress1', 'hidShippingCity', 'hidShippingPostalCode', 'hidPaymentFirstName', 'hidPaymentLastName', 'hidPaymentAddress1', 'hidPaymentCity', 'hidPaymentPostalCode'); if (checkRequiredPost($requiredField)) { extract($_POST); // make sure the first character in the // customer and city name are properly upper cased $hidShippingFirstName = ucwords($hidShippingFirstName); $hidShippingLastName = ucwords($hidShippingLastName); $hidPaymentFirstName = ucwords($hidPaymentFirstName); $hidPaymentLastName = ucwords($hidPaymentLastName); $hidShippingCity = ucwords($hidShippingCity); $hidPaymentCity = ucwords($hidPaymentCity); $cartContent = getCartContent(); $numItem = count($cartContent); // save order & get order id $sql = "INSERT INTO tbl_order(od_date, od_last_update, od_shipping_first_name, od_shipping_last_name, od_shipping_address1, \r\n\t\t od_shipping_address2, od_shipping_phone, od_shipping_state, od_shipping_city, od_shipping_postal_code, od_shipping_cost,\r\n od_payment_first_name, od_payment_last_name, od_payment_address1, od_payment_address2, \r\n\t\t\t\t\t\t\t\t\t od_payment_phone, od_payment_state, od_payment_city, od_payment_postal_code)\r\n VALUES (NOW(), NOW(), '{$hidShippingFirstName}', '{$hidShippingLastName}', '{$hidShippingAddress1}', \r\n\t\t\t\t '{$hidShippingAddress2}', '{$hidShippingPhone}', '{$hidShippingState}', '{$hidShippingCity}', '{$hidShippingPostalCode}', '{$shippingCost}',\r\n\t\t\t\t\t\t'{$hidPaymentFirstName}', '{$hidPaymentLastName}', '{$hidPaymentAddress1}', \r\n\t\t\t\t\t\t'{$hidPaymentAddress2}', '{$hidPaymentPhone}', '{$hidPaymentState}', '{$hidPaymentCity}', '{$hidPaymentPostalCode}')"; $result = dbQuery($sql); // get the order id $orderId = dbInsertId(); if ($orderId) { // save order items for ($i = 0; $i < $numItem; $i++) { $sql = "INSERT INTO tbl_order_item(od_id, pd_id, od_qty)\r\n\t\t\t\t\t\tVALUES ({$orderId}, {$cartContent[$i]['pd_id']}, {$cartContent[$i]['ct_qty']})"; $result = dbQuery($sql); } // update product stock for ($i = 0; $i < $numItem; $i++) { $sql = "UPDATE tbl_product \r\n\t\t\t\t SET pd_qty = pd_qty - {$cartContent[$i]['ct_qty']}\r\n\t\t\t\t\t\tWHERE pd_id = {$cartContent[$i]['pd_id']}"; $result = dbQuery($sql); } // then remove the ordered items from cart for ($i = 0; $i < $numItem; $i++) { $sql = "DELETE FROM tbl_cart\r\n\t\t\t\t WHERE ct_id = {$cartContent[$i]['ct_id']}"; $result = dbQuery($sql); } } } return $orderId; }
/* Line 1 : Make sure this file is included instead of requested directly Line 2 : Check if step is defined and the value is two Line 3 : The POST request must come from this page but the value of step is one */ if (!defined('WEB_ROOT') || !isset($_GET['step']) || (int) $_GET['step'] != 2 || $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1') { exit; } $errorMessage = ' '; /* Make sure all the required field exist is $_POST and the value is not empty Note: txtShippingAddress2 and txtPaymentAddress2 are optional */ $requiredField = array('txtShippingFirstName', 'txtShippingLastName', 'txtShippingAddress1', 'txtShippingPhone', 'txtShippingState', 'txtShippingCity', 'txtShippingPostalCode', 'txtPaymentFirstName', 'txtPaymentLastName', 'txtPaymentAddress1', 'txtPaymentPhone', 'txtPaymentState', 'txtPaymentCity', 'txtPaymentPostalCode'); if (!checkRequiredPost($requiredField)) { $errorMessage = 'Input not complete'; } $cartContent = getCartContent(); ?> <table width="550" border="0" align="center" cellpadding="10" cellspacing="0"> <tr> <td>Step 2 Of 3 : Confirm Order </td> </tr> </table> <p id="errorMessage"><?php echo $errorMessage; ?> </p> <form action="<?php echo $_SERVER['PHP_SELF'];