In PHP and MySQL, how to view multiple order information in the other page

Question

I've learned a lot from this question, on how to send multiple order information on the database. In my table rows of "order.php" is composed of rows about order information sent by the customers. My code is only for single order only. But I want to view in the other page the multiple orders sent by one customer.

Here is my code for "order.php"

<?php
session_start();
$conn = mysqli_connect('localhost','root','','sampsix');
if(mysqli_connect_errno()){
    echo 'Failed to connect: '.mysqli_connect_error();
}

if(isset($_POST['delete'])){
    $DeleteQuery = "DELETE FROM orders WHERE id='$_POST[hidden]'";
    mysqli_query($conn,$DeleteQuery);
}
if(isset($_POST['view'])){
    header('Location: view_order.php');
}

$query = "SELECT * FROM orders ORDER BY id";
$results = mysqli_query($conn,$query);

echo '<table border="1">';
    echo '<tr>';
        echo '<th>ID</th>';
        echo '<th>Firstame</th>';
        echo '<th>Lastname</th>';
        echo '<th>Email</th>';
        echo '<th>Order Name</th>';
        echo '<th>Order Code</th>';
        echo '<th>Order Qty</th>';
        echo '<th>Sub Total</th>';
    echo '</tr>';

    while($orderData = mysqli_fetch_array($results)){
   echo '<form action="order.php" method="POST">';
    echo '<tr>';
        echo '<td>'.$orderData['id'].'</td>';
        echo '<td>'.$orderData['firstname'].'</td>';
        echo '<td>'.$orderData['lastname'].'</td>';
        echo '<td>'.$orderData['email'].'</td>';
        echo '<td>'.$orderData['ordername'].'</td>';
        echo '<td>'.$orderData['ordercode'].'</td>';
        echo '<td>'.$orderData['orderqty'].'</td>';
        echo '<td>'.$orderData['subtotal'].'</td>';

       echo '<td><input type="hidden" name="hidden" value="'.$orderData['id'].'"></td>';
        echo '<td><input type="submit" name="delete" value="Delete"></td>';
    echo '</form>';
        echo "<td><a href='view_order.php?id=".$orderData['id']."'>View</a></td>";
    echo '</tr>';

}
echo '</table>';
mysqli_close($conn);
?>

And here is my "view_order.php" where in the order information is in there:

<?php
include_once('config.php');

if(isset($_GET['id'])){
    $id = $_GET['id'];

$query = $mysqli->query("SELECT id,firstname,lastname,email,ordername,ordercode,orderqty,subtotal  FROM orders WHERE id='$id'");

if($query){
        while($obj = $query->fetch_object()){
           echo 'ID: '.$obj->id;
           echo 'Firstname: '.$obj->firstname;
           echo 'Lastname: '.$obj->lastname;
           echo 'Email: '.$obj->email;
           echo 'Order Name: '.$obj->ordername;
           echo 'Order Code: '.$obj->ordercode;
           echo 'Order Qty: '.$obj->orderqty;
           echo 'Sub total: '.$obj->subtotal;
        }
   }
}

?>

This code above also execute single order only. I just thinking what if the customers has multiple order and I want to view it all in the other page.

Note that this code contains SQL injection vulnerabilities, and should not be copied or used. — halfer, Mar 07 '17 at 08:21

score 0 · Accepted Answer · edited Mar 07 '17 at 08:24

0

Now you use the id as identifier which refers to just one order. If you want all orders of a customer you should select by the identificator of the customer. In your case i think it is firstname and lastname. You should replace the id with firstname and lastname. You will get something like this:

<?php
session_start();
$conn = mysqli_connect('localhost','root','','sampsix');
if(mysqli_connect_errno()){
    echo 'Failed to connect: '.mysqli_connect_error();
}

if(isset($_POST['delete'])){
    $DeleteQuery = "DELETE FROM orders WHERE id='$_POST[hidden]'";
    mysqli_query($conn,$DeleteQuery);
}
if(isset($_POST['view'])){
    header('Location: view_order.php');
}

$query = "SELECT * FROM orders ORDER BY id";
$results = mysqli_query($conn,$query);

echo '<table border="1">';
    echo '<tr>';
        echo '<th>ID</th>';
        echo '<th>Firstame</th>';
        echo '<th>Lastname</th>';
        echo '<th>Email</th>';
        echo '<th>Order Name</th>';
        echo '<th>Order Code</th>';
        echo '<th>Order Qty</th>';
        echo '<th>Sub Total</th>';
    echo '</tr>';

    while($orderData = mysqli_fetch_array($results)){
   echo '<form action="order.php" method="POST">';
    echo '<tr>';
        echo '<td>'.$orderData['id'].'</td>';
        echo '<td>'.$orderData['firstname'].'</td>';
        echo '<td>'.$orderData['lastname'].'</td>';
        echo '<td>'.$orderData['email'].'</td>';
        echo '<td>'.$orderData['ordername'].'</td>';
        echo '<td>'.$orderData['ordercode'].'</td>';
        echo '<td>'.$orderData['orderqty'].'</td>';
        echo '<td>'.$orderData['subtotal'].'</td>';

       echo '<td><input type="hidden" name="hidden" value="'.$orderData['id'].'"></td>';
        echo '<td><input type="submit" name="delete" value="Delete"></td>';
    echo '</form>';
        echo "<td><a href='view_order.php?firstname=".$orderData['firstname']."&lastname=".$orderData['lastname']."'>View</a></td>";
    echo '</tr>';

}
echo '</table>';
mysqli_close($conn);
?>

And the view page:

<?php
include_once('config.php');

if(isset($_GET['firstname'])){
    $firstname = $_GET['firstname'];
if(isset($_GET['lastname'])){
    $lastname = $_GET['lastname'];

$query = $mysqli->query("SELECT id,firstname,lastname,email,ordername,ordercode,orderqty,subtotal  FROM orders WHERE firstname='$firstname' and lastname='$lastname'");

if($query){
        while($obj = $query->fetch_object()){
           echo 'ID: '.$obj->id;
           echo 'Firstname: '.$obj->firstname;
           echo 'Lastname: '.$obj->lastname;
           echo 'Email: '.$obj->email;
           echo 'Order Name: '.$obj->ordername;
           echo 'Order Code: '.$obj->ordercode;
           echo 'Order Qty: '.$obj->orderqty;
           echo 'Sub total: '.$obj->subtotal;
        }
   }
}

?>

Note that this structure isn't the best solution. I would store my customers in another table, because what happens if two people have the same first- and lastname?

In your other question you also create a row for each product in your order table. If you want to do it well you should create another table like order_rules and store your products in that table with an order id. You should normalize your tables. I think this is a good description and tutorial about normalizing tables.

Please note this code is not safe to use - it contains a number of SQL injection vulnerabilities. It has just been amended into a working state from the code in the original post.

edited Mar 07 '17 at 08:24

halfer

19,824
17
99
186

answered Sep 13 '14 at 19:09

S.Pols

3,414
2
21
42

Yes sir! Its run well. anyway sir. I created a table before for the customers only. I have a code for those customers with credentials in the page. Anyway sir. You have a big point about that. I've decided to create the "view_order.php" to print the information like a receipt of the admin. Maybe sir, After the admin printed the information, maybe he/she needs to delete it immediately right sir $S.Pols? – None other Sep 13 '14 at 19:16
It's not necessary to delete the information. It's just how you designed your table structure. You have a lot of redundancy now. – S.Pols Sep 13 '14 at 19:21
Yes sir. I'll do it. :D Another suggestion sir. Do you think sir my order.php is secured to avoid hacking or seeing the information when it's live on the internet? How can I prevent this sir. I know you sir @S.Pols you're professional, I want to learn more about your ideas in programming because I'm a beginner. :) – None other Sep 13 '14 at 19:25
1

Unfortunately i have to say this is not even close to safe. This code is very vulnerable for SQL injection. Check here [http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php] how you can prevent SQL Injection. – S.Pols Sep 13 '14 at 19:33
Ahhh I just need to insert that stmt codes for mysqli right? :D – None other Sep 13 '14 at 19:36
Jup, it's not that hard but very important! – S.Pols Sep 13 '14 at 19:39
Hiyahhh!!! :D Thank you so much sir @S.Pols! I've learned a lot in you today. Please do help me if I encounter again some php and mysqli difficulties someday. God bless and have bless and good life ahead! :D – None other Sep 13 '14 at 19:45
Sir please help me again. :D – None other Sep 21 '14 at 03:59
Do you have another question? Give me the link! – S.Pols Sep 21 '14 at 06:12
Sir remember. you taught me the code of "How to Send order to the database." I just noticed, when I send multiple orders, the last order has the SubTotal but the other order has 0 total." When I click "View" button to redirect to "view_page.php", it also calls the 0 value from other order rather than only the "SubTotal" of all the orders at that time. What do gonna do sir? :( – None other Sep 21 '14 at 06:35
Sir, just make some comment about this, I have to go to Church. I'll be back in our conversation in 6+ hours. God bless you sir @S.Pols :) – None other Sep 21 '14 at 06:37
What is your intention on the view page? To display the rules that are submitted at one time, or just one rule? The main problem is how you designed your database. Normally one order has multiple order rules. You would have a table 'orders' and a table 'order_rules'. In the 'order' table you store fields like 'firstname', 'lastname' and 'order_total'. In the 'order_rules' table you add an unique identifier which refers to the 'order' table. If you want to get an order you just get the order referenced with an 'order_id'. In this case you don't have your "multiple rows problem". Hope it's clear – S.Pols Sep 21 '14 at 07:09
Sir my intention in view page, is to print the order information in "view_page.php." The order information, price, quantity and sub total is place upon the view_page.php. The purpose of view_page.php is like a print receipt sir. :) – None other Sep 21 '14 at 16:38
Sir you have point for that. :) Maybe I'll to construct my own codes about this. Please sir do check it if I posted it. God bless and thanks sir @S.Pols – None other Sep 24 '14 at 04:11
I will. Try to re-design your database so you have `orders` and `order_lines`. You will notice that it's easier to program your goals. Let me know if you are stuck and/or re-designed your database! – S.Pols Sep 24 '14 at 05:09
Thank so much sir @S.Pols. I awe you one! Yes sir I will update you if I stuck and/or re-designed my database. :) Sir is there any disadvantage to make many table in one database? Cheers sir! – None other Sep 26 '14 at 09:02
No, not at all. As long the tables make sense, you can make so many table as you want. – S.Pols Sep 26 '14 at 09:39
Oh thank yo sir for that idea. Anyway sir, please check this url codes from php website. (http://php.net/manual/en/function.date.php). Do you think this codes will help me to make sort by "Month" or "Date" about the orders? My professor want us to make Order Summary in one particular month/week. To see what product is the best seller for that month/week. I think sir I have to sort them by "Month" or week right? Just an idea sir. :D – None other Sep 27 '14 at 15:40
If you want to order results in a query you can use the `ORDER BY` statement. Check this for some examples: http://dev.mysql.com/doc/refman/5.0/en/sorting-rows.html – S.Pols Sep 29 '14 at 07:42
Oh thank you sir! for the advice and for the link. I owe you one again :D – None other Oct 06 '14 at 17:08

In PHP and MySQL, how to view multiple order information in the other page

1 Answers1