-2

This code works perfectly to update one OrderIn_ID, or one orderOut_id, it sets the paid column to Yes, and then goes to a page that displays those results. But if I order more than one orderIn_id, or more than one orderOut_id, it will only update the first one, and all other ID records remain at No. Should I use a case switch or a while loop to grab all order ID's contained in the order invoice. I know this is subject to SQL injections, it is a first semester school project and we have not learned PDO's at this point. I don't get any errors, just will not update more than one record of orderIn_id or orderOut_id. This is the php code that is called when pay this invoice is pressed. Can it update more than one record at a time, and can it insert into invoice table more than one orderIn_id or orderOut_id?

<?php

if($_SERVER['REQUEST_METHOD'] == 'POST') {

    if(isset($_SESSION['orderIn'])) {
        $orderIn_id = $_SESSION['orderIn'];
        $orderIn_paid = "Yes";

        $changeVal="UPDATE order_instate
                 SET orderIn_paid = '$orderIn_paid'
                 WHERE orderIn_id = '$orderIn_id'; " ; 

        $changeCheck=mysqli_query($dbhandle, $changeVal) 
                        or die(mysqli_error($dbhandle));
    }

    if(isset($_SESSION['orderOut'])) {          
        $orderOut_id = $_SESSION['orderOut'];       
        $orderOut_paid = "Yes";

        $changeVal2="UPDATE order_outstate
                 SET  orderOut_paid = '$orderOut_paid'
                 WHERE orderOut_id = '$orderOut_id'; " ; 

        $changeCheck2=mysqli_query($dbhandle, $changeVal2) 
                or die(mysqli_error($dbhandle));
    }

    $invoice_total = 0;
    $invoice_total = $gtotal;
    $invoice_shipped = "No";
    $shipped_date = "0000-00-00";

    $add ="INSERT INTO invoice(user_id, orderIn_id, orderOut_id, invoice_total, invoice_shipped, shipped_date)
                VALUES ('$user_id', '$orderIn_id', '$orderOut_id', '$invoice_total', '$invoice_shipped', '$shipped_date')"; 

    $addCheck=mysqli_query($dbhandle, $add)
                        or die(mysqli_error($dbhandle));


if($addCheck != NULL) {                         
    header("location: userOrders.php");
    mysqli_free_result ($displayResult);
} 
}
?>
user3447733
  • 41
  • 6
  • Well you would have to pass it an array of elements to loop through in the first place. Have you done arrays yet? – Cups Nov 26 '14 at 19:21
  • yes, we have covered arrays. So I would pass the orderIn_id's and the orderOut_id's into arrays, and then loop through the length of the array to populate the invoice table? – user3447733 Nov 28 '14 at 17:18

1 Answers1

0
if( isset($_SESSION['orderIn'])  && is_array($_SESSION['orderIn']) ) {

 foreach($_SESSION['orderIn'] as $key => $order){

    $orderIn_id = $_SESSION['orderIn'][$key];
    $orderIn_paid = "Yes";

    $changeVal="UPDATE order_instate
             SET orderIn_paid = '$orderIn_paid'
             WHERE orderIn_id = '$orderIn_id'; " ; 

    $changeCheck=mysqli_query($dbhandle, $changeVal) ;
 }
}

You will probably start off doing something as simple as that, then you can get cleverer and build up a single insert query instead of hitting the db multiple times. Take a look at this answer :

Inserting multiple rows in mysql

Your task would be to build up the equivalent of the query given in the top answer, you'd do that in your loop, then send it to the db just once.

But that should do as a starter for you.

Community
  • 1
  • 1
Cups
  • 6,901
  • 3
  • 26
  • 30