-4

My shopping cart items stored in session but I want store all items in database.

<?php
if (isset($_POST['order'])) {
     $member_id = $_POST['member_id'];
    $item_id = $_POST['item_id'];
    $item_name = $_POST['item_name'];
    $item_price = $_POST['item_price'];
    $item_qty = $_POST['item_qty'];
     $total = $_POST['total'];

 mysql_select_db('shoppingcartdemo',   mysql_connect('localhost','root',''))or die(mysql_error());
    mysql_query("insert into ordernew (id,item_id,item_name,item_price,item_qty,total,status,member_id) values('','$item_id','$item_name','$item_price','$item_qty','$total','Delivered','$member_id')") or die(mysql_query);

header('location:payment.php'); 


}
?>
halfer
  • 19,824
  • 17
  • 99
  • 186
suganya
  • 23
  • 3
  • 1
    i don't see any SESSION item**s** – donald123 Jan 09 '17 at 12:45
  • Don't use `mysql_*` , it's deprecated. Use `mysqli_* ` or PDO instead. – Koen Hollander Jan 09 '17 at 12:52
  • Have you tried anything with SESSION , because I am not getting any stuff. – Soni Vimalkumar Jan 09 '17 at 12:53
  • `or die(mysql_query)` ?? that'll most likely cause an endless loop on erroring out – Funk Forty Niner Jan 09 '17 at 12:54
  • Run `mysql_connect()` and `mysql_select_db()` as seperate lines of execution – RiggsFolly Jan 09 '17 at 12:55
  • Actually dont ! Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Jan 09 '17 at 12:55
  • 1
    `mysql_select_db('shoppingcartdemo', mysql_connect('localhost','root','')` huh?? – Funk Forty Niner Jan 09 '17 at 12:55
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jan 09 '17 at 12:56
  • 1
    I honestly don't know where you got this code from, or how it was (or who) put together, but it's failing here, big time. – Funk Forty Niner Jan 09 '17 at 12:58

1 Answers1

0

A few tips for you:

  • DO NOT confuse $_POST with $_SESSION
  • DO NOT use mysql use mysqli or for extra protection against sql injection, use PDO. Here a useful link to learn about it http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
  • If it is a shopping cart demo you are trying to code, do not use the price amount submitted in a form. Always validate it against a value stored on the database.

Good Luck and read as much as you can.

rob
  • 715
  • 2
  • 6
  • 20