Issu having to get a new transaction ID Keeps showing the first one

Question

I am having an issue with getting a new transaction id when placing new order. It wants to keep only showing me the first order the user made. I have it so the user logs in and it keeps a session of the login. Then the user adds items to the cart and checkouts. After the data is inserted to the customer order table, the page moves on to a successful order page. The only issue is it keeps wanting to only show the first transaction id (tr_id) for that user in the db. When I sign in with new user I do get a different tr_id, but the same thing happens for the second user. Here is all the code I have for it. I know it may be hard question don't waste to much time on it if it cant be figured out. If I have to I will delete the question and try different method. This is the only thing holding up to complete my project. I also know that this is not the greatest code and can get sql injections. I am wondering what I am doing wrong with getting the new transaction id?

main.js

$('#checkout_btn').click(function(){
        $.ajax({
            url: 'action.php',
            method: 'POST',
            data: {payment_checkout:1},
            success: function(){
                window.location.href = "payment_success.php";
            }
        })
    })
cart_checkout();


    function cart_checkout()
    {
        $.ajax({
            url: 'action.php',
            method: 'POST',
            data: {cart_checkout:1},
            success: function(data){
                $('#cartdetail').html(data);
            }
        })
    }


$("#login").click(function(event){
        event.preventDefault();
        var email=$('#email').val();
        var pwd=$('#password').val();
        console.log(pwd);
        $.ajax({
            url: "login.php",
            method: "POST",
            data: {userLogin:1,email:email, pwd:pwd},
            success: function(data){
                if(data=="true"){
                    window.location.href="profile.php";
                }
            }
        })
    })

login.php

<?php 
    include('dbconnect.php');
    session_start();

    if(isset($_POST['userLogin'])){

        $email=mysqli_real_escape_string($conn,$_POST['email']);
        $pwd=md5($_POST['pwd']);
        $sql="SELECT * FROM user_info WHERE email='$email' AND password='$pwd'";
        $run_query=mysqli_query($conn,$sql);
        $count=mysqli_num_rows($run_query);

        if($count==1){
                $row=mysqli_fetch_array($run_query);
                $_SESSION['uid']=$row['user_id'];
                $_SESSION['uname']=$row['first_name'];
                echo "true";
        }

    }

 ?>

action.php

if(isset($_POST['cartmenu']) || isset($_POST['cart_checkout']))
    {

        $uid=$_SESSION['uid'];
        $sql="SELECT * FROM cart WHERE user_id='$uid'";
        $run_query=mysqli_query($conn,$sql);
        $count=mysqli_num_rows($run_query);
        if($count>0){
            $i=1;
            $total_amt=0;
        while($row=mysqli_fetch_array($run_query))
        {
            $sl=$i++;
            $pid=$row['p_id'];
            $product_image=$row['product_image'];
            $product_title=$row['product_title'];
            $product_price=$row['price'];
            $qty=$row['qty'];
            $total=$row['total_amount'];
            $price_array=array($total);
            $total_sum=array_sum($price_array);
            $total_amt+=$total_sum;

            if(isset($_POST['cartmenu']))
            {
                echo "
                <div class='row'>
                                    <div class='col-md-3'>$sl</div>
                                    <div class='col-md-3'><img src='assets/prod_images/$product_image' width='60px' height='60px'></div>
                                    <div class='col-md-3'>$product_title</div>
                                    <div class='col-md-3'>$$product_price</div>

                </div>
            ";
            }
            else
            {
                echo "
                    <div class='row'>

                        <div class='col-md-2'><a href='#' remove_id='$pid' class='btn btn-danger remove'><span class='glyphicon glyphicon-trash'></span></a>
                        <a href='#' update_id='$pid' class='btn btn-success update'><span class='glyphicon glyphicon-ok-sign'></span></a>
                        </div>
                        <div class='col-md-2'><img src='assets/prod_images/$product_image' width='60px' height='60px'></div>
                        <div class='col-md-2'>$product_title</div>
                        <div class='col-md-2'><input class='form-control price' type='text' size='10px' pid='$pid' id='price-$pid' value='$product_price' disabled></div>
                        <div class='col-md-2'><input class='form-control qty' type='text' size='10px' pid='$pid' id='qty-$pid' value='$qty'></div>
                        <div class='col-md-2'><input class='total form-control price' type='text' size='10px' pid='$pid' id='amt-$pid' value='$total' disabled></div>

                    </div>
                ";
            }

        }







        if(isset($_POST['cart_checkout'])){



        echo "
            <div class='row'>
                        <div class='col-md-8'></div>
                        <div class='col-md-4'>
                            <b>Total: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$$total_amt</b>
                        </div>
                    </div>
        ";
        }
    }
}

if(isset($_POST['payment_checkout'])){
        $uid=$_SESSION['uid'];
        $sql="SELECT * FROM cart WHERE user_id='$uid'";
        $run_query=mysqli_query($conn,$sql);
        $i=rand();

        while($cart_row=mysqli_fetch_array($run_query))
        {
            $cart_prod_id=$cart_row['p_id'];
            $cart_prod_title=$cart_row['product_title'];
            $cart_qty=$cart_row['qty'];
            $cart_price_total=$cart_row['total_amount'];




            $sql2="INSERT INTO customer_order (uid,pid,p_name, p_price,p_qty,p_status,tr_id) VALUES ('$uid','$cart_prod_id','$cart_prod_title','$cart_price_total','$cart_qty','CONFIRMED','$i')";
            $run_query2=mysqli_query($conn,$sql2);
        }

payment_success.php

<?php

    include('dbconnect.php');
    session_start();

    if(!isset($_SESSION['uid'])){
    header('Location:index.php');
    }


    $uid=$_SESSION['uid'];
    $sql="SELECT * FROM customer_order WHERE uid='$uid'";
    $run_query=mysqli_query($conn,$sql);
    $row=mysqli_fetch_array($run_query);
    $trid=$row['tr_id'];



 ?>

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title> Supplies</title>
    <link rel="stylesheet" type="text/css" href="assets/bootstrap-3.3.6-dist/css/bootstrap.css">
    <style type="text/css">
        .content{
            display: none;
        }
    </style>
</head>
<body>
    <div class='content'>
        <div class="navbar navbar-default navbar-fixed-top" id="topnav">
        <div class="container-fluid">
            <div class="navbar-header">
                <a href="index.php" class="navbar-brand"> Supplies</a>
            </div>


        </div>
    </div>
    <br><br><br><br><br>
    <div class='container-fluid'>
        <div class='row'>
        <div class='col-md-2'></div>
        <div class='col-md-8'>
            <div class="panel panel-default">
                <div class="panel-heading"><h1>Thank you!</h1></div>
                <div class="panel-body">
                    Hello <?php echo $_SESSION['uname']; ?>, your payment is successful.
                    <br>Your Transaction ID is <?php echo $trid; ?> 
                    <br>You can continue with your shopping.
                    <p></p>
                    <a href="profile.php" class='btn btn-success btn-lg'>Back to store</a>
                </div>
            </div>
        <div class='col-md-2'></div>
    </div>

    </div>

    </div>
    </div>
    <!--Pre-loader -->
    <div class="preload"><img src="assets/images/loading.gif" style="width:400px;
    height: 400px;
    position: relative;
    top: 0px;
    left: 469px;"></div>

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
    <script src="assets/bootstrap-3.3.6-dist/js/bootstrap.min.js"></script>

    <script type="text/javascript">


        $(".preload").fadeOut(5000, function(){
        $(".content").fadeIn(500);          
        }); 

    </script>
</body>
</html>

yes I am wondering what I am doing wrong with getting the new transaction id? sorry that this maybe long to read. I wanted to be as detailed as possible so that I would not get so much hate on this question. If it is not well received I will go ahead and delete the question — Donny, Sep 19 '17 at 16:38
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Sep 19 '17 at 16:43
Please dont __roll your own__ password hashing. PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) — RiggsFolly, Sep 19 '17 at 16:43
sorry looks like payment_success.php code did not go through.I just added it, but that is where I am having the problem on retaining the last transaction id or tr_id from db — Donny, Sep 19 '17 at 16:44
You hav a fairly obvious issue with quotes. Look at the code colourisation — RiggsFolly, Sep 19 '17 at 16:47

score 0 · Answer 1 · answered Sep 19 '17 at 16:48

0

Your SQL select will fetch only the first tr-id (transaction id) because your select makes an array of unfetched tr-id's and fetches them in the order of their existence on the table.

you need to fetch the last element on the result. you could make it (there will be a better way) with a "for each" loop, it will write every result in the variable till the last one is saved on it.

there will most likely be a better way, but this should also work.

lg! ^^

answered Sep 19 '17 at 16:48

I will try to figure it out not sure on how to go about it yet I am still learning a lot – Donny Sep 19 '17 at 16:50
so the question should have really been how to get the last record from db for tr_id – Donny Sep 19 '17 at 16:58
@Donny Depends, in your case the Database seems to save the newest record last. So, yes. I'd recommend you to have an counting column along with the transaction-id, then you can make an SQL-statement where the Database gives you the newest (the one with the highest number) first. If you have a Table with an Quto_incrementing ID you could use the DI too! LG – Sep 19 '17 at 17:24

score 0 · Answer 2 · answered Sep 19 '17 at 17:18

Did not realize easy fix just need to add an order by id desc to grab last record entered.

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title> Supplies</title>
    <link rel="stylesheet" type="text/css" href="assets/bootstrap-3.3.6-dist/css/bootstrap.css">
    <style type="text/css">
        .content{
            display: none;
        }
    </style>
</head>
<body>
    <div class='content'>
        <div class="navbar navbar-default navbar-fixed-top" id="topnav">
        <div class="container-fluid">
            <div class="navbar-header">
                <a href="index.php" class="navbar-brand"> Supplies</a>
            </div>


        </div>
    </div>
    <br><br><br><br><br>
    <div class='container-fluid'>
        <div class='row'>
        <div class='col-md-2'></div>
        <div class='col-md-8'>
            <div class="panel panel-default">
                <div class="panel-heading"><h1>Thank you!</h1></div>
                <div class="panel-body">
                    Hello <?php echo $_SESSION['uname']; ?>, your payment is successful.
                    <br>Your Transaction ID is <?php echo $trid; ?> 
                    <br>You can continue with your shopping.
                    <p></p>
                    <a href="profile.php" class='btn btn-success btn-lg'>Back to store</a>
                </div>
            </div>
        <div class='col-md-2'></div>
    </div>

    </div>

    </div>
    </div>
    <!--Pre-loader -->
    <div class="preload"><img src="assets/images/loading.gif" style="width:400px;
    height: 400px;
    position: relative;
    top: 0px;
    left: 469px;"></div>

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
    <script src="assets/bootstrap-3.3.6-dist/js/bootstrap.min.js"></script>

    <script type="text/javascript">


        $(".preload").fadeOut(5000, function(){
        $(".content").fadeIn(500);          
        }); 

    </script>
</body>
</html>

Issu having to get a new transaction ID Keeps showing the first one

2 Answers2