0

I have a shopping system. For example, the total AMOUNT bought must be 300, but the AMOUNT that inputs to the database is always 0.

here is the script code

function checkout(){
    include('../db.php');
    $fname = $_POST['fname'];   
    $lname = $_POST['lname'];   
    $contact = $_POST['contact'];   
    $email = $_POST['email'];   
    $address = $_POST['address'];   
    $fullname = $fname.' '.$lname;
    $date = date('m/d/y h:i:s A');
    $item = '';
    foreach($_SESSION['cart'] as $row):
        if($row['qty'] != 0){
            $product = '('.$row['qty'].') '.$row['product'];
            $item = $product.', '.$item;
        }
    endforeach;
    $amount = $_SESSION['totalprice'];
    echo $q = "INSERT INTO dbgadget.order VALUES (NULL, '$fullname', '$contact', '$address', '$email', '$item', '$amount', 'unconfirmed', '$date', '')";

    mysql_query($q);

    unset($_SESSION['cart']); 
    header("location:../success.php");
}

the $amount variable date is not getting the correct value from the other page

this is the value of the $amount variable from the other page

<?php $_SESSION['totalprice'] = isset($_SESSION['totalprice']) ? $_SESSION['totalprice'] : $total; ?>
Lop Duj
  • 37
  • 7
  • 1
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Mar 03 '18 at 15:57
  • **WARNING**: Do not use the obsolete [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface which was removed in PHP 7. A replacement like [PDO is not hard to learn](https://phpdelusions.net/pdo) and a guide like [PHP The Right Way](http://www.phptherightway.com/) helps explain best practices. Here parameters are **NOT** [properly escaped](http://bobby-tables.com/php) and this has severe [SQL injection bugs](http://bobby-tables.com/) in this code. Escape **any** and all user data, especially from `$_POST` or `$_GET`. – tadman Mar 03 '18 at 21:09

0 Answers0