0

I'm trying to insert data in tbl_ordetails and then update data in tbl_cart, but when I try to insert data, the result is always "failed" , i don't know what's the problem. please help me

<?php
include ("connection.php");
if(isset($_POST['btnSubmit']))
{




$fullname=$_POST['fullname'];
$address=$_POST['address'];
$phone_number=$_POST['phone_number'];
$city=$_POST['city'];
$customer=$_POST['customer'];

$query = "INSERT INTO tbl_orderdetails (fullname, address, phone_number, city, customer) VALUES ('$fullname, $address, $phone_number, $city, $customer')";
$query1 = "UPDATE tbl_cart SET status ='Ordered' WHERE customer=['$customer']";

 $result = mysqli_query($conn, $query);

   if(($conn->query($query1) === TRUE) && ($result->num_rows > 0)){
            echo "success";
            exit;

    }
    else{
         echo "failed";
         exit;

    }


}
?>

Thanks in advance

Kins
  • 9
  • 1

2 Answers2

1

Your missing loads of quotes in...

$query = "INSERT INTO tbl_orderdetails (fullname, address, phone_number, city, customer) 
      VALUES ('$fullname, $address, $phone_number, $city, $customer')";

It's taking all of the values and building 1 value. Should be

$query = "INSERT INTO tbl_orderdetails (fullname, address, phone_number, city, customer) 
      VALUES ('$fullname', '$address', '$phone_number', '$city', '$customer')";

Your update should be (minus [])

$query1 = "UPDATE tbl_cart SET status ='Ordered' WHERE customer='$customer'";

Even better would be to use prepared statements and bind variables though.

Update:

   $result = $conn->query($query);
   if ( $result === false ) {
       echo "error:".$conn->error;
       exit;
   }

   if($conn->query($query1) === TRUE){
            echo "success";
            exit;

    }
    else{
         echo "failed:".$conn->error;
         exit;

    }
Nigel Ren
  • 56,122
  • 11
  • 43
  • 55
  • sir, this is the result "Trying to get property of non-object" – Kins Apr 01 '18 at 07:13
  • I've added a new part to the code, mainly to show an error if the query fails. BUT this assumes your connect is something like `$conn=new mysqli(...);`. This uses the object version of the api – Nigel Ren Apr 01 '18 at 07:18
  • Just removed the `$result->num_rows`, this isn't needed as the check for the insert failing is now done in the updated code. – Nigel Ren Apr 01 '18 at 13:44
0

I think you problem lies in this line of code if(($conn->query($query1) === TRUE) && ($result->num_rows > 0)){

You implement row counts $result->num_rows > 0 but i did not see where you are using sql select query statement so where are you getting the row counts. is it supposed to be used when inserting data or when you are selecting data from database.

I am not mysqli fan but PDO

you can try something like this

<?php
include ("connection.php");
if(isset($_POST['btnSubmit']))
{




$fullname=$_POST['fullname'];
$address=$_POST['address'];
$phone_number=$_POST['phone_number'];
$city=$_POST['city'];
$customer=$_POST['customer'];

$query = "INSERT INTO tbl_orderdetails (fullname, address, phone_number, city, customer) VALUES ('$fullname, $address, $phone_number, $city, $customer')";
$query1 = "UPDATE tbl_cart SET status ='Ordered' WHERE customer=['$customer']";

 $result = mysqli_query($conn, $query);

   if($result){
            echo "success";
            exit;

    }
    else{
         echo "failed";
         exit;

    }


}
?>

I can rewrite the code more easier using PDO

Again your script is not sanitized or validated and you are vulnerable to Injection and may be buffer overflow Attack

chinazaike
  • 517
  • 6
  • 19