0

In my old code the user can buy as many as he wants to , but in the new code the user must input only numbers less than the stocks. I am not sure whether this is the problem or not. Somehow the purchase does not go to the sales total in sales table.

In history.php the total purchase price does not show up , but when you click the view full details button you can see the total purchase.

History.php History

View Full Detail Full Detail

Sales table. Sales Table

This is my old code add_cart.php code In here it inserts fine.

<?php
    include('session.php');
    if(isset($_POST['cart'])){
        $id=$_POST['id'];
        $qty=$_POST['qty'];

        $query=mysqli_query($conn,"select * from cart where productid='$id' and userid='".$_SESSION['id']."'");
        if (mysqli_num_rows($query) > ($qty)){
            echo "Input must be lower than the quantity!";
        }
        else{
            mysqli_query($conn,"insert into cart (userid, productid, qty) values ('".$_SESSION['id']."', '$id', '$qty')");
        }
    }

?>

This is my new code add_cart.php code In here it does not insert properly. 

include('session.php');
if(isset($_POST['cart'])){
    $id=$_POST['id'];
    $qty=$_POST['qty'];
if($qty>0){//This Condition work for you

    $query=mysqli_query($conn,"select product_qty from product where productid='$id'");
$result=mysqli_fetch_object($query);
if($result->product_qty < $qty){
   echo 'Input must be lower than the stocks';
} else{
        $query=mysqli_query($conn,"select * from cart where productid='$id' and userid='".$_SESSION['id']."'");
        if (mysqli_num_rows($query)>0){
            echo "Product already on your cart!";
        }
        else{
            mysqli_query($conn,"insert into cart (userid, productid, qty) values ('".$_SESSION['id']."', '$id', '$qty')");
        }
  }
}
}

?>

history.php where the table are listed

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
  <link rel="stylesheet" href="/resources/demos/style.css">
  <script src="https://code.jquery.com/jquery-1.12.4.js"></script>
  <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
  <script>
  $( function() {
    $( "#datepicker" ).datepicker();
  } );
  </script>
</head>
<body>

<p>Date: <input type="text" id="datepicker"></p>


</body>
</html>

<?php include('session.php'); ?>
<?php include('header.php'); ?>
<body>
<?php include('navbar.php'); ?>
<div class="container">
    <?php include('cart_search_field.php'); ?>
    <div style="height: 50px;"></div>
    <div class="row">
        <div class="col-lg-12">
           <center> <h1 class="page-header">Purchase History</h1></center>
        </div>
    </div>
                <!-- /.row -->
                <div class="row">
                <div class="col-lg-12">
                                <center>
 <form action="total_sales.php" method="post">
  From: <input type="text" class="datepicker" placeholder="E.G.(2018-01-14)" name="dayfrom" required pattern="[0-9]{4}+[0-9]+[0-9]"> To: <input type="text" class="datepicker" placeholder="E.G.(2018-02-11)" name="dayto" required pattern="[0-9]{4}+[0-9]+[0-9]">
  <input type="submit" value="Show Purchases" name="salesbtn" ></form></center>
                    <table width="100%" class="table table-striped table-bordered table-hover" id="historyTable">
                        <thead>
                            <tr>
                                <th class="hidden"></th>
                                <th>Purchase Date</th>
                                <th>Total Amount</th>
                                <th>Action</th>
                            </tr>
                        </thead>
                        <tbody>
                            <?php
                                $h=mysqli_query($conn,"select * from sales where userid='".$_SESSION['id']."' order by sales_date desc");
                                while($hrow=mysqli_fetch_array($h)){
                                    ?>
                                        <tr>
                                            <td class="hidden"></td>
                                            <td><?php echo date("M d, Y - h:i A", strtotime($hrow['sales_date']));?></td>
                                            <td><?php echo number_format($hrow['sales_total'],2); ?></td>
                                            <td>
                                                <a href="#detail<?php echo $hrow['salesid']; ?>" data-toggle="modal" class="btn btn-primary btn-sm"><span class="glyphicon glyphicon-fullscreen"></span> View Full Details</a>
                                                <?php include ('modal_hist.php'); ?>
                                            </td>
                                        </tr>
                                    <?php
                                }
                            ?>
                        </tbody>
                    </table>
                            <!-- /.table-responsive -->
                        </div>
                        <!-- /.panel-body -->
                    </div>


</div>
<?php include('script.php'); ?>
<?php include('modal.php'); ?>
<script src="custom.js"></script>
<script>
$(document).ready(function(){
    $('#history').addClass('active');

    $('#historyTable').DataTable({
    "bLengthChange": true,
    "bInfo": true,
    "bPaginate": true,
    "bFilter": true,
    "bSort": true,
    "pageLength": 7
    });
});
</script>
</body>
</html>
Kim
  • 35
  • 6
  • have you debugged by outputting your variables one by one? – Bernhard Apr 05 '18 at 05:01
  • @Bernhard yes i think $query is the problem , that is the only thing that i changed from my new codes. – Kim Apr 05 '18 at 05:07
  • Your script is at risk of [SQL Injection Attack](https://stackoverflow.com/q/60174/5914775). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Even [if you are escaping inputs, its not safe](https://stackoverflow.com/q/5741187/5914775)! Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. On top of that, there's no error handling in your code at all. Check results of `mysqli_query`, and if it's `false`, look at `$conn->error` to find out what went wrong. – Bartosz Zasada Apr 05 '18 at 05:34
  • @BartoszZasada as of now I just want to make it work , I am new to programming , my goal as of now is to create a system . I now the security is not good . This is just for my own purposes . I dont plan on reasleasing this thanks – Kim Apr 05 '18 at 05:48
  • Error handling is part of making it work. These error messages are there for a reason, you know. Even if they don't provide an outright help, they make it easier to narrow down the problem. – Bartosz Zasada Apr 05 '18 at 06:34

0 Answers0