1
<?php
    if($_POST){
        // include database connection
        include database.php;

        try{

            // insert query 01
            $query = "INSERT INTO invoice_master SET  y_sign=:y_sign, o_sign=:o_sign, tel=:tel, date=:date, terms=:terms, g_weight=:g_weight, n_weight=:n_weight, nop=:nop, payment=:payment, total=:invoice_total";


            // prepare query for execution
            $stmt = $con->prepare($query);

            // posted values
            $y_sign=htmlspecialchars(strip_tags($_POST['y_sign']));
            $o_sign=htmlspecialchars(strip_tags($_POST['o_sign']));
            $tel=htmlspecialchars(strip_tags($_POST['tel']));
            $terms=htmlspecialchars(strip_tags($_POST['terms']));
            $g_weight=htmlspecialchars(strip_tags($_POST['g_weight']));
            $n_weight=htmlspecialchars(strip_tags($_POST['n_weight']));
            $nop=htmlspecialchars(strip_tags($_POST['nop']));
            $payment=htmlspecialchars(strip_tags($_POST['payment']));

            $invoice_total=htmlspecialchars(strip_tags($_POST['invoice_total']));


            // bind the parameters
            $stmt->bindParam(':y_sign', $y_sign);
            $stmt->bindParam(':o_sign', $o_sign);
            $stmt->bindParam(':tel', $tel);
            $stmt->bindParam(':date', $date);
            $stmt->bindParam(':terms', $terms);
            $stmt->bindParam(':g_weight', $g_weight);
            $stmt->bindParam(':n_weight', $n_weight);
            $stmt->bindParam(':nop', $nop);
            $stmt->bindParam(':payment', $payment);

            $stmt->bindParam(':invoice_total', $invoice_total);

            // specify when this record was inserted to the database
            $date=date('m-d-Y');
            /* $stmt->bindParam(':created', $created); */

            // Execute the query
            if($stmt->execute()){
                $id = $con->lastInsertId($query);

                echo "New record created successfully. Last inserted Invoice ID is: " . $id."/2019/2020";
                $query1 = "UPDATE invoice_master SET invoice_no='$id/2019/2020' , invoice_name='TEMP01' WHERE $id";
                if ($stmt->execute($query1)){

                }

            }else{
                echo "<div class='alert alert-danger'>Record In Error state.</div>";
            }

        }
            // show error
        catch(PDOException $exception){
            die('ERROR: ' . $exception->getMessage());
        }
    }
    ?>

I want to update invoice_no & invoice_name according to first insert raw. I create this code for when we insert the invoice details to table i want to generate own invoice umber and insert it to the table. and i have a table and it's can add raw multiple so i need to insert that table data to table if you an sir please make me clear how to do that those things..

Nisal Damsara
  • 13
  • 1
  • 4
  • 3
    looks like you glued 6 different approaches togeather –  Jul 22 '19 at 02:58
  • 2
    You should not be using `htmlspecialchars()` on data going **in to** your database. See [Using htmlspecialchars function with PDO prepare and execute](https://stackoverflow.com/questions/38411112/using-htmlspecialchars-function-with-pdo-prepare-and-execute) – Phil Jul 22 '19 at 06:00

1 Answers1

2

You are using PDOStatement::execute():

$query1 = "UPDATE invoice_master SET invoice_no='$id/2019/2020' , invoice_name='TEMP01' WHERE $id";
    if ($stmt->execute($query1)){

But you have to use PDO::query(), if you want to create a new query or PDO::exec() if you want to run a query without fetching results:

$query1 = "UPDATE invoice_master SET invoice_no='$id/2019/2020' , invoice_name='TEMP01' WHERE $id";
    if ($con->exec($query1)){
Sven Mich
  • 227
  • 2
  • 9