0

So i made a program for food ordering and the problem come from the part of info.php where in this file the costumer can view their total product. here's the source code :

<?php include( 'partials-front/menu.php' );
?>

<!-- fOOD MEnu Section Starts Here -->
<section class='food-menu'>
    <div class='container'>
        <h3 class='text-center'>Informasi Orderan</h3>
        </br></br>
        <!-- <h2 class = 'text-center'>Silahkan Login untuk memulai berbelanja</h2> -->
        <p class='text-center'><a href='foods.php'>Tambah Pesananan +</a></p><br>

        <!-- <h3>Informasi Orderan Anda</h3><br> -->
        <table class='demo-table responsive'>
            <thead>
                <tr>
                    <th scope='col'>Nama</th>
                    <th scope='col'>Pesanan</th>
                    <th scope='col'>Harga</th>
                    <th scope='col'>Jumlah</th>
                    <th scope='col'>Status</th>
                </tr>
            </thead>
            <?php

$username = $_SESSION[ 'user' ];

$sql3 = "SELECT * FROM pelanggan WHERE username= '$username'";
$res3 = mysqli_query( $conn, $sql3 );
$data_user = mysqli_fetch_assoc( $res3 );

$id_user = $data_user [ 'id_pelanggan' ];

//save the order in database
//create SQL to save the data

// var_dump ( $sql2 );

$sql = "SELECT *FROM tabel_pesanan JOIN pelanggan ON tabel_pesanan.id_pelanggan=pelanggan.id_pelanggan JOIN tabel_makanan ON tabel_makanan.id_makanan=tabel_pesanan.id_makanan WHERE pelanggan.id_pelanggan='$id_user'";
$res = mysqli_query( $conn, $sql );
$count = mysqli_num_rows( $res );

if ( $count>0 )

//pesanan tersedia
while( $row = mysqli_fetch_assoc( $res ) ) {
    // var_dump( $row );
    // die;
    
    //get all the order details
    $nama = $row[ 'nama' ];
    $makanan = $row[ 'title' ];
    $harga = $row[ 'harga' ];
    $jumlah = $row[ 'jumlah' ];
    $total = $row [ 'total' ];
    $status = $row[ 'status' ];
    $id_bayar = $row[ 'id_bukti_bayar' ];

    ?>
            <tbody>
                <tr>
                    <td data-header class='title'><?php echo $nama?></td>
                    <td data-header><?php echo $makanan ?></td>
                    <td data-header><?php echo $harga?></td>
                    <td data-header><?php echo $jumlah?></td>
                    <td data-header><?php echo $status?></td>

                </tr>
            </tbody>

            <!-- <br><br> -->

            <?php
}

?>
        </table>
        <br>
        <?php 
         $sql = "SELECT * FROM bukti_pembayaran WHERE id_bukti_bayar='$id_bayar'";
    //execute the query
    $res = mysqli_query( $conn, $sql );
    //get the value from database
    $row = mysqli_fetch_assoc( $res ); 
    
    $nama_gambar = $row['gambar'];
    if(empty($nama_gambar)){
        ?>
        <form method='POST' action='uploadbukti.php' enctype='multipart/form-data'>
            <tr>
                <td> Upload Bukti Pembayaran : </td>
                <br><br>
                <td>
                    <input type='file' name='image'>
                    <input type='hidden' name='id_bukti_bayar' value="<?= $id_bayar?>" />
                    <input type='Submit' class='btn-secondary'>
                </td>
            </tr>
        </form>
        <br><br>
        <h1> Transfer Ke Nomor rekening : 0111-01-058223-50-7 (BANK BRI)</h1>
        <?php
    }
        else
    {
        ?>
        <br><br>
        <h1>Bukti Pembayaran Telah Diupload ! Silahkan Menunggu Status Order</h1>
        <?php
        }
        ?> <div class='clearfix'>
        </div>

    </div>
    <?php

?>

</section>
<!-- fOOD Menu Section Ends Here -->

<?php include( 'partials-front/footer.php' );
?>

and this is the error error view

ive been trying to think thank maybe i need to add a condition when the data is empty there is a condition that show the data is empty, but i dont know how to do it

sorry for my bad english, i do my best please if anyone there can help me

Phil
  • 157,677
  • 23
  • 242
  • 245
203 002 JONATHAN MARKUS SENAS
  • 9
  • 1
  • 2
    undefined variable means you have used that variable without defining it anywhere. in your code you have used `$id_bayar` variable in your select query but have not defined that variable anywhere. you can sort this by defining `$id_bayar='your_id_value'` above your select query – Bhavik Dec 21 '22 at 04:21
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Dec 21 '22 at 12:31

0 Answers0