shop/order.php at master · 88Group/shop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php
	session_start();
	$con=mysqli_connect("us-cdbr-iron-east-04.cleardb.net","b966a2a16a969f","01d02abd","heroku_0b7502a16e114a3");
	if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error(); }
	elseif(isset($_POST["submit2"]) || isset($_POST["submit1"]) )
	{
	$quantity = mysqli_real_escape_string($con,$_POST['quantity']);
	$id = mysqli_real_escape_string($con,$_POST['pID']);
	if($quantity<=0)
	{
		echo "<script> history.go(-1);</script>";
	}
	else
	{
	if(!isset($_SESSION["uid"]))
	{
		$_SESSION["pid"] = $id;
		$_SESSION["quan"] = $quantity;
		echo "<script> window.location.href = 'login.php';</script>";
	}
	else
	{
	$uid =  mysqli_real_escape_string($con,$_SESSION["uid"]);
	$sql = "INSERT INTO orders (userID,productID,quantity) VALUES('$uid','$id','$quantity')";
	$sql2 = "UPDATE product SET stock = stock - '$quantity' WHERE productID = '$id' ";
 	$res = mysqli_query($con,$sql);
 	$res2 = mysqli_query($con,$sql2);
 	if(!$res || !$res2)
 	{
 		die('Error: ' . mysqli_error($con));
 	}
 	else
 	{
 		echo "<script> window.location.href = 'index.php';</script>";
 	}
	}
}
}


mysqli_close($con);
 ?>