Check if an order already exists if not create one

Report · Jul 26, 2013

I have an issue with a payment gateway. I need to check if an order exists already, if it does i need to use that order id and proceed to the hosted payment page, if it doesnt i need to create it. I have this part to create the order but if it already exists i am getting a duplicate key error which i would expect.

this is the insert if orderID doesnt exist

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

$insertSQL = sprintf("INSERT INTO beauSS13_orders (OrderID, CustomerID, OrderDate, Shipping, Discount, Tax, Total) VALUES (%s, %s, %s, %s, %s, %s, %s)",

GetSQLValueString($_POST['OrderID'], "text"),

GetSQLValueString($_POST['CustomerID'], "int"),

GetSQLValueString($_POST['OrderDate'], "date"),

GetSQLValueString($_POST['Shipping'], "double"),

GetSQLValueString($_POST['Discount'], "double"),

GetSQLValueString($_POST['Tax'], "double"),

GetSQLValueString($_POST['XC_Amount'], "double"));

i found this on the internet

$url_id = mysql_real_escape_string($_GET['id']); $sql = "SELECT id FROM members WHERE id='$url_id'"; $result = mysql_query($sql); if(mysql_num_rows($result) >0){ //found }else{ //not found }

but need to know how to adapt it to suite my script

Report · Jul 27, 2013

Firstly, what tells you that the order already exists? What are you matching against? If a customer purchases one widget then later on the same day purchases another widget, they are two different orders, right? Assuming that the order_id is an auto-generated sequential number, then is that what you are trying to match against? And if so, where are you obtaining the basis for the match?

You can ignore my first paragraph if we can assume that you have an id and now you just need to find out if that id has been used before. If so, then the little example you provide does provide the solution you are after. So your insert code block would go in the section marked "//not found" and maybe in the //found section you want to put an update query or somethng.

Not meaning to be unkind, but when I pay for something online, I always pray that the programmer wasn't someone like you--unable to write their own code, but letting adobe write BAD, OBSOLETE code for them that could be putting my credit card account at risk. Write your own code, all of it. Never use code or server behaviors created by Adobe. For an ecommerce script, you really need to switch to MySQLi or PDO.

Report · Jul 27, 2013

Rob Hecker2 wrote:
Firstly, what tells you that the order already exists? What are you matching against? If a customer purchases one widget then later on the same day purchases another widget, they are two different orders, right? Assuming that the order_id is an auto-generated sequential number, then is that what you are trying to match against? And if so, where are you obtaining the basis for the match?
You can ignore my first paragraph if we can assume that you have an id and now you just need to find out if that id has been used before. If so, then the little example you provide does provide the solution you are after. So your insert code block would go in the section marked "//not found" and maybe in the //found section you want to put an update query or somethng.
Not meaning to be unkind, but when I pay for something online, I always pray that the programmer wasn't someone like you--unable to write their own code, but letting adobe write BAD, OBSOLETE code for them that could be putting my credit card account at risk. Write your own code, all of it. Never use code or server behaviors created by Adobe. For an ecommerce script, you really need to switch to MySQLi or PDO.

thanks for the advise on writing my own script and using MySQLi or PDO.

with regards to the issue i am having. Your second paragraph is what i need to acheive i need to have an update query or something..but not sure the correct way of going about this

Report · Jul 27, 2013

The following should work as a guide:

//if we assume that the OrderID is numeric, and it is being passed as a url variable, then do the following for security
if (is_numeric($_GET['OrderID'])){
$OrderID =$_GET['OrderId'];
// ..then
$sql = "SELECT * FROM beauSS13_orders WHERE Orderid='$OrderID'";
$result = mysql_query($sql);
if(mysql_num_rows($result) >0){
//Matching OrderID found, so you can't do an insert. So now what do you want to do?
}else{
// Put your insert block here
}
// Woops! The OrderID wasn't numeric or didn't exist
echo "Don't pass me no jive OrderID!";
}

. . .however, the above isn't how I would actually write it because I would use PDO so that I could use bound parameters and catch exceptions. PDO (and MySQLi) provide a lot of nice features so that once you get the hang of working with one or the other, you will never want to go back.

Report · Jul 27, 2013

ok thanks i will see how i get on with this, and look at using MySQLi in the future.

Report · Jul 27, 2013

There was a little error in my code. Corrected here:

//if we assume that the OrderID is numeric, and it is being passed as a url variable, then do the following for security
if (is_numeric($_GET['OrderID'])){
$OrderID =$_GET['OrderId'];
// ..then
$sql = "SELECT * FROM beauSS13_orders WHERE Orderid='$OrderID'";
$result = mysql_query($sql);
if(mysql_num_rows($result) >0){
//Matching OrderID found, so you can't do an insert. So now what do you want to do?
}else{
// Put your insert block here
}} else {
// Woops! The OrderID wasn't numeric or didn't exist
echo "Don't pass me no jive OrderID!";
}

Report · Jul 28, 2013

thanks for your help so i add an update query here

//Matching OrderID found, so you can't do an insert. So now what do you want to do?

then a insert here

// Put your insert block here

then if neither an update or insert and invalid here

// Woops! The OrderID wasn't numeric or didn't exist

echo "Don't pass me no jive OrderID!";