Ryan R

Thanks, Larry. I will check with them.

Thanks, Larry. It works perfectly after changing my header to what you suggested. I guess I should change host url to www.paypal.com later when I use it for live site. Or should I use www.paypal.ca as I am in Canada?

I know that "if(strcmp($res, "VERIFIED") < 0){" means it's not verifying at all. I've appended the value of $res to my database right before "if(strcmp($res, "VERIFIED") < 0){". The value is below: Invalid Host header Content-Length: 19 Connection: close Server: BigIP HTTP/1.0 400 Bad Request I've got this message 2 times.

I set up my sandbox account and built my ipn based on book. I am having trouble passing through "VERIFIED" section. If code is like this below: if(strcmp($res, "VERIFIED") == 0){ it's not going through. But if I put less than 0 like below: if(strcmp($res, "VERIFIED") < 0){ it works perfectly. I assume that the string in $res is shorter or lower characters than the string "VERIFIED". Since I don't know the exact string that I get from $res, I don't seem to find any solution about verification process. I am putting my code below in case you can find errors outside of this section. Please see my entire ipn page code below. Thanks in advance. ========================================================================= <?php require('../codes/common.php'); require('../function/function.php'); global $dbc; global $g_db_info; $tcm_advertise_info = $g_db_info['tcm_advertise_info']['table']; $tcm_ad_orders = $g_db_info['tcm_ad_orders']['table']; $error_log = $g_db_info['error_log']['table']; date_default_timezone_set('America/Toronto'); $today = date("Y-m-d H:i:s", time()); // Start by creating a request variable: $req = 'cmd=_notify-validate'; // Add each received key=value pair to the request: foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // Open a socket connection to PayPal: $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); // Test //$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); // Live if (!$fp) { // If we couldn't connect, send an email: //append record to error log $obj_value['dt_create'] = $today; $obj_value['dt_last_update'] = $today; $obj_value['error_msg'] = 'It could not connect to my IPN in paypal.'; update_query($results, "error_log", $obj_value); } else { // Send the request to PayPal: $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; fputs ($fp, $header . $req); // Read in the response: while (!feof($fp)) { $res = fgets ($fp, 1024); if(strcmp($res, "VERIFIED") == 0){ // Check for the right values: //receiver email is a merchant email address (thechurchmap email) if ( isset($_POST['payment_status']) && ($_POST['payment_status'] == 'Completed') && ($_POST['receiver_email'] == 'forkhyun@gmail.com') && ($_POST['mc_gross'] == 200.00) && ($_POST['mc_currency'] == 'CAD') && (!empty($_POST['txn_id'])) ) { // Check for this transaction in the database: $txn_id = $_POST['txn_id']; //select tcm_advertise_info table $obj_carriers=""; $obj_carriers['transaction_id'] = $txn_id; select_data($results, "tcm_ad_orders", $obj_carriers, "", "", "", ""); if (mysqli_num_rows($results) == 0) { // Add this new transaction: $uid = (isset($_POST['custom'])) ? (int) $_POST['custom'] : 0; $status = mysqli_real_escape_string($dbc, $_POST['payment_status']); $amount = (float) $_POST['mc_gross']; //insert values to tcm ad orders $obj_values=""; $obj_values['dt_create'] = $today; $obj_values['dt_last_update'] = $today; $obj_values['tcm_ad_id'] = $uid; $obj_values['transaction_id'] = $txn_id; $obj_values['payment_status'] = $status; $obj_values['payment_amount'] = $amount; $obj_values['payment_date_time'] = $today; update_query($results_ins, "tcm_ad_orders", $obj_values); if ($results_ins == 1) { if ($uid > 0) { // Update tcm_advertise_info table: $sql = "UPDATE $tcm_advertise_info SET date_expires = IF(date_expires > NOW(), ADDDATE(date_expires, INTERVAL 1 MONTH), ADDDATE(NOW(), INTERVAL 1 MONTH)), dt_last_update='$today' WHERE id=$uid"; run_query($results_upd, $sql); if ($results_upd != 1) { //append record to error log $obj_value['dt_create'] = $today; $obj_value['dt_last_update'] = $today; $obj_value['error_msg'] = "date_expires table could not be updated!"; update_query($results, "error_log", $obj_value); } } // Invalid user ID. } else { // Problem inserting the order! //append record to error log $obj_value['dt_create'] = $today; $obj_value['dt_last_update'] = $today; $obj_value['error_msg'] = 'The transaction could not be stored in tcm_ad_orders table!'; update_query($results, "error_log", $obj_value); } } // The order has already been stored! } // The right values don't exist in $_POST! }elseif(strcmp($res, "INVALID") == 0){ //append record to error log $obj_value['dt_create'] = $today; $obj_value['dt_last_update'] = $today; $obj_value['error_msg'] = 'The transaction was Invalid.'; update_query($results, "error_log", $obj_value); } } // End of the WHILE loop. // Close the connection: fclose ($fp); } // End of $fp IF-ELSE. ?>

Thanks guys! It helps me to understand it better. I have one more thing I want to sort out. If I want to apply to another example like this: $live = false; <?php if(!$live){ define('....', '.....'); }else{ define('..--','...--'); } !$live means "not live". Therefore $live is "live". Interestingly even though its value is false, it represents that "it's live". Is it because the value doesn't exist so that it can be on line without being affected to this flag ? Thanks.

Hi, I find that "(!flag)" has been confusing throughout the time that I am reading the book. If you look at the example below: $header = false; // Loop through the results: while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { // If the header hasn't been shown, create it: if (!$header) { ......?> I think that "!$header" means TRUE since it's started with "false" default value. But you described that "!$header" means FALSE.. I think I need a little bit of more explanation to understand clearly. thanks.

Now, I got it. Thanks for helping me understand it better, Larry.

Hi, I have a question for uploading image part in add_print.php. Usually you would get rid of temporary file on the server after moving the file to the permanent location ( ex) ../uploads/$_FILES['image']['name'] ). However, in "add_print.php" file, it shows you delete the original file (the code like this below:) // Delete the uploaded file if it still exists: if ( isset($temp) && file_exists ($temp) && is_file($temp) ) { unlink ($temp); } If you go up to the beginning part of this code, you will see : // Check for an image: if (is_uploaded_file ($_FILES['image']['tmp_name'])) { // Create a temporary file name: $temp = '../uploads/' . md5($_FILES['image']['name']); // Move the file over: if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)) { echo '<p>The file has been uploaded!</p>'; // Set the $i variable to the image's name: $i = $_FILES['image']['name']; } else { // Couldn't move the file over. $errors[] = 'The file could not be moved.'; $temp = $_FILES['image']['tmp_name']; } } else { // No uploaded file. $errors[] = 'No file was uploaded.'; $temp = NULL; } When the file is uploaded, $temp means the original file that is pointing to the permanent location.($temp = '../uploads/' . md5($_FILES['image']['name']); I thought you only delete the temporary file after moving the file to the permanent. Why do you delete the original file? Also Why do you not delete the temporary file after the file is moved to the permanent location? It would be appreciated if you can give me some explanation. Thanks.

Thanks HartleySan, It is good to know. Maybe I should do that according to what you recommended me. Larry - I am sorry. I won't use that last word again. I created the stored procedure and executed it. But it didn't work. Like HartlySan mentioned above, I am having the exact same issue as his. I guess I will need to switch them to prepared statements.

Thank you very much for your reply, Larry I tried "select_categories" stored procedure by typing $$ on the delimiter blank box. But it still doesn't work. The error message is: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DELIMITER' at line 1 Interestingly, When I check "select_categories" stored procedure on the phpmyadmin, it shows me that it exists. So I made a test web page in which I put a query that called this stored procedure. When I put it on my server, it didn't work... I guess that "select_categories" procedure isn't working but somehow it shows it's existing in phpmyadmin. Thanks again for your efforts and helps. I look forward to hearing from you soon.

Thank you very much, Larry. Yes, I am using phpMyAdmin. I am sorry but I will need to ask you where the check box is... Only thing I can find is that there's a box for delimiter and in that box, semicolon is typed in as a default. Should I change this to $$?

Hi all, I am sure some of you already checked my two previous post about inventory and the error issue on billing.php. You can just ignore it. I figured it out. Thanks for your efforts and attentions to my past posts. Today, I have a just simple question about stored procedures. I recently bought a hosting service from Godaddy.com and the version of PHP is 5.2 and MySQL is 5.0. I try to run this stored procedure: DELIMITER $$ CREATE PROCEDURE select_categories (type VARCHAR(6)) BEGIN IF type = 'coffee' THEN SELECT * FROM general_coffees ORDER by category; ELSEIF type = 'other' THEN SELECT * FROM non_coffee_categories ORDER by category; END IF; END$$ DELIMITER ; But it gives an error : #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DELIMITER' at line 1 Interestingly, other stored procedures are working really well... Can anyone give me a good advice for this issue? Thanks again for your help.

Hi all, Thanks for your help and attention to this. I just want to talk about the questions that I posted on this forums last week. There were two issues I couldn't figure out. One of two issues was solved: Issue 1: The inventory stock figure isn't changing after clicking "ship this order" button - solved I tried again for the inventory stock part according to the book " effortless ecommerce". It works well now. But the other issue is still there. Issue 2: After you order some items on the customer side ( *web pages that are not in admin folder) and go to admin page and click the button "ship this order" on "view_order.php, if you go back to the customer side page order some thing more, it gives you an error message. " An error occurred in script 'C:\xampp\htdocs\billing.php' on line 118: Undefined index: order_total The problem line is : $order_total = $_SESSION['order_total']; Why is it that you can order multiful times before you hit "ship this order" in admin side but you have an error if you order something more after you hit "ship this order"? Interesting I found is that after ordering items and clicking "ship this order" button, if I delete the cookies on my browser and order some more items, it works well. It seems like the problem is occurred because I am using customer side and admin side both at the same time on the same browser. It's very interesting.. Can you explain why it happens like this?? Please see billing.php file below. The problem line is in bold ---------------------------------------------------------------------- <?php // This file is the second step in the checkout process. // It takes and validates the billing information. // This script is begun in Chapter 10. // Require the configuration before any PHP code: require ('./includes/config.inc.php'); // Start the session: session_start(); // The session ID is the user's cart ID: $uid = session_id(); // Check that this is valid: if (!isset($_SESSION['customer_id'])) { // Redirect the user. $location = 'https://' . BASE_URL . 'checkout.php'; header("Location: $location"); exit(); } // Require the database connection: require (MYSQL); // Validate the billing form... // For storing errors: $billing_errors = array(); // Check for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (get_magic_quotes_gpc()) { $_POST['cc_first_name'] = stripslashes($_POST['cc_first_name']); // Repeat for other variables that could be affected. } // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $_POST['cc_first_name'])) { $cc_first_name = $_POST['cc_first_name']; } else { $billing_errors['cc_first_name'] = 'Please enter your first name!'; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['cc_last_name'])) { $cc_last_name = $_POST['cc_last_name']; } else { $billing_errors['cc_last_name'] = 'Please enter your last name!'; } // Check for a valid credit card number... // Strip out spaces or hyphens: $cc_number = str_replace(array(' ', '-'), '', $_POST['cc_number']); // Validate the card number against allowed types: if (!preg_match ('/^4[0-9]{12}(?:[0-9]{3})?$/', $cc_number) // Visa && !preg_match ('/^5[1-5][0-9]{14}$/', $cc_number) // MasterCard && !preg_match ('/^3[47][0-9]{13}$/', $cc_number) // American Express && !preg_match ('/^6(?:011|5[0-9]{2})[0-9]{12}$/', $cc_number) // Discover ) { $billing_errors['cc_number'] = 'Please enter your credit card number!'; } // Check for an expiration date: if ( ($_POST['cc_exp_month'] < 1 || $_POST['cc_exp_month'] > 12)) { $billing_errors['cc_exp_month'] = 'Please enter your expiration month!'; } if ($_POST['cc_exp_year'] < date('Y')) { $billing_errors['cc_exp_year'] = 'Please enter your expiration year!'; } // Check for a CVV: if (preg_match ('/^[0-9]{3,4}$/', $_POST['cc_cvv'])) { $cc_cvv = $_POST['cc_cvv']; } else { $billing_errors['cc_cvv'] = 'Please enter your CVV!'; } // Check for a street address: if (preg_match ('/^[A-Z0-9 \',.#-]{2,160}$/i', $_POST['cc_address'])) { $cc_address = $_POST['cc_address']; } else { $billing_errors['cc_address'] = 'Please enter your street address!'; } // Check for a city: if (preg_match ('/^[A-Z \'.-]{2,60}$/i', $_POST['cc_city'])) { $cc_city = $_POST['cc_city']; } else { $billing_errors['cc_city'] = 'Please enter your city!'; } // Check for a state: if (preg_match ('/^[A-Z]{2}$/', $_POST['cc_state'])) { $cc_state = $_POST['cc_state']; } else { $billing_errors['cc_state'] = 'Please enter your state!'; } // Check for a zip code: if (preg_match ('/^(\d{5}$)|(^\d{5}-\d{4})$/', $_POST['cc_zip'])) { $cc_zip = $_POST['cc_zip']; } else { $billing_errors['cc_zip'] = 'Please enter your zip code!'; } if (empty($billing_errors)) { // If everything's OK... // Convert the expiration date to the right format: $cc_exp = sprintf('%02d%d', $_POST['cc_exp_month'], $_POST['cc_exp_year']); // Check for an existing order ID: if (isset($_SESSION['order_id'])) { // Use existing order info: $order_id = $_SESSION['order_id']; $order_total = $_SESSION['order_total']; } else { // Create a new order record: // Get the last four digits of the credit card number: $cc_last_four = substr($cc_number, -4); // Call the stored procedure: $r = mysqli_query($dbc, "CALL add_order({$_SESSION['customer_id']}, '$uid', {$_SESSION['shipping']}, $cc_last_four, @total, @oid)"); // Confirm that it worked: if ($r) { // Retrieve the order ID and total: $r = mysqli_query($dbc, 'SELECT @total, @oid'); if (mysqli_num_rows($r) == 1) { list($order_total, $order_id) = mysqli_fetch_array($r); // Store the information in the session: $_SESSION['order_total'] = $order_total; $_SESSION['order_id'] = $order_id; } else { // Could not retrieve the order ID and total. unset($cc_number, $cc_cvv); trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.'); } } else { // The add_order() procedure failed. unset($cc_number, $cc_cvv); trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.'); } } // End of isset($_SESSION['order_id']) IF-ELSE. // ------------------------ // Process the payment! if (isset($order_id, $order_total)) { // Need the customer ID: $customer_id = $_SESSION['customer_id']; // Make the request to the payment gateway: require_once('../private/gateway_setup.php'); require_once('../private/gateway_process.php'); // Add slashes to two text values: $reason = addslashes($response_array[3]); $response = addslashes($response); // Record the transaction: $r = mysqli_query($dbc, "CALL add_transaction($order_id, '{$data['x_type']}', $response_array[9], $response_array[0], '$reason', $response_array[6], '$response')"); // Upon success, redirect: if ($response_array[0] == 1) { // Add the transaction info to the session: $_SESSION['response_code'] = $response_array[0]; // Redirect to the next page: $location = 'https://' . BASE_URL . 'final.php'; header("Location: $location"); exit(); } else { // Do different things based upon the response: if ($response_array[0] == 2) { // Declined $message = $response_array[3] . ' Please fix the error or try another card.'; } elseif ($response_array[0] == 3) { // Error $message = $response_array[3] . ' Please fix the error or try another card.'; } elseif ($response_array[0] == 4) { // Held for review $message = "The transaction is being held for review. You will be contacted ASAP about your order. We apologize for any inconvenience."; } } // End of $response_array[0] IF-ELSE. } // End of isset($order_id, $order_total) IF. // Above code added as part of payment processing. // ------------------------ } // Errors occurred IF. } // End of REQUEST_METHOD IF. // Include the header file: $page_title = 'Coffee - Checkout - Your Billing Information'; include ('./includes/checkout_header.html'); // Get the cart contents: $r = mysqli_query($dbc, "CALL get_shopping_cart_contents('$uid')"); if (mysqli_num_rows($r) > 0) { // Products to show! if (isset($_SESSION['shipping_for_billing']) && ($_SERVER['REQUEST_METHOD'] != 'POST')) { $values = 'SESSION'; } else { $values = 'POST'; } include ('./views/billing.html'); } else { // Empty cart! include ('./views/emptycart.html'); } // Finish the page: include ('./includes/footer.html'); ?>

Please see billing.php file below. The problem line is in bold ---------------------------------------------------------------------- <?php // This file is the second step in the checkout process. // It takes and validates the billing information. // This script is begun in Chapter 10. // Require the configuration before any PHP code: require ('./includes/config.inc.php'); // Start the session: session_start(); // The session ID is the user's cart ID: $uid = session_id(); // Check that this is valid: if (!isset($_SESSION['customer_id'])) { // Redirect the user. $location = 'https://' . BASE_URL . 'checkout.php'; header("Location: $location"); exit(); } // Require the database connection: require (MYSQL); // Validate the billing form... // For storing errors: $billing_errors = array(); // Check for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (get_magic_quotes_gpc()) { $_POST['cc_first_name'] = stripslashes($_POST['cc_first_name']); // Repeat for other variables that could be affected. } // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $_POST['cc_first_name'])) { $cc_first_name = $_POST['cc_first_name']; } else { $billing_errors['cc_first_name'] = 'Please enter your first name!'; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['cc_last_name'])) { $cc_last_name = $_POST['cc_last_name']; } else { $billing_errors['cc_last_name'] = 'Please enter your last name!'; } // Check for a valid credit card number... // Strip out spaces or hyphens: $cc_number = str_replace(array(' ', '-'), '', $_POST['cc_number']); // Validate the card number against allowed types: if (!preg_match ('/^4[0-9]{12}(?:[0-9]{3})?$/', $cc_number) // Visa && !preg_match ('/^5[1-5][0-9]{14}$/', $cc_number) // MasterCard && !preg_match ('/^3[47][0-9]{13}$/', $cc_number) // American Express && !preg_match ('/^6(?:011|5[0-9]{2})[0-9]{12}$/', $cc_number) // Discover ) { $billing_errors['cc_number'] = 'Please enter your credit card number!'; } // Check for an expiration date: if ( ($_POST['cc_exp_month'] < 1 || $_POST['cc_exp_month'] > 12)) { $billing_errors['cc_exp_month'] = 'Please enter your expiration month!'; } if ($_POST['cc_exp_year'] < date('Y')) { $billing_errors['cc_exp_year'] = 'Please enter your expiration year!'; } // Check for a CVV: if (preg_match ('/^[0-9]{3,4}$/', $_POST['cc_cvv'])) { $cc_cvv = $_POST['cc_cvv']; } else { $billing_errors['cc_cvv'] = 'Please enter your CVV!'; } // Check for a street address: if (preg_match ('/^[A-Z0-9 \',.#-]{2,160}$/i', $_POST['cc_address'])) { $cc_address = $_POST['cc_address']; } else { $billing_errors['cc_address'] = 'Please enter your street address!'; } // Check for a city: if (preg_match ('/^[A-Z \'.-]{2,60}$/i', $_POST['cc_city'])) { $cc_city = $_POST['cc_city']; } else { $billing_errors['cc_city'] = 'Please enter your city!'; } // Check for a state: if (preg_match ('/^[A-Z]{2}$/', $_POST['cc_state'])) { $cc_state = $_POST['cc_state']; } else { $billing_errors['cc_state'] = 'Please enter your state!'; } // Check for a zip code: if (preg_match ('/^(\d{5}$)|(^\d{5}-\d{4})$/', $_POST['cc_zip'])) { $cc_zip = $_POST['cc_zip']; } else { $billing_errors['cc_zip'] = 'Please enter your zip code!'; } if (empty($billing_errors)) { // If everything's OK... // Convert the expiration date to the right format: $cc_exp = sprintf('%02d%d', $_POST['cc_exp_month'], $_POST['cc_exp_year']); // Check for an existing order ID: if (isset($_SESSION['order_id'])) { // Use existing order info: $order_id = $_SESSION['order_id']; $order_total = $_SESSION['order_total']; } else { // Create a new order record: // Get the last four digits of the credit card number: $cc_last_four = substr($cc_number, -4); // Call the stored procedure: $r = mysqli_query($dbc, "CALL add_order({$_SESSION['customer_id']}, '$uid', {$_SESSION['shipping']}, $cc_last_four, @total, @oid)"); // Confirm that it worked: if ($r) { // Retrieve the order ID and total: $r = mysqli_query($dbc, 'SELECT @total, @oid'); if (mysqli_num_rows($r) == 1) { list($order_total, $order_id) = mysqli_fetch_array($r); // Store the information in the session: $_SESSION['order_total'] = $order_total; $_SESSION['order_id'] = $order_id; } else { // Could not retrieve the order ID and total. unset($cc_number, $cc_cvv); trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.'); } } else { // The add_order() procedure failed. unset($cc_number, $cc_cvv); trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.'); } } // End of isset($_SESSION['order_id']) IF-ELSE. // ------------------------ // Process the payment! if (isset($order_id, $order_total)) { // Need the customer ID: $customer_id = $_SESSION['customer_id']; // Make the request to the payment gateway: require_once('../private/gateway_setup.php'); require_once('../private/gateway_process.php'); // Add slashes to two text values: $reason = addslashes($response_array[3]); $response = addslashes($response); // Record the transaction: $r = mysqli_query($dbc, "CALL add_transaction($order_id, '{$data['x_type']}', $response_array[9], $response_array[0], '$reason', $response_array[6], '$response')"); // Upon success, redirect: if ($response_array[0] == 1) { // Add the transaction info to the session: $_SESSION['response_code'] = $response_array[0]; // Redirect to the next page: $location = 'https://' . BASE_URL . 'final.php'; header("Location: $location"); exit(); } else { // Do different things based upon the response: if ($response_array[0] == 2) { // Declined $message = $response_array[3] . ' Please fix the error or try another card.'; } elseif ($response_array[0] == 3) { // Error $message = $response_array[3] . ' Please fix the error or try another card.'; } elseif ($response_array[0] == 4) { // Held for review $message = "The transaction is being held for review. You will be contacted ASAP about your order. We apologize for any inconvenience."; } } // End of $response_array[0] IF-ELSE. } // End of isset($order_id, $order_total) IF. // Above code added as part of payment processing. // ------------------------ } // Errors occurred IF. } // End of REQUEST_METHOD IF. // Include the header file: $page_title = 'Coffee - Checkout - Your Billing Information'; include ('./includes/checkout_header.html'); // Get the cart contents: $r = mysqli_query($dbc, "CALL get_shopping_cart_contents('$uid')"); if (mysqli_num_rows($r) > 0) { // Products to show! if (isset($_SESSION['shipping_for_billing']) && ($_SERVER['REQUEST_METHOD'] != 'POST')) { $values = 'SESSION'; } else { $values = 'POST'; } include ('./views/billing.html'); } else { // Empty cart! include ('./views/emptycart.html'); } // Finish the page: include ('./includes/footer.html'); ?>

Hi all, After I finished up the view_order.php updates, I tested website. I ordered random items and processed it. I went to admin page and accepted the button to ship the items. After that, you will usually expect that your inventory stock will be reduced as you put this code in view_order.php: (please see below) --------------------------------------------------------------------------------------------------------------------------- // Update the inventory... $q = 'UPDATE specific_coffees AS sc, order_contents AS oc SET sc.stock=sc.stock-oc.quantity WHERE sc.id=oc.product_id AND oc.product_type="coffee" AND oc.order_id=' . $order_id; $r = mysqli_query($dbc, $q); $q = 'UPDATE non_coffee_products AS ncp, order_contents AS oc SET ncp.stock=ncp.stock-oc.quantity WHERE ncp.id=oc.product_id AND oc.product_type="other" AND oc.order_id=' . $order_id; $r = mysqli_query($dbc, $q); ----------------------------------------------------------------------------------------------------------------------------- When I checked the stock on add_inventory.php page, the amount in stock didn't change.. Another thing is that after you order some items and processed it, if you try to order other more items, it gives the error like this below: --------------------------------------------------------------------------------------------------------------- An error occurred in script 'C:\xampp\htdocs\billing.php' on line 118: Undefined index: order_total ----------------------------------------------------------------------------------------------------- I guess the queries are not working well..And I don't understand about second issue.. Can you help me with these issues?? Thank you so much for your help and look forward to hearing from you soon.

Thanks for your info. I know that it means query didn't work. Strangely, all other stored procedure queries worked but only this query didn't work. I tested this query on final.html file by creating simple codes just under the paragragh: ------------------------------------------------------------- <?php // Get the cart contents for the confirmation email: $r = mysqli_query($dbc, "CALL get_order_contents({$_SESSION['order_id']})"); // Fetch each product: while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { echo 'Per price is '.$row['price_per'].'and you ordered '.$row['quantity'].'.'; } // End of WHILE loop. ?> ----------------------------------------------------- Surprisingly, it worked ok. That's really odd and don't understand.. There must be something else causing the problem.. Can you help me with this issue?

Thanks Stuart, So, my thought was correct, then.

Hi all, The book "effortless e-commerce" said that email_receipt.php file will be described in a few page. But I don't see the file anywhere in this book. I found the php file from download. I linked this file to final.php and executed. There was an error msg as soon as I executed it. To clarify where the error was coming from, I excluded the email_receipt.php file and executed it. And it worked well. I am attaching the file codes here below: The error line is in bold. The error msg is: "An error occurred in script 'C:\xampp\htdocs\includes\email_receipt.php' on line 25: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given" ------------------------------------------------------------------------------------------------ <?php // This script sends a receipt out in HTML format. // This script is created in Chapter 10. // Create the message body in two formats: $body_plain = "Thank you for your order. Your order number is {$_SESSION['order_id']}. All orders are processed on the next business day. You will be contacted in case of any delays.\n\n"; $body_html = '<html><head><style type="text/css" media="all"> body {font-family:Tahoma, Geneva, sans-serif; font-size:100%; line-height:.875em; color:#70635b;} </style></head><body> <p>Thank you for your order. Your order number is ' . $_SESSION['order_id'] . '. All orders are processed on the next business day. You will be contacted in case of any delays.</p> <table border="0" cellspacing="8" cellpadding="6"> <tr> <th align="center">Item</th> <th align="center">Quantity</th> <th align="right">Price</th> <th align="right">Subtotal</th> </tr>'; // Get the cart contents for the confirmation email: $r = mysqli_query($dbc, "CALL get_order_contents({$_SESSION['order_id']})"); // Fetch each product: while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { // Add to the plain version: $body_plain .= "{$row['category']}::{$row['name']} ({$row['quantity']}) @ \${$row['price_per']} each: $" . $row['subtotal'] . "\n"; // Add to the HTML: $body_html .= '<tr><td>' . $row['category'] . '::' . $row['name'] . '</td> <td align="center">' . $row['quantity'] . '</td> <td align="right">$' . $row['price_per'] . '</td> <td align="right">$' . $row['subtotal'] . '</td> </tr> '; // For reference after the loop: $shipping = $row['shipping']; $total = $row['total']; } // End of WHILE loop. // Clear the stored procedure results: mysqli_next_result($dbc); // Add the shipping: $body_html .= '<tr> <td colspan="2"> </td><th align="right">Shipping & Handling</th> <td align="right">$' . $shipping . '</td> </tr> '; $body_plain .= "Shipping & Handling: \$$shipping\n"; // Add the total: $body_plain .= "Total: \$$total\n"; $body_html .= '<tr> <td colspan="2"> </td><th align="right">Total</th> <td align="right">$' . $total . '</td> </tr> '; // Complete the HTML body: $body_html .= '</table></body></html>'; // For Zend: set_include_path('./library/'); // Include the class definition: include ('Zend/Mail.php'); // Create a new mail: $mail = new Zend_Mail(); $mail->setFrom('admin@example.com'); $mail->addTo($_SESSION['email']); $mail->setSubject("Order #{$_SESSION['order_id']} at the Coffee Site"); $mail->setBodyText($body_plain); $mail->setBodyHtml($body_html); $mail->send(); -------------------------------------------------------------------------------- I tested it with disabling email parts by commenting them. I thought it might cause issues. But it was nothing to do with it. Thanks for your help and look forward to hearing from you soon.

Hi all, I have one simple question. I know it's really basic question but I wanted to clarify what they are... If you see config.inc.php file below: --------------------------------------------------------------------------------------------------------------------- $live = false; function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) { global $live, $contact_email; //build the error message $message="An error occurred in script '$e_file' on line $e_line:\n$e_message\n"; //add the backtrace; $message.="<pre>".print_r(debug_backtrace(),1)."</pre>\n"; if(!$live) { //show the error in the browser echo'<div class="error">'.nl2br($message).'</div>'; }else{//development (print the error) //send the error in an email; error_log($message,1,$contact_email,'From:admin@example.com'); //only print an error message in the browser, if the error isn't a notice. if($e_number != E_NOTICE) { echo'<div class="error">A system error occurred. We apologize for the inconvenience.</div>'; } }//end of $live IF-ELSE --------------------------------------------------------------------------------------------------------------- $live = false; means, as a flag, it's not true. So you can think this is not live. When you look at "if(!$live) {" part, I thought it meant it's live. Because $live = false and !$live is true. However the way this code described was that it meant to be when $live was false.. I am confused.. Can you explain it why it is like that? Thank you very much and look forward to hearing from you soon.

I couldn't find the curl section on phpinfo. But I found php.ini and uncomment extension=php_curl.dll. I thought I needed to fix php.ini-production and php.ini-development files. Now, it's working well. Thanks for your help and effort. Strangely, my phpinfo() doesn't show you curl information. If you install xampp 1.7.4 on your computer and execute phpinfo(), you will see. Thanks again for your help.

Thanks for your info. I am using xampp 1.7.4. and I enabled the curl by uncommenting the line: extension=php_curl.dll in xampp/php/php.ini-development and xampp/php/php.ini.production. And restarted Apache. However, it still doesn't work.. Did I make a mistake on uncommenting?? Thank you for your help again and look forward to hearing from you soon.

Hi all, I have tested the coffee e-commerce on my local computer after finishing the final.html file. My local php version 5.3.5 and mysql version 5.5.8 Unfortunately, I am having some errors when I try to go through the transaction part. After clicking "Place order" on billing.php, I saw error message "Fatal error: Call to undefined function curl_init() in C:\xampp\private\gateway_process.php on line 45" I will present the gateway_process.php below:(The line in bold is a problem line") ------------------------------------------------------------------------------------------------------------------------------------------------------ <?php // This script makes the actual request of the payment gateway. // Authorize.net URLs: if ($live) { define ('GATEWAY_API_URL', 'https://secure.authorize.net/gateway/transact.dll'); } else { define ('GATEWAY_API_URL', 'https://test.authorize.net/gateway/transact.dll'); } // Your account info: $data['x_login'] = '6m8yNMYY27'; $data['x_tran_key'] = '3Y5a3rEsxj2u6T7D'; // AIM Stuff: $data['x_version'] = '3.1'; $data['x_delim_data'] = 'TRUE'; $data['x_delim_char'] = '|'; $data['x_relay_response'] = 'FALSE'; // Transaction stuff: $data['x_method'] = 'CC'; // Order info: $data['x_amount'] = $order_total; $data['x_invoice_num'] = $order_id; $data['x_cust_id'] = $customer_id; // For testing purposes: // $data['x_test_request'] = 'TRUE'; // $data['x_amount'] = 6.00; // Convert the data: $post_string = ''; foreach( $data as $k => $v ) { $post_string .= "$k=" . urlencode($v) . "&"; } $post_string = rtrim($post_string, '& '); // This sample code uses the CURL library for php to establish a connection, // submit the post, and record the response. // If you receive an error, you may want to ensure that you have the curl // library enabled in your php configuration $request = curl_init(GATEWAY_API_URL); // initiate curl object curl_setopt($request, CURLOPT_HEADER, 0); // set to 0 to eliminate header info from response curl_setopt($request, CURLOPT_RETURNTRANSFER, 1); // Returns response data instead of TRUE(1) curl_setopt($request, CURLOPT_POSTFIELDS, $post_string); // use HTTP POST to send form data curl_setopt($request, CURLOPT_SSL_VERIFYPEER, FALSE); // uncomment this line if you get no gateway response. $response = curl_exec($request); // execute curl post and store results in $post_response curl_close ($request); // close curl object // This line takes the response and breaks it into an array using the specified delimiting character $response_array = explode($data["x_delim_char"],$response); ------------------------------------------------------------------------------------------------------------------- Thanks for your help and look forward to hearing from you soon.

Thank, Larry. It was helpful.

Hi All, I have been looking at the form function php file. There are a few things I don't quite get. It would be appreciated if you can help me understand better. If you look at the input form like below, you will notice the value = $value. echo '<input type="'.$type.'" name="'.$name.'" id="'.$name.'"'; if($value) echo 'value="'.htmlspecialchars($value).'"'; if(!empty($extras)) echo "$extras"; if(array_key_exists($name, $errors)) { echo 'class="error" /><br/><span class="error">'.$errors[$name].'</span>'; }else{ echo '/>'; } However, if you look the select form like below, value = $k instead of value = $value. I was thinking that it was supposed to be like: echo " $value = $k"; echo "<option value=\"$k\"....>" instead of what the example below is showing. Also, One thing I don't get is that if you put condition like: if($value == $k) where is the values of $value? It should have values to compare with $k to know whether it's matching or not. foreach($data as $k => $v) { echo "<option value=\"$k\""; if($value == $k) echo 'selected="selected"'; echo ">$v</option>\n"; }//end of foreach //complete the tag echo '</select>'; Thank you very much for your help. and look forward to hearing from you soon.

Thank you very much, Stuart! It helps me to understand better. Now I got it. Thanks again.