Jump to content
Larry Ullman's Book Forums

$_Session['Order_Id'] Loses The Value When The View_Order.Php File Is Reloaded


Recommended Posts

Hi, I encountered a bug when using the 'view_order.php?oid=x' page (page #344 in the book), first time it loads, everything works fine and the $_SESSION['order_id'] is assigned the right value,

 

after I click on the 'Ship This Order' button the page reloads itself and the URL becomes just the 'view_order.php' so the script should use 'elseif (isset($_SESSION['order_id'])' to assign '$order_id = $_SESSION['order_id'],

 

but it doesn't, because for some reason the '($_SESSION['order_id'])' loses its value. I rechecked everything many times and there's no any mistake in my code here. And logic in the code

is clear and obviously right.

 

Meanwhile I found a workaround by modifying the <form action="view_order.php"...

to <form action=" to view_order.php?oid=' . $order_id . '"...,

 

so instead of the session the script uses $_GET['oid'] method and it works.

 

But anyway I'd like to know if there's something I could tweak to make the session work in this file.

 

P.S.

I didn't have any problems using sessions when I was redirecting the user from the checkout.php to the billing.php and so on.

 

The  view_order.php doesn't jump from https to http or www. and the session_start(); function is always in the header.html

 

 

 

Thanks in advance.

 

 

 

 

 

 

Link to comment
Share on other sites

Thank you for your help, here is the code:

 

<?php 

// This file allows the administrator to view a specific order.
// The administrator can also mark order items as shipped.


// Require the configuration before any PHP code as configuration controls error reporting.
require ('../includes/config.inc.php');


// Set the page title and include the header:
$page_title = 'Просмотр заказа';
include ('./includes/header.html');
// The header file begins the session.



// Validate the order ID:
$order_id = false;


if (isset($_GET['oid']) && (filter_var($_GET['oid'], FILTER_VALIDATE_INT, array('min_range' => 1))) ) { // First access

    $order_id = $_GET['oid'];
    
    $_SESSION['order_id'] = $order_id;         
    


} elseif (isset($_SESSION['order_id']) && (filter_var($_SESSION['order_id'], FILTER_VALIDATE_INT, array('min_range' => 1))) ) {


    $order_id = $_SESSION['order_id'];

}


// Stop the page if the $order_id is not valid:
if(!$order_id) {
    echo '<h3>Ошибка!</h3><p>Эта страница была открыта ошибочно.</p>';    
    include ('./includes/footer.html');
    exit();

/* If the page does not have a valid order ID, there's no point in continuing.
An error will be printed, the footer included, and the script terminated. */
}

// Require the database connection:
require(MYSQL);


if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    
    // Update the order_contents table:
    $q = "UPDATE order_contents SET ship_date=NOW() WHERE order_id=$order_id";
    

    
    $r = mysqli_query($dbc, $q);

    
} // End of the submission IF.


// Define and execute the query:
$q = 'SELECT total,

      DATE_FORMAT(order_date, "%a %b %e, %Y at %h:%i%p") AS od,
 
      email, cus.name, CONCAT_WS(", ", district, city, address1, address2) AS address,
      phone, customer_id, CONCAT_WS(" - ", c.category, p.name) AS item,
      quantity, price_per,
      
      DATE_FORMAT(ship_date, "%b %e, %Y") AS sd,
      
      file_name, cat_file_name, CONCAT("O", p.id) AS sku
      
      FROM orders AS ord
      
      INNER JOIN customers AS cus ON (ord.customer_id=cus.id)
      INNER JOIN order_contents AS oc ON (oc.order_id=ord.id)
      INNER JOIN products as p ON (oc.product_id=p.id)
      INNER JOIN categories as c ON (c.id=p.category_id)
      
      WHERE ord.id=' . $order_id;

      
// Execute the query:
$r = mysqli_query($dbc, $q);


// If rows were returned, start a form:
if(mysqli_num_rows($r) > 0) { // Display the order info:


    echo '<h3>Заказ:</h3>
    <form action="view_order.php" method="post" accept-charset="utf-8">
        <fieldset>'; // I had to hack and put the ?oid=' . $order_id . ' above, because for some reason the $_SESSION['order_id'] loses its value when the page is reloaded.
        
        // The form posts back to this same page and only contains, as written,
        // a submit button.
        
        // Fetch the first returned row and display the general information:
        $row = mysqli_fetch_array($r, MYSQLI_ASSOC);
        
        echo "<p><strong>Номер заказа</strong>: $order_id<br />
        <strong>Общая сумма</strong>: {$row['total']}руб.<br />
        <strong>Дата заказа (the US time)</strong>: {$row['od']}<br />
        <strong>Имя клиента</strong>: {$row['name']}<br />
        <strong>Адрес клиента</strong>: {$row['address']}<br />
        <strong>Тел.</strong>: {$row['phone']}<br />
        <strong>email</strong>: {$row['email']}        
        </p>";
        
        
        // Create the table:
        echo '<table border="0" width="100%" cellspacing="2" cellpadding="2">
            <thead>
            <tr>
                <th align="center">Единица товара</th>
                <th align="right">Цена</th>
                <th align="center">Кол-во</th>
                <th align="center">Доставлен?</th>
            </tr>
            </thead>
            <tbody>';
            
            // For confirming that the order has shipped:
            $shipped = true;
            

            
            // Print each item:
            do {
            
                echo '<tr>
                    <td align="left"><a title="Просматреть товар в новой вкладке - URL: ' . $row['file_name'] . '" target="_blank" href="' . BASE_URL . 'catalog/' . $row['cat_file_name'] . '#' . $row['sku'] . '">' . $row['item'] . '</a></td>
                    <td align="right">' . $row['price_per'] . '</td>
                    <td align="center">' . $row['quantity'] . '</td>
                    <td align="center">' . $row['sd'] . '</td>
                </tr>';
            
                // Update the shipping status:
                if (!$row['sd']) $shipped = false; // if $row['sd'] is NULL (for any item in the order),
                // then the entire order has not been shipped yet, and the flag variable should
                // indicate such.
                
            } while ($row = mysqli_fetch_array($r));           

                               
                
            echo '</tbody></table>';                
            
            
            // If the order hasn't entirely shipped, create the submit button:
            if(!$shipped) {
            
                echo '<div class="field"><input type="submit" value="Заказ доставлен" class="button" /></div>';
                // For orders that have completely shipped, no submit button will exist.
            }
                
        echo '</fieldset>
    </form>';
            
            
} else { // Complete the mysqli_num_rows() conditional:

    // No records returned:
    echo '<h3>Ошибка!</h3><p>Данная страница была открыта из-за ошибки</p>';
    include('./includes/footer.html');
    exit();
}


include ('./includes/footer.html');
?>

Link to comment
Share on other sites

The session should be started in the configuration file, I believe. 

 

I would start by confirming the session ID to make sure that's not changing. I'd also confirm the value of order ID at all points.

Link to comment
Share on other sites

 Share

×
×
  • Create New...