## Biiim 85

Thats great to hear, looks like you got a lot done over the weekend.

I can explain the array thing for you

\$input[] = array(\$row['itemId''],\$row['itemName'],\$row['qty']);

When you add values to an array, if you don't give them a key they are automatically assigned a numeric key starting from 0 eg . 0,1,2,3,4 . so for each item you are making an array with 3 values array(0=>itemid,1=>itemname,2=>qty)

so later on when you loop through all the items in \$input (\$input contains many arrays
eg. *
\$input = array(
0=>array(0=>itemid,1=>itemname,2=>qty),
1=>array(0=>itemid,1=>itemname,2=>qty),
2=>array(0=>itemid,1=>itemname,2=>qty)
);*

hopefully it doesnt blow your mind trying to grasp that, so when we do `foreach(\$input as \$item)` in the example above \$item will loop 3 times being entry 0,1 and 2 and have them 3 values available - also referenced as 0,1,2

foreach(\$input as \$item){
\$key = \$item[0];
\$name = \$item[1];
\$qty = \$item[2];

if you ever want to add more data for the item just add it into the array:

``````\$input[] = array(\$row['itemId'] ,\$row['itemName'], \$row['qty'], \$row['img1'], \$row['smalldesc']);
``````

which will make `\$img1 = \$item[3];\$smalldesc = \$item[4];`

As for the final problem, the form opens on line 156 `<form action="checkout2.php?" method="post">` is checkout2.php correct?

<input name="place" type="hidden" id="place" value="yes" />
<input name="tcost" type="hidden" id="tcost" value="<? echo \$totalCost; ?>" />
<input name="ship" type="hidden" id="ship" value="<? echo \$ship; ?>" />
<input name="taxx" type="hidden" id="taxx" value="<? echo \$totalTax; ?>" />
<input type="submit" name="Submit" value="Place Order" />

``````\$cartdata = listItems(\$input,\$_POST['country'],\$sstat);
\$cartTotalCost = \$cartdata['totalbill'];//total with tax and shipping, no gift wrap or express
\$ship = \$cartdata['shipping'];//shipping cost
\$salesTotal = \$cartdata['totalsales'];//sales cost, no tax or shipping
\$totalTax = \$cartdata['totaltax'];//tax
\$noTaxShipTotal = \$salesTotal + \$express + \$gift;//no tax/shipping total
\$ordertotal = \$cartTotalCost + \$express + \$gift;//full cost of sales,tax,shipping,gift and express
//----------store important values in session--------------//
\$_SESSION['tcost'] = \$noTaxShipTotal;//no tax or shipping
\$_SESSION['ship'] = \$ship;
\$_SESSION['taxx'] = \$totalTax;
//----------store important values in session--------------//
echo \$cartdata['html']
``````

Then theform should be updated to use the right variables: (if i got them right)

``````<input name="place" type="hidden" id="place" value="yes" />
<input name="tcost" type="hidden" id="tcost" value="<? echo \$noTaxShipTotal; ?>" />
<input name="ship" type="hidden" id="ship" value="<? echo \$ship; ?>" />
<input name="taxx" type="hidden" id="taxx" value="<? echo \$totalTax; ?>" />
<input type="submit" name="Submit" value="Place Order" />
``````

As for why the order is not submitting i've fixed the top up a bit, not that i could see much wrong - it's the section inside `if (isset(\$_POST['place'])) {` that processes the order, i just added an extra error catch

``````<?php
session_start();
require_once ('include/init.php');
require_once ('include/functions.php');

if (isset(\$_POST['ins'])) {
if (!isset(\$_POST['promo'])) {\$promo="no";} else {\$promo="yes";}

\$sstat = \$_POST["stat"];
\$sql="INSERT INTO cust(fname, lname, email, addr, city, stat, zip, promo, phone, dt, country) VALUES (".
"'".mysql_real_escape_string(trim(\$_POST["fname"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["lname"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["email"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["city"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["stat"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["zip"]))."', ".
"'".\$promo."', ".
"'".mysql_real_escape_string(trim(\$_POST["phone"]))."',NOW(),'".trim(mysql_real_escape_string(\$_POST["country"]))."') ";
\$rs= mysql_query(\$sql);
\$uid = mysql_insert_id();
\$_SESSION['uid'] = \$uid;
\$country = trim(\$_POST["country"]);
\$_SESSION['country'] = trim(\$_POST["country"]);
if (mysql_affected_rows()<0){
print "<B>Fatal ERROR: Could not add customer.</B>";
exit();
}
}
if (isset(\$_POST['place'])) {
\$sql="SELECT * from cust where id = ".mysql_real_escape_string(\$_SESSION['uid']);
\$rs= mysql_query(\$sql) or die(mysql_error());
if(\$rs !== false){
\$row=mysql_fetch_array(\$rs);
\$eemail = \$row["email"];
\$country = \$row["country"];
if (\$_POST["express"] == "15"){\$express = 15; \$expyes = "yes";}else{\$express = 0; \$expyes = "no";}
\$ordertotal = \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] + \$express + \$gift;
\$_SESSION["mthis"] ="" ;
\$_SESSION["mthis"] .=\$row["fname"]." ".\$row["lname"]."\n" ;
\$_SESSION["mthis"] .=\$row["addr"]."\n".\$row["city"].", ".\$row["stat"].", ".\$row["zip"].", "."\n" ;
\$_SESSION["mthis"] .=\$row["country"]."\n".\$row["email"]."\n".\$row["phone"]."\n"."\n"."Order info:"."\n" ;
\$sql="INSERT INTO orders(cust_id, cart_total, taxx, shipping, express, gift_wrap, s_first, s_last, s_addr, s_city, s_stat, s_zip, s_email, s_country, dt, s_phone) VALUES (".
"'".mysql_real_escape_string(\$row["id"])."', ".
"'".mysql_real_escape_string(\$ordertotal)."', ".
"'".mysql_real_escape_string(\$_SESSION["taxx"])."', ".
"'".mysql_real_escape_string(\$_SESSION["ship"])."', ".
"'".mysql_real_escape_string(\$expyes)."', ".
"'".mysql_real_escape_string(\$row["fname"])."', ".
"'".mysql_real_escape_string(\$row["lname"])."', ".
"'".mysql_real_escape_string(\$row["city"])."', ".
"'".mysql_real_escape_string(\$row["stat"])."', ".
"'".mysql_real_escape_string(\$row["zip"])."', ".
"'".mysql_real_escape_string(\$row["email"])."', ".
"'".mysql_real_escape_string(\$row["country"])."',NOW(),'".mysql_real_escape_string(\$row["phone"])."') ";
\$rs= mysql_query(\$sql,\$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
\$oid = mysql_insert_id();
\$result = mysql_query("select * from cart inner join items on cart.itemId = items.itemId where cart.cookieId = '" . mysql_real_escape_string( GetCartId() ) . "' order by items.itemName asc");
if (mysql_num_rows(\$result)==0){
echo mysql_num_rows(\$result);
}
while(\$row = mysql_fetch_array(\$result)){
\$_SESSION["mthis"] .=\$row["itemName"]."\n" ;
\$_SESSION["mthis"] .="itemNumber: ".\$row["itemNumber"]."\n" ;
\$_SESSION["mthis"] .="Qty: ".\$row["qty"]."\n" ;
\$_SESSION["mthis"] .="Unit Price: ".\$row["price"]."\n"."\n" ;
\$sql="INSERT INTO order_details(o_id, prod_id, name, itemNumber, qty, gift_wrap, unitprice, total) VALUES (".
"'".mysql_real_escape_string(\$oid)."', ".
"'".mysql_real_escape_string(\$row["itemId"])."', ".
"'".mysql_real_escape_string(\$row["itemName"])."', ".
"'".mysql_real_escape_string(\$row["itemNumber"])."', ".
"'".mysql_real_escape_string(\$row["qty"])."', ".
"'".mysql_real_escape_string(\$row["price"])."', ".
"'".mysql_real_escape_string(\$row["price"]*\$row["qty"])."') ";
\$rs= mysql_query(\$sql, \$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
}
\$_SESSION["mthis"] .="Shipping = \$ ".\$_SESSION["ship"]."\n" ;
\$_SESSION["mthis"] .="Express Shippig = \$ ".\$express."\n" ;
if (\$taxx != ""){\$_SESSION["mthis"] .="Tax = \$ ".\$_SESSION["taxx"]."\n" ;}
\$_SESSION["mthis"] .="Total = \$ ".\$ordertotal."\n" ;
\$_SESSION["mthis"] .="........................................";
}else{
echo "error: \$sql Failed";
}
}
?>
``````
commented: I'm glad I finally figure it out, Thanks +2

## LastMitch

@Biiim,

I appreciate that you explained how the array works for me. Yes, checkout2.php is the file. So is that the error? It's the last page before it goes to the payment method which is "PayPal". I will go through the script that you posted and I will adjust the changes that you made with the script I have. I will let you know how it goes. I appreciate your help again.

## diafol

You guys need to get a room :)

@ Ardav

## LastMitch

@ Biiim,

It still didn't work! I made those changes and it still the same.

When I press "Place Order" the taxes disappear and it change the 'domestic shipping cost' to 'international shipping cost.' and won't processed. when I put the old file back on the server it processing. This time I try used 2 other payment method to try to see if it works 1) alert pay 2) autherized.net both of them don't work either. I am lost with this form action. I never seem this kind of bug before.

Do I need to rewrite the form action?

``````<input name="place" type="hidden" id="place" value="yes" />
<input name="tcost" type="hidden" id="tcost" value="<? echo \$totalCost; ?>" />
<input name="ship" type="hidden" id="ship" value="<? echo \$ship; ?>" />
<input name="taxx" type="hidden" id="taxx" value="<? echo \$totalTax; ?>" />
<input type="submit" name="Submit" value="Place Order" />
``````

This is what I wrote based on the changes you did on the script from yesterday:

`````` <?php
session_start();
require_once ('include/init.php');
require_once ('include/functions.php');
if (isset(\$_POST['ins'])) {
if (!isset(\$_POST['promo'])) {\$promo="no";} else {\$promo="yes";}
\$sstat = \$_POST["stat"];
\$sql="INSERT INTO cust(fname, lname, email, addr, city, stat, zip, promo, phone, dt, country) VALUES (".
"'".mysql_real_escape_string(trim(\$_POST["fname"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["lname"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["email"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["city"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["stat"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["zip"]))."', ".
"'".\$promo."', ".
"'".mysql_real_escape_string(trim(\$_POST["phone"]))."',NOW(),'".trim(mysql_real_escape_string(\$_POST["country"]))."') ";
\$rs= mysql_query(\$sql);
\$uid = mysql_insert_id();
\$_SESSION['uid'] = \$uid;
\$country = trim(\$_POST["country"]);
\$_SESSION['country'] = trim(\$_POST["country"]);
if (mysql_affected_rows()<0){
print "<B>Fatal ERROR: Could not add customer.</B>";
exit();
}
}
if (isset(\$_POST['place'])) {
\$sql="SELECT * from cust where id = ".mysql_real_escape_string(\$_SESSION['uid']);
\$rs= mysql_query(\$sql) or die(mysql_error());
if(\$rs !== false){
\$row=mysql_fetch_array(\$rs);
\$eemail = \$row["email"];
\$country = \$row["country"];
if (\$_POST["express"] == "15"){\$express = 15; \$expyes = "yes";}else{\$express = 0; \$expyes = "no";}
\$ordertotal = \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] + \$express + \$gift;
\$_SESSION["mthis"] ="" ;
\$_SESSION["mthis"] .=\$row["fname"]." ".\$row["lname"]."\n" ;
\$_SESSION["mthis"] .=\$row["addr"]."\n".\$row["city"].", ".\$row["stat"].", ".\$row["zip"].", "."\n" ;
\$_SESSION["mthis"] .=\$row["country"]."\n".\$row["email"]."\n".\$row["phone"]."\n"."\n"."Order info:"."\n" ;
\$sql="INSERT INTO orders(cust_id, cart_total, taxx, shipping, express, gift_wrap, s_first, s_last, s_addr, s_city, s_stat, s_zip, s_email, s_country, dt, s_phone) VALUES (".
"'".mysql_real_escape_string(\$row["id"])."', ".
"'".mysql_real_escape_string(\$ordertotal)."', ".
"'".mysql_real_escape_string(\$_SESSION["taxx"])."', ".
"'".mysql_real_escape_string(\$_SESSION["ship"])."', ".
"'".mysql_real_escape_string(\$expyes)."', ".
"'".mysql_real_escape_string(\$row["fname"])."', ".
"'".mysql_real_escape_string(\$row["lname"])."', ".
"'".mysql_real_escape_string(\$row["city"])."', ".
"'".mysql_real_escape_string(\$row["stat"])."', ".
"'".mysql_real_escape_string(\$row["zip"])."', ".
"'".mysql_real_escape_string(\$row["email"])."', ".
"'".mysql_real_escape_string(\$row["country"])."',NOW(),'".mysql_real_escape_string(\$row["phone"])."') ";
\$rs= mysql_query(\$sql,\$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
\$oid = mysql_insert_id();
\$result = mysql_query("select * from cart inner join items on cart.itemId = items.itemId where cart.cookieId = '" . mysql_real_escape_string( GetCartId() ) . "' order by items.itemName asc");
if (mysql_num_rows(\$result)==0){
echo mysql_num_rows(\$result);
}
while(\$row = mysql_fetch_array(\$result)){
\$_SESSION["mthis"] .=\$row["itemName"]."\n" ;
\$_SESSION["mthis"] .="itemNumber: ".\$row["itemNumber"]."\n" ;
\$_SESSION["mthis"] .="Qty: ".\$row["qty"]."\n" ;
\$_SESSION["mthis"] .="Unit Price: ".\$row["price"]."\n"."\n" ;
\$sql="INSERT INTO order_details(o_id, prod_id, name, itemNumber, qty, gift_wrap, unitprice, total) VALUES (".
"'".mysql_real_escape_string(\$oid)."', ".
"'".mysql_real_escape_string(\$row["itemId"])."', ".
"'".mysql_real_escape_string(\$row["itemName"])."', ".
"'".mysql_real_escape_string(\$row["itemNumber"])."', ".
"'".mysql_real_escape_string(\$row["qty"])."', ".
"'".mysql_real_escape_string(\$row["price"])."', ".
"'".mysql_real_escape_string(\$row["price"]*\$row["qty"])."') ";
\$rs= mysql_query(\$sql, \$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
}
\$_SESSION["mthis"] .="Shipping = \$ ".\$_SESSION["ship"]."\n" ;
\$_SESSION["mthis"] .="Express Shippig = \$ ".\$express."\n" ;
if (\$taxx != ""){\$_SESSION["mthis"] .="Tax = \$ ".\$_SESSION["taxx"]."\n" ;}
\$_SESSION["mthis"] .="Total = \$ ".\$ordertotal."\n" ;
\$_SESSION["mthis"] .="........................................";
}else{
echo "error: \$sql Failed";}}
?>

<html>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<style type="text/css">
<!--
.style1 {   font-family: "Helvetica, sans-serif";font-size: 12px;color: #333333;}
.style5 {color: #FFFFFF}
.style8 {font-size: 10px}
-->
</style>
<script language="javascript">
function formatCurrency(num) {
num = num.toString().replace(/\\$|\,/g,'');
if(isNaN(num))
num = "0";
sign = (num == (num = Math.abs(num)));
num = Math.floor(num*100+0.50000000001);
cents = num%100;
num = Math.floor(num/100).toString();
if(cents<10)
cents = "0" + cents;
for (var i = 0; i < Math.floor((num.length-(1+i))/3); i++)
num = num.substring(0,num.length-(4*i+3))+','+
num.substring(num.length-(4*i+3));
return (((sign)?'':'-') + '\$' + num + '.' + cents);
}
</script>

<body>
<table width="800" height="298" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#FFFFFF">
<tr>
<td height="298" align="center" valign="top"><p><a href="index_09.html"></a></p>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="200" height="25" align="center"><h3 align="center" class="style17">CHECKOUT </h3>
<p align="center" class="style1">Please verify the info <strong></strong> belo<span class="style42">w</span>: <br>
<br></p></td></tr></table>
<div align="center">
<form action="checkout2.php?" method="post">
<?php

function GetCartId(){
// This function will generate an encrypted string and
// also be used as the cookieId field in the cart table

// and return the value of the users session ID

session_start();
setcookie("cartId", session_id(), time() + ((3600 * 24) * 30));
return session_id();
}
}
\$result = mysql_query("select * from cart inner join items on cart.itemId = items.itemId where cart.cookieId = '" . mysql_real_escape_string( GetCartId() ) . "' order by items.itemName asc");
?>
<table width="78%" border="0" align="center" cellpadding="3" cellspacing="0" bgcolor="#CCCCCC">
<tr>
<td width="14%" height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">ITEM NUMBER</span></td>
<td height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">ITEM</span></td>
<td height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">QTY</span></td>
<td height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">SUBTOTAL</span></td>
</tr>
<?

if (mysql_num_rows(\$result)==0){echo mysql_num_rows(\$result);}
\$_SESSION["mthis"] ="";
\$input = array();
while(\$row = mysql_fetch_array(\$result)){
\$input[] = array(\$row['itemId'],\$row['itemName'],\$row['qty']);}
\$cartdata = listItems(\$input,\$_POST['country'],\$sstat);
\$cartTotalCost = \$cartdata['totalbill'];//total with tax and shipping, no gift wrap or express
\$ship = \$cartdata['shipping'];//shipping cost
\$salesTotal = \$cartdata['totalsales'];//sales cost, no tax or shipping
\$totalTax = \$cartdata['totaltax'];//tax
\$noTaxShipTotal = \$salesTotal + \$express + \$gift;//no tax/shipping total
\$ordertotal = \$cartTotalCost + \$express + \$gift;//full cost of sales,tax,shipping,gift and express
//----------store important values in session--------------//
\$_SESSION['tcost'] = \$noTaxShipTotal;//no tax or shipping
\$_SESSION['ship'] = \$ship;
\$_SESSION['taxx'] = \$totalTax;
//----------store important values in session--------------//
echo \$cartdata['html']

?>            <tr>
<td colspan="4" bgcolor="#FFFFFF" class="style1"><div align="right">______________________</div></td>
</tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">TAX:</span></div></td>
<td bgcolor="#FFFFFF" class="style1"><span class="style32 style8"><font face="verdana"><b>\$<?php echo number_format(\$totalTax, 2, ".", ","); ?></b></font></span></td></tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">SHIPPING:</span></div></td>
<td bgcolor="#FFFFFF" class="style1"><span class="style32 style8"> <font face="verdana"><b>\$<?php echo number_format(\$ship, 2, ".", ","); ?></b></font></span></td></tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">* EXPRESS DELIVERY: </span></div></td>
<td bgcolor="#FFFFFF" class="style1"><input name="express" type="checkbox" id="express" onClick="calcFees(this);" value="15"/>
</td></tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">GiFT WRAP (\$5): </span></div></td>
</td></tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">TOTAL:</span></div></td>
<td bgcolor="#FFFFFF" class="style1"><span class="style32 style8"><font face="verdana"><b>
<div id="stotal">\$<?php echo number_format(\$ordertotal, 2, ".", ","); ?></div></b></font></span>
<script type='text/javascript'>
function calcFees(obj,type){
if (obj.checked){document.getElementById("stotal").innerHTML = formatCurrency(<?php echo \$ordertotal;?> + parseInt(obj.value));
}else{document.getElementById("stotal").innerHTML = formatCurrency(<?php echo \$ordertotal;?>);}}
</script>
</td></tr></table>
<p class="navtitlesm"><strong>* Express Delivery</strong><br>
For an additional \$20, Express orders placed by 9am ET will be delivered in  the contiguous U.S.<br> in 2 business days for most in-stock merchandise.&nbsp;</p>
<p align="center">
<input name="place" type="hidden" id="place" value="yes" />
<input name="tcost" type="hidden" id="tcost" value="<? echo \$noTaxShipTotal; ?>" />
<input name="ship" type="hidden" id="ship" value="<? echo \$ship; ?>" />
<input name="taxx" type="hidden" id="taxx" value="<? echo \$taxx; ?>" />
<input type="submit" name="Submit" value="Place Order" />
</p></form></div></td></tr>
</table>
<? include("footer.php");?>
</body>
</html>
``````

## Biiim 85

@ardav

I started this so i will finish it!

@LastMitch

I been through the page you posted on page 2 and this one just above and i can't see any difference, it seems odd to me cause surely the user should be redirected to a payment page after the order has been submitted?

I've added some comments to show the flow of what's happening and what should happen for it to work

``````if (isset(\$_POST['place'])){
\$sql="SELECT * from cust where id = ".mysql_real_escape_string(\$_SESSION['uid']);
\$rs= mysql_query(\$sql) or die(mysql_error());
//get the customers data
if(\$rs !== false){//continue if successful
\$row=mysql_fetch_array(\$rs);
\$eemail = \$row["email"];
\$country = \$row["country"];
if (\$_POST["express"] == "15"){\$express = 15; \$expyes = "yes";}else{\$express = 0; \$expyes = "no";}
//get ordertotal as set in the form input + express and gift if selected
\$ordertotal = \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] + \$express + \$gift;
//\$_SESSION['mthis'] stands for mail this? looks like some text summary of the payment
\$_SESSION["mthis"] ="" ;
\$_SESSION["mthis"] .=\$row["fname"]." ".\$row["lname"]."\n" ;
\$_SESSION["mthis"] .=\$row["addr"]."\n".\$row["city"].", ".\$row["stat"].", ".\$row["zip"].", "."\n" ;
\$_SESSION["mthis"] .=\$row["country"]."\n".\$row["email"]."\n".\$row["phone"]."\n"."\n"."Order info:"."\n" ;
//insert a new order into the orders table, with the total values & cust details
\$sql="INSERT INTO orders(cust_id, cart_total, taxx, shipping, express, gift_wrap, s_first, s_last, s_addr, s_city, s_stat, s_zip, s_email, s_country, dt, s_phone) VALUES (".
"'".mysql_real_escape_string(\$row["id"])."', ".
"'".mysql_real_escape_string(\$ordertotal)."', ".
"'".mysql_real_escape_string(\$_SESSION["taxx"])."', ".
"'".mysql_real_escape_string(\$_SESSION["ship"])."', ".
"'".mysql_real_escape_string(\$expyes)."', ".
"'".mysql_real_escape_string(\$row["fname"])."', ".
"'".mysql_real_escape_string(\$row["lname"])."', ".
"'".mysql_real_escape_string(\$row["city"])."', ".
"'".mysql_real_escape_string(\$row["stat"])."', ".
"'".mysql_real_escape_string(\$row["zip"])."', ".
"'".mysql_real_escape_string(\$row["email"])."', ".
"'".mysql_real_escape_string(\$row["country"])."',NOW(),'".mysql_real_escape_string(\$row["phone"])."') ";
\$rs= mysql_query(\$sql,\$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
\$oid = mysql_insert_id();//get the orders id
//get the items in the cart that made up the order total
\$result = mysql_query("select * from cart inner join items on cart.itemId = items.itemId where cart.cookieId = '" . mysql_real_escape_string( GetCartId() ) . "' order by items.itemName asc");
if (mysql_num_rows(\$result)==0){
echo mysql_num_rows(\$result);
}
while(\$row = mysql_fetch_array(\$result)){//loop through each item in cart
\$_SESSION["mthis"] .=\$row["itemName"]."\n" ;
\$_SESSION["mthis"] .="itemNumber: ".\$row["itemNumber"]."\n" ;
\$_SESSION["mthis"] .="Qty: ".\$row["qty"]."\n" ;
\$_SESSION["mthis"] .="Unit Price: ".\$row["price"]."\n"."\n" ;
//insert the item into order_details, attaching it to the previously made order
\$sql="INSERT INTO order_details(o_id, prod_id, name, itemNumber, qty, gift_wrap, unitprice, total) VALUES (".
"'".mysql_real_escape_string(\$oid)."', ".
"'".mysql_real_escape_string(\$row["itemId"])."', ".
"'".mysql_real_escape_string(\$row["itemName"])."', ".
"'".mysql_real_escape_string(\$row["itemNumber"])."', ".
"'".mysql_real_escape_string(\$row["qty"])."', ".
"'".mysql_real_escape_string(\$row["price"])."', ".
"'".mysql_real_escape_string(\$row["price"]*\$row["qty"])."') ";
\$rs= mysql_query(\$sql, \$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
}
\$_SESSION["mthis"] .="Shipping = \$ ".\$_SESSION["ship"]."\n" ;
\$_SESSION["mthis"] .="Express Shippig = \$ ".\$express."\n" ;
if (\$taxx != ""){\$_SESSION["mthis"] .="Tax = \$ ".\$_SESSION["taxx"]."\n" ;}
\$_SESSION["mthis"] .="Total = \$ ".\$ordertotal."\n" ;
\$_SESSION["mthis"] .="........................................";
//order has now been added with all items ordered attached - should redirect to a payment method now
//set the order id for the payment on next page
\$_SESSION['oid'] = \$oid;
}else{
echo "error: \$sql Failed";
}
}
``````

\$cartdata = listItems(\$input,\$_POST['country'],\$sstat);

The reason that page resets to international is cause the country is set from a \$_POST variable from the previous page, so once you submit the form that data is gone and defaults to international. You could maybe set it to `\$cartdata = listItems(\$input,\$_SESSION['country'],\$sstat);` if you have that session variable set

I imagine that some redirection has dissappeared at some point, i can't see it in any of these files on here. I think your orders are being saved correctly into the database just you arn't being passed onto the payment page with the order id referenced

commented: Thanks for the comments it really helps! +0

## LastMitch

Hi Biiim,

I imagine that some redirection has dissappeared at some point, i can't see it in any of these files on here. I think your orders are being saved correctly into the database just you arn't being passed onto the payment page with the order id referenced

I think you're right about the orders are being saved correctly into the database. I just check on my order details and appears. The changes you made above stop the shipping changes from the 'domestic shipping' to 'international shipping' that work out good. But it still hasn't processed onto the payment page.

How do I fixed the payment page with the order id referenced on it? I don't know where do look at on the script or what I'm looking at if I'm on that script?

On my old file the order is being saved on database with the 'Order ID' and it processed to the payment page.

I am using PayPal & AutherizedNet. On PayPal they provide a script and on AutherizedNet I create a php file for that.

## Biiim 85

\$_SESSION['oid'] = \$oid;

maybe adding this and updating the process page to use that as the order reference?

I cant see any redirection or any payment page so i dont know whats not working

## LastMitch

Hi Biiim,

This is the payment for Autherized.net. I left out some certain info for security reasons. I try to change

\$_SESSION['oid'] = \$oid;

on to the payment page and it didn't work.

Here is Autherized.net page:

``````<?
session_start();
require_once ('../include/init.php');

\$sql="SELECT * from orders where id = ".\$_SESSION["oid"];
\$rs= mysql_query(\$sql) ;
\$row=mysql_fetch_array(\$rs);
?>

<?
\$x_Description = "";

if (\$x_Amount == "")
\$x_Amount = \$row["cart_total"];
?>

<!--<FORM action="" method="POST" name="form1">-->
<!-- Uncomment the line ABOVE for test accounts or BELOW for live merchant accounts -->
<FORM action="" method="POST"  name="form1">
<?

// authdata.php contains the loginid and x_tran_key.
// You may use a more secure alternate method to store these (like a DB / registry).

\$amount = \$x_Amount;

// Trim \$ sign if it exists
if (substr(\$amount, 0,1) == "\$") {
\$amount = substr(\$amount,1);
}
// I would validate the Order here before generating a fingerprint

// Seed random number for security and better randomness.

srand(time());
\$sequence = rand(1, 1000);
// Insert the form elements required for SIM by calling InsertFP
\$ret = InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence);

//*** IF YOU ARE PASSING CURRENCY CODE uncomment and use the following instead of the InsertFP invocation above  ***
// \$ret = InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence, \$currencycode);

// Insert rest of the form elements similiar to the legacy weblink integration
echo ("<input type=\"hidden\" name=\"x_description\" value=\"" . \$x_Description . "\">\n" );
echo ("<input type=\"hidden\" name=\"x_amount\" value=\"" . \$amount . "\">\n");
echo ("<input type=\"hidden\" name=\"x_invoice_num\" value=\"" . \$_SESSION["x_invoice_num"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_po_num\" value=\"" . \$_SESSION["oid"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_first_name\" value=\"" . \$row["s_first"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_last_name\" value=\"" . \$row["s_last"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_city\" value=\"" . \$row["s_city"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_state\" value=\"" . \$row["s_stat"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_zip\" value=\"" . \$row["s_zip"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_country\" value=\"" . \$row["s_country"] . "\">\n");

// *** IF YOU ARE PASSING CURRENCY CODE uncomment the line below *****
//echo ("<input type=\"hidden\" name=\"x_currency_code\" value=\"" . \$currencycode . "\">\n");

?>
<INPUT type="hidden" name="x_show_form" value="PAYMENT_FORM">
</FORM>
</BODY>
</HTML>
``````

I appreciated your insight again. I follow all instructions that you mention above and I think it's get close to getting solve.

This is the changes you ask me to do:

\$cartdata = listItems(\$input,\$_POST['country'],\$sstat);

to

\$cartdata = listItems(\$input,\$_SESSION['country'],\$sstat);

before it kept on changing from 'domestic shipping' to 'international shipping' but now it doesn't because of that code you mention above.

## Biiim 85

<?
session_start();
require_once ('../include/init.php');
\$sql="SELECT * from orders where id = ".\$_SESSION["oid"];
\$rs= mysql_query(\$sql) ;
\$row=mysql_fetch_array(\$rs);
?>

``````<?
session_start();
require_once ('../include/init.php');
\$sql="SELECT * from orders where id = ".\$_SESSION["oid"];
var_dump(\$sql);
\$rs= mysql_query(\$sql) ;
\$row=mysql_fetch_array(\$rs);
var_dump(\$row);
exit;
?>
``````

I'm guessing something is missing from it that is needed

\$ret = InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence);

and do them 4 variables exist?

I'm not that familiar with ecommerce payments so don't know what input's you need to have, i assume youve got them all

## LastMitch

Hi Biiim,

\$ret = InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence);

Those are 4 variable does exist. It's on the other 2 files.

## LastMitch

Hi Biiim,

This is the code for those 4 variable that exist, this the calculation:

``````function CalculateFP (\$loginid, \$x_tran_key, \$amount, \$sequence, \$tstamp, \$currency = "")
{
return (hmac (\$x_tran_key, \$loginid . "^" . \$sequence . "^" . \$tstamp . "^" . \$amount . "^" . \$currency));
}

// Inserts the hidden variables in the HTML FORM required for SIM
// Invokes hmac function to calculate fingerprint.

function InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence, \$currency = "")
{
\$tstamp = time ();

\$fingerprint = hmac (\$x_tran_key, \$loginid . "^" . \$sequence . "^" . \$tstamp . "^" . \$amount . "^" . \$currency);
``````

I try the code that you wrote and it didn't work.

var_dump(\$sql);
\$rs= mysql_query(\$sql) ;
\$row=mysql_fetch_array(\$rs);
var_dump(\$row);

it didn't read the checkout sheet. It just dump the info kinda like the file 'exportcsv.php'

Do you have any other suggest? I not quite sure what to add to that payment page base on the changes because it looks the same. I appreciated your insight again!

## Biiim 85

it didn't read the checkout sheet. It just dump the info kinda like the file 'exportcsv.php'

yeah it was the data i wanted to see

does it output `SELECT * from orders where id = 2451`

and if so does it also output all the data of the order afterwards, its better formatted if you view the source of the page.

im hoping it will say:

``````\$row  = array("id"=>2451,"cart_total"=>56.34,..etc
``````

It could be useful to view the actual html output on the page as well, as in run through make a cart checkout to the payment page and view source on it

you might have to take the onload out so you can do it, then we can see the actual data the script is putting on the page and what is making the submit fail

commented: Starting to understand how var_dump works +0

## LastMitch

Hi Biiim,

Yes, the output is from the id

SELECT * from orders where id = 2451

\$row = array("id"=>2451,"cart_total"=>56.34,..etc

This what it dump, it's duplicated

``````string(36) "SELECT * from orders where id = 2255"
array(46) {
[0]=>
string(4) "2255"
["id"]=>
string(4) "2255"
[1]=>
string(4) "3348"
["cust_id"]=>
string(4) "3348"
[2]=>
NULL
["user"]=>
NULL
[3]=>
string(6) "186.50"
["cart_total"]=>
string(6) "186.50"
[4]=>
string(4) "10.5"
["shipping"]=>
string(4) "10.5"
[5]=>
string(2) "no"
["express"]=>
string(2) "no"
[6]=>
string(8) "Jonny"
["s_first"]=>
string(8) "Jonny"
[7]=>
string(7) "LAst"
["s_last"]=>
string(7) "LAst"
``````

I hope that will help.

it didn't work either.

## Biiim 85

That all looks good, getting a bit lost on where the error could be - what is the error the payment form gives when you submit?

or alternatively awhile back you said:

When I put my old original file back on my server it works fines.

is it possible to see that file so i can see what's missing or changed, maybe the one i cross checked already been edited by then

## LastMitch

Hi Biiim,

It doesn't tell me the error. But the error is when I press "Place Order" the taxes disappear and it change the 'domestic shipping cost' to 'international shipping cost.' and won't processed. When I put the old file back on the server it processing.

This is the origainal checkout sheet:

it's call checkout2.php which is the one you help me editted

``````<?php
session_start();
require_once ('include/init.php');

if (isset(\$_POST['ins'])) {
if (!isset(\$_POST['promo'])) {\$promo="no";} else {\$promo="yes";}

\$sstat = \$_POST["stat"];

\$sql="INSERT INTO cust(fname, lname, email, addr, city, stat, zip, promo, phone, dt, country) VALUES (".
"'".mysql_real_escape_string(trim(\$_POST["fname"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["lname"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["email"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["city"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["stat"]))."', ".
"'".mysql_real_escape_string(trim(\$_POST["zip"]))."', ".
"'".\$promo."', ".
"'".mysql_real_escape_string(trim(\$_POST["phone"]))."',NOW(),'".trim(mysql_real_escape_string(\$_POST["country"]))."') ";

\$rs= mysql_query(\$sql);
\$uid = mysql_insert_id();
\$_SESSION['uid'] = \$uid;

\$country = trim(\$_POST["country"]);
\$_SESSION['country'] = trim(\$_POST["country"]);

if (mysql_affected_rows()<0){print "<B>Fatal ERROR: Could not add customer.</B>";exit();}};

if (isset(\$_POST['place'])) {

\$sql="SELECT * from cust where id = ".mysql_real_escape_string(\$_SESSION['uid']);
\$rs= mysql_query(\$sql) ;
echo mysql_error();
\$row=mysql_fetch_array(\$rs);
\$eemail = \$row["email"];
\$country = \$row["country"];

if (\$_POST["express"] == "15"){\$express = 15; \$expyes = "yes";}else{\$express = 0; \$expyes = "no";}

\$ordertotal = \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] + \$express + \$gift;

\$_SESSION["mthis"] ="" ;
\$_SESSION["mthis"] .=\$row["fname"]." ".\$row["lname"]."\n" ;
\$_SESSION["mthis"] .=\$row["addr"]."\n".\$row["city"].", ".\$row["stat"].", ".\$row["zip"].", "."\n" ;
\$_SESSION["mthis"] .=\$row["country"]."\n".\$row["email"]."\n".\$row["phone"]."\n"."\n"."Order info:"."\n" ;

\$sql="INSERT INTO orders(cust_id, cart_total, taxx, shipping, express, gift_wrap, s_first, s_last, s_addr, s_city, s_stat, s_zip, s_email, s_country, dt, s_phone) VALUES (".
"'".mysql_real_escape_string(\$row["id"])."', ".
"'".mysql_real_escape_string(\$ordertotal)."', ".
"'".mysql_real_escape_string(\$_SESSION["taxx"])."', ".
"'".mysql_real_escape_string(\$_SESSION["ship"])."', ".
"'".mysql_real_escape_string(\$expyes)."', ".
"'".mysql_real_escape_string(\$row["fname"])."', ".
"'".mysql_real_escape_string(\$row["lname"])."', ".
"'".mysql_real_escape_string(\$row["city"])."', ".
"'".mysql_real_escape_string(\$row["stat"])."', ".
"'".mysql_real_escape_string(\$row["zip"])."', ".
"'".mysql_real_escape_string(\$row["email"])."', ".
"'".mysql_real_escape_string(\$row["country"])."',NOW(),'".mysql_real_escape_string(\$row["phone"])."') ";

\$rs= mysql_query(\$sql,\$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());

\$oid = mysql_insert_id();

\$result = mysql_query("select * from cart inner join items on cart.itemId = items.itemId where cart.cookieId = '" . mysql_real_escape_string( GetCartId() ) . "' order by items.itemName asc");

if (mysql_num_rows(\$result)==0){echo mysql_num_rows(\$result);}

while(\$row = mysql_fetch_array(\$result)){

\$_SESSION["mthis"] .=\$row["itemName"]."\n" ;
\$_SESSION["mthis"] .="itemNumber: ".\$row["itemNumber"]."\n" ;
\$_SESSION["mthis"] .="Qty: ".\$row["qty"]."\n" ;
\$_SESSION["mthis"] .="Unit Price: ".\$row["price"]."\n"."\n" ;

\$sql="INSERT INTO order_details(o_id, prod_id, name, itemNumber, qty, gift_wrap, unitprice, total) VALUES (".
"'".mysql_real_escape_string(\$oid)."', ".
"'".mysql_real_escape_string(\$row["itemId"])."', ".
"'".mysql_real_escape_string(\$row["itemName"])."', ".
"'".mysql_real_escape_string(\$row["ItemNumber"])."', ".
"'".mysql_real_escape_string(\$row["qty"])."', ".
"'".mysql_real_escape_string(\$row["price"])."', ".
"'".mysql_real_escape_string(\$row["price"]*\$row["qty"])."') ";

\$rs= mysql_query(\$sql, \$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
}

\$_SESSION["mthis"] .="Shipping = \$ ".\$_SESSION["ship"]."\n" ;
\$_SESSION["mthis"] .="Express Shippig = \$ ".\$expyes."\n" ;
if (\$taxx != ""){\$_SESSION["mthis"] .="Tax = \$ ".\$taxx."\n" ;}
\$_SESSION["mthis"] .="Total = \$ ".\$ordertotal."\n" ;
\$_SESSION["mthis"] .="........................................";

\$_SESSION["oid"] = \$oid;
header("Location: trans/sim.php"); <-- This is the payment file
}

?>
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<style type="text/css">
<!--
.style1 {font-family: "Helvetica, sans-serif";font-size: 12px;color: #333333;}
.style5 {color: #FFFFFF}
.style8 {font-size: 10px}
-->
</style>
<script language="javascript">
function formatCurrency(num) {
num = num.toString().replace(/\\$|\,/g,'');
if(isNaN(num))num = "0";
sign = (num == (num = Math.abs(num)));
num = Math.floor(num*100+0.50000000001);
cents = num%100;
num = Math.floor(num/100).toString();
if(cents<10)cents = "0" + cents;
for (var i = 0; i < Math.floor((num.length-(1+i))/3); i++)
num = num.substring(0,num.length-(4*i+3))+','+
num.substring(num.length-(4*i+3));
return (((sign)?'':'-') + '\$' + num + '.' + cents);
}

function calcFees(chk,cost){
if (chk.checked == 1){document.getElementById("stotal").innerHTML = formatCurrency(cost + 15);}
else{document.getElementById("stotal").innerHTML = formatCurrency(cost);}}
function calcFees1(chk,cost){
if (chk.checked == 1){document.getElementById("stotal").innerHTML = formatCurrency(cost + 5);}
else{document.getElementById("stotal").innerHTML = formatCurrency(cost);}}
</script>
<body>
<table width="800" height="298" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#FFFFFF">
<tr><td height="298" align="center" valign="top"><p><a href="index_09.html"></a></p>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0"> <tr>
<td width="200" height="25" align="center"><h3 align="center" class="style17">CHECKOUT </h3>
<p align="center" class="style1">Please verify the info <strong></strong> belo<span class="style42">w</span>: <br>
<br></p></td></tr>
</table>
<div align="center">
<form action="checkout2.php?" method="post">
<?php

function GetCartId(){
// This function will generate an encrypted string and
// also be used as the cookieId field in the cart table

// and return the value of the users session ID

session_start();
setcookie("cartId", session_id(), time() + ((3600 * 24) * 30));
return session_id();
}}

\$result = mysql_query("select * from cart inner join items on cart.itemId = items.itemId where cart.cookieId = '" . mysql_real_escape_string( GetCartId() ) . "' order by items.itemName asc");

?>
<table width="78%" border="0" align="center" cellpadding="3" cellspacing="0" bgcolor="#CCCCCC">
<tr>
<td width="14%" height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">ITEM NUMBER</span></td>
<td height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">ITEM</span></td>
<td height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">QTY</span></td>
<td height="25" bgcolor="#999999" class="style1"><span class="style34 style37 style17 style5 style8">SUBTOTAL</span></td>
</tr>
<?

if (mysql_num_rows(\$result)==0){echo mysql_num_rows(\$result);}

\$_SESSION["mthis"] ="";
while(\$row = mysql_fetch_array(\$result)){
// Increment the total cost of all items
\$totalCost += (\$row["qty"] * \$row["price"]);
if (\$sstat == "CT"){\$taxx = round(\$totalCost * .08875,2);}
?>
<tr>
<td height="25" bgcolor="#FFFFFF" class="style1"><span class="style32 style8"><font face="verdana"><?php echo \$row["color"]; ?></font></span></td>
<td width="57%" height="25" bgcolor="#FFFFFF" class="style1"><span class="style32 style8"><font face="verdana"> <?php echo \$row["itemName"]; ?> - <font face="verdana"><?php echo \$row["size"]; ?></font></font></span></td>
<td width="11%" bgcolor="#FFFFFF" class="style1"><span class="style32 style8"><font face="verdana"> <?php echo \$row["qty"]; ?> </font></span></td>
<td width="15%" height="25" bgcolor="#FFFFFF" class="style1"><span class="style32 style8"><font face="verdana"> \$<?php echo number_format(\$row["price"]*\$row["qty"], 2, ".", ","); ?></font></span></td>
</tr>
<?php
}
\$domestic = array('United States');

if(in_array(\$_POST['country'],\$domestic)){
//----------Domestic Shipping--------------//
if (\$totalCost > 0 && \$totalCost <= 100){\$ship = 6.50;}
if (\$totalCost > 100 && \$totalCost <= 300){\$ship = 10.50;}
if (\$totalCost > 300 && \$totalCost <= 500){\$ship = 14.00;}
if (\$totalCost > 500 && \$totalCost <= 700){\$ship = 18.00;}
if (\$totalCost > 700 && \$totalCost <= 1000){\$ship = 20.00;}
if (\$totalCost > 1000){\$ship = 25.00;}
}else{
//----------International Shipping--------------//
if (\$totalCost > 0 && \$totalCost <= 100){\$ship = 30.00;}
if (\$totalCost > 100 && \$totalCost <= 300){\$ship = 35.00;}
if (\$totalCost > 300 && \$totalCost <= 500){\$ship = 40.00;}
if (\$totalCost > 500 && \$totalCost <= 700){\$ship = 45.00;}
if (\$totalCost > 700 && \$totalCost <= 1000){\$ship = 50.00;}
if (\$totalCost > 1000){\$ship = 50.00;}
}

//----------store important values in session--------------//
\$_SESSION['tcost'] = \$totalCost;
\$_SESSION['ship']  = \$ship;
\$_SESSION['taxx']  = \$taxx;
//----------store important values in session--------------//

?>
<tr>
<td colspan="4" bgcolor="#FFFFFF" class="style1"><div align="right">______________________</div></td>
</tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">TAX:</span></div></td>
<td bgcolor="#FFFFFF" class="style1"><span class="style32 style8"> <font face="verdana"><b>\$<?php echo number_format(\$taxx, 2, ".", ","); ?></b></font></span></td>
</tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">SHIPPING:</span></div></td>
<td bgcolor="#FFFFFF" class="style1"><span class="style32 style8"> <font face="verdana"><b>\$<?php echo number_format(\$ship, 2, ".", ","); ?></b></font></span></td>
</tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">* EXPRESS DELIVERY: </span></div></td>
<td bgcolor="#FFFFFF" class="style1"><input name="express" type="checkbox" id="express" onClick="calcFees(express,<?=\$totalCost + \$ship + \$taxx;?>);" value="15"/>
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">GiFT WRAP (\$5): </span></div></td>
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#FFFFFF" class="style1"><div align="right" class="style17 style8"><span class="style39">TOTAL:</span></div></td>
<td bgcolor="#FFFFFF" class="style1"><span class="style32 style8"><font face="verdana"><b>
<div id="stotal">\$<?php echo number_format(\$totalCost + \$ship + \$taxx, 2, ".", ","); ?></div>
</b></font></span></td>
</tr>
</table>
<p class="navtitlesm"><strong>* Express Delivery</strong><br>
For an additional \$20, Express orders placed by 9am ET will be delivered in  the contiguous U.S.<br>
in 2 business days for most in-stock merchandise.&nbsp;</p>
<p align="center">
<input name="place" type="hidden" id="place" value="yes" />
<input name="tcost" type="hidden" id="tcost" value="<? echo \$totalCost; ?>" />
<input name="ship" type="hidden" id="ship" value="<? echo \$ship; ?>" />
<input name="taxx" type="hidden" id="taxx" value="<? echo \$taxx; ?>" />
<input type="submit" name="Submit" value="Place Order" />
</p>
</form>
</div></td>
</tr>
</table>
<? include("footer.php");?>
</body>
</html>
``````

This is the sim.php file (payment processer):

``````<?
session_start();
require_once ('../include/init.php');

\$sql="SELECT * from orders where id = ".\$_SESSION["oid"];
\$rs= mysql_query(\$sql) ;
\$row=mysql_fetch_array(\$rs);
?>

<HTML>
<TITLE></TITLE>

<?
\$x_Description = "";

if (\$x_Amount == "")
\$x_Amount = \$row["cart_total"];
?>

<!--<FORM action="" method="POST" name="form1">-->
<!-- Uncomment the line ABOVE for test accounts or BELOW for live merchant accounts -->
<FORM action="" method="POST"  name="form1">
<?

// authdata.php contains the loginid and x_tran_key.
// You may use a more secure alternate method to store these (like a DB / registry).

include ("simlib.php"); // This is the second file

\$amount = \$x_Amount;

// Trim \$ sign if it exists
if (substr(\$amount, 0,1) == "\$") {\$amount = substr(\$amount,1);}

// I would validate the Order here before generating a fingerprint
// Seed random number for security and better randomness.

srand(time());
\$sequence = rand(1, 1000);
// Insert the form elements required for SIM by calling InsertFP
\$ret = InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence);

//*** IF YOU ARE PASSING CURRENCY CODE uncomment and use the following instead of the InsertFP invocation above  ***
// \$ret = InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence, \$currencycode);

// Insert rest of the form elements similiar to the legacy weblink integration
echo ("<input type=\"hidden\" name=\"x_description\" value=\"" . \$x_Description . "\">\n" );
echo ("<input type=\"hidden\" name=\"x_amount\" value=\"" . \$amount . "\">\n");
echo ("<input type=\"hidden\" name=\"x_invoice_num\" value=\"" . \$_SESSION["x_invoice_num"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_po_num\" value=\"" . \$_SESSION["oid"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_first_name\" value=\"" . \$row["s_first"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_last_name\" value=\"" . \$row["s_last"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_city\" value=\"" . \$row["s_city"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_state\" value=\"" . \$row["s_stat"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_zip\" value=\"" . \$row["s_zip"] . "\">\n");
echo ("<input type=\"hidden\" name=\"x_country\" value=\"" . \$row["s_country"] . "\">\n");

// *** IF YOU ARE PASSING CURRENCY CODE uncomment the line below *****
//echo ("<input type=\"hidden\" name=\"x_currency_code\" value=\"" . \$currencycode . "\">\n");

?>
<INPUT type="hidden" name="x_show_form" value="PAYMENT_FORM">
</FORM>
</BODY>
</HTML>
``````

This is the last file it's called simlib.php which is connected to sim.php:

``````<?
// Main Interfaces:

// function InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence) - Insert HTML form elements required for SIM
// function CalculateFP (\$loginid, \$x_tran_key, \$amount, \$sequence, \$tstamp) - Returns Fingerprint.

function hmac (\$key, \$data){
\$b = 64; // byte length for md5
if (strlen(\$key) > \$b) {
\$key = pack("H*",md5(\$key));
}
}

// Calculate and return fingerprint
// Use when you need control on the HTML output
function CalculateFP (\$loginid, \$x_tran_key, \$amount, \$sequence, \$tstamp, \$currency = ""){
return (hmac (\$x_tran_key, \$loginid . "^" . \$sequence . "^" . \$tstamp . "^" . \$amount . "^" . \$currency));}

// Inserts the hidden variables in the HTML FORM required for SIM
// Invokes hmac function to calculate fingerprint.

function InsertFP (\$loginid, \$x_tran_key, \$amount, \$sequence, \$currency = ""){

\$tstamp = time ();

\$fingerprint = hmac (\$x_tran_key, \$loginid . "^" . \$sequence . "^" . \$tstamp . "^" . \$amount . "^" . \$currency);

echo ('<input type="hidden" name="x_fp_sequence" value="' . \$sequence . '">' );
echo ('<input type="hidden" name="x_fp_timestamp" value="' . \$tstamp . '">' );
echo ('<input type="hidden" name="x_fp_hash" value="' . \$fingerprint . '">' );

return (0);
}
?>
``````

This is the sequence: cart.php -> checkout2.php -> sim.php & simlib.php

I hope you this will help. It's a bug that I can't seem to pinpoint. I appreciated your insight again.

## LastMitch

Hi Biiim,

I just realized I left out a file.

The actually sequence is:

cart.php (where the customer items are put in it)
checkout.php (where the customer fill out the info to be process)
checkout2.php (where the customer can see the bill & taxes & shipping)
sim.php & simlib.php (This is the payment process).

For the 'cart.php' & 'checkout.php' I think it works fine because it does pull the information from the 'checkout2.php' that your edited for me. It's the transaction from 'checkout2.php' (where the customer is the bill & taxes & shipping) process through 'sim.php' & 'simlib.php' (payment process) is where I got stuck.

I hope you this will help. I appreciated your insight again!

## Biiim 85

are you just missing the header() command?

`````` if (isset(\$_POST['place'])){
\$sql="SELECT * from cust where id = ".mysql_real_escape_string(\$_SESSION['uid']);
\$rs= mysql_query(\$sql) or die(mysql_error());
if(\$rs !== false){
\$row=mysql_fetch_array(\$rs);
\$eemail = \$row["email"];
\$country = \$row["country"];
if (\$_POST["express"] == "15"){\$express = 15; \$expyes = "yes";}else{\$express = 0; \$expyes = "no";}
\$ordertotal = \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] + \$express + \$gift;
\$_SESSION["mthis"] ="" ;
\$_SESSION["mthis"] .=\$row["fname"]." ".\$row["lname"]."\n" ;
\$_SESSION["mthis"] .=\$row["addr"]."\n".\$row["city"].", ".\$row["stat"].", ".\$row["zip"].", "."\n" ;
\$_SESSION["mthis"] .=\$row["country"]."\n".\$row["email"]."\n".\$row["phone"]."\n"."\n"."Order info:"."\n" ;
\$sql="INSERT INTO orders(cust_id, cart_total, taxx, shipping, express, gift_wrap, s_first, s_last, s_addr, s_city, s_stat, s_zip, s_email, s_country, dt, s_phone) VALUES (".
"'".mysql_real_escape_string(\$row["id"])."', ".
"'".mysql_real_escape_string(\$ordertotal)."', ".
"'".mysql_real_escape_string(\$_SESSION["taxx"])."', ".
"'".mysql_real_escape_string(\$_SESSION["ship"])."', ".
"'".mysql_real_escape_string(\$expyes)."', ".
"'".mysql_real_escape_string(\$row["fname"])."', ".
"'".mysql_real_escape_string(\$row["lname"])."', ".
"'".mysql_real_escape_string(\$row["city"])."', ".
"'".mysql_real_escape_string(\$row["stat"])."', ".
"'".mysql_real_escape_string(\$row["zip"])."', ".
"'".mysql_real_escape_string(\$row["email"])."', ".
"'".mysql_real_escape_string(\$row["country"])."',NOW(),'".mysql_real_escape_string(\$row["phone"])."') ";
\$rs= mysql_query(\$sql,\$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
\$oid = mysql_insert_id();
\$result = mysql_query("select * from cart inner join items on cart.itemId = items.itemId where cart.cookieId = '" . mysql_real_escape_string( GetCartId() ) . "' order by items.itemName asc");
if (mysql_num_rows(\$result)==0){
echo mysql_num_rows(\$result);
}
while(\$row = mysql_fetch_array(\$result)){
\$_SESSION["mthis"] .=\$row["itemName"]."\n" ;
\$_SESSION["mthis"] .="itemNumber: ".\$row["itemNumber"]."\n" ;
\$_SESSION["mthis"] .="Qty: ".\$row["qty"]."\n" ;
\$_SESSION["mthis"] .="Unit Price: ".\$row["price"]."\n"."\n" ;
\$sql="INSERT INTO order_details(o_id, prod_id, name, itemNumber, qty, gift_wrap, unitprice, total) VALUES (".
"'".mysql_real_escape_string(\$oid)."', ".
"'".mysql_real_escape_string(\$row["itemId"])."', ".
"'".mysql_real_escape_string(\$row["itemName"])."', ".
"'".mysql_real_escape_string(\$row["itemNumber"])."', ".
"'".mysql_real_escape_string(\$row["qty"])."', ".
"'".mysql_real_escape_string(\$row["price"])."', ".
"'".mysql_real_escape_string(\$row["price"]*\$row["qty"])."') ";
\$rs= mysql_query(\$sql, \$o_conn) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . \$sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
}
\$_SESSION["mthis"] .="Shipping = \$ ".\$_SESSION["ship"]."\n" ;
\$_SESSION["mthis"] .="Express Shippig = \$ ".\$express."\n" ;
if (\$taxx != ""){\$_SESSION["mthis"] .="Tax = \$ ".\$_SESSION["taxx"]."\n" ;}
\$_SESSION["mthis"] .="Total = \$ ".\$ordertotal."\n" ;
\$_SESSION["mthis"] .="........................................";
\$_SESSION["oid"] = \$oid;
}else{
echo "error: \$sql Failed";
}
}
``````

## LastMitch

Hi Biiim,

Header () command? You mean that:

header("Cache-control: private"); ( It's true )

You mean this one:

require_once ('include/functions.php');

Like this:

session_start();
require_once ('include/init.php');
require_once ('include/functions.php');

I'll complie what you change. Thanks. I'll get back to you.

## LastMitch

I look over the code it looks the same as you posted

``````> }else{
> echo "error: \$sql Failed";
``````

Ok nevermind you added that above

## LastMitch

No it didn't work. Instead it dump the data from checkout.php on to the checkout2.php on the website

## Biiim 85

``````\$_SESSION["oid"] = \$oid;
``````

i mean this one, is that in the file thats not working? that redirect is what sends the user to the next page once the order has been inserted into the database

## LastMitch

Biiim,

Yes, that's the file! Do you have any suggestions? I know you are very busy!

## Biiim 85

It doesn't tell me the error. But the error is when I press "Place Order" the taxes disappear and it change the 'domestic shipping cost' to 'international shipping cost.' and won't processed. When I put the old file back on the server it processing.

that sounds like the `header("Location: trans/sim.php");` isn't working

cart.php (where the customer items are put in it)
checkout.php (where the customer fill out the info to be process)
checkout2.php (where the customer can see the bill & taxes & shipping)
sim.php & simlib.php (This is the payment process).

For the 'cart.php' & 'checkout.php' I think it works fine because it does pull the information from the 'checkout2.php' that your edited for me. It's the transaction from 'checkout2.php' (where the customer is the bill & taxes & shipping) process through 'sim.php' & 'simlib.php' (payment process) is where I got stuck.

1. cart.php they pick the items out and works
2. checkout.php they get a summary of what has been picked and place an order, this then goes to checkout2.php?
3. checkout2.php they can see the order they have place and have an option to pay for it?
4. sim.php payment processed

So is the problem at number 3 - they click "pay for order" and nothing happens? or is it at number 2 - when they place order they don't make it to checkout2.php?

I think im getting confused between checkout.php and checkout2.php i didn't realise there were 2 pages.

-

From what i've seen it looks like the checkout.php form processes and posts data to checkout2.php OK and then checkout2.php doesn't redirect to sim.php

checkout.php (confirm basket & submit order) -> checkout2.php (process the order, just show the summary page again)

``````header("Location: trans/sim.php");
``````

This line was missing in the earlier copies of checkout2.php i was working with: `header("location: URL");` is a built in php function that tells the browser to go to this other url instead, so the checkout2.php page processes the order and adds it then tells the user to go to the payment page - which makes sense - write the order into the database then pass onto the payment page

checkout.php (confirm basket & submit order) -> checkout2.php(process the order then redirect to payment page) -> sim.php

Is that the problem?

another note is that headers can only be sent BEFORE any text output on the page, since headers come before any page content to tell the browser what to expect.

so if an error or anything is printed out before the header call it will fail, even if it is just whitespace eg.

1. ,
2. <?php
3. includ...

any headers will fail in that cause the open php tag has a line before it

hope that makes it clearer and helps find out whats up

commented: We +2

## LastMitch

Hi Biiim,

Sorry for the confusing, even I'm confused now. I think I post too many php files on this thread that I'm lost what I posted. So I apologized for not being more organized.

cart.php they pick the items out and works --- YES
checkout.php they get a summary of what has been picked and place an order, this then goes to checkout2.php? --- YES
checkout2.php they can see the order they have place --- YES and have an option to pay for it? --- Click "Place Order"
sim.php payment processed (enter credit card, debit card)

Yes, this is right:

checkout.php (confirm basket & submit order) -> checkout2.php(process the order then redirect to payment page) -> sim.php

This is issue

checkout2.php(process the order then redirect to payment page) -> sim.php

I double check there's no white spaces.

The problem is #3

So is the problem at number 3 - they click "pay for order" ( 'Place Order') and nothing happens

I'm sorry for the confusing about two checkout sheets.

The reason I did that so in the future, i can put in a script where customer and sign up at the website as a member. checkout.php, checkout1.php (will be the break where the member sign up), checkout2.php.
I'll save that for another thread in the future.

For now I have my eyes full of scripts.

I really need to organized these files and pay more attention to details. You're very organized!

I appreciated help and your insight again.

## Biiim 85

haha, i have some old files i did that are pretty confusing myself.

## LastMitch

Hi Biiim,

Really, I think you are very organized! It seems you have a lot of experience recognizing what order of files should goes first in order for the command to work efficient. Someone told me few years ago that if a person can recognizes bunch files and put it in order and create a sculpture, then that person will be the architect of the design. Especially, now so many companies are losing ground on what to design because there's not enough architects. But anyway, I did look over the new checkout2.php and my old one and I can't seem to separate the difference. There's has to be something that I missed or didn't write it correctly. The things is I posted that file on the thread. The new file that you added the new functions works because I ran and tested it out and it works fine. I only left out the sensitive informations for security reason that you mention to me not to put it online. I'm clueless right now.

I appreciated help and your insight again.

## Biiim 85

one thought is in sim.php

``````<FORM action="" method="POST"  name="form1">
``````

i assume this action actually has a url in it and you have taken it out?

you could try changing it to

``````<FORM action="*URL*" method="POST"  id="form1">
``````

and at the top:

``````<body onLoad="document.getElementById('form1').submit()">
``````

maybe the javascript is hitting an error, have you tried a different browser?

If not i think you should view the checkout2.php page in a browser (where you click 'place order' and nothing happens) and view the html source of it and post the code of that (just the form would be enough). I think that would be better to debug

## LastMitch

Hi Biiim,

The " " is 'https://test.authorize.net/gateway/xxxxxxxx.dll'

<FORM action="" method="POST" name="form1">

I can't put that in there because it won't processes.

I switch the

``````<body onLoad="document.form1.submit()">
``````

to

and it also didn't work plus it stop the process half way meaning it got stuck right on the sim.php file but it doesn't show the payment process page.

I'm trying to debug it but it's bit complicate I been trying to do this the whole week.

This is the part that I need to establish something:

``````    \$cartTotalCost = \$cartdata['totalbill'];
\$ship = \$cartdata['shipping'];
\$salesTotal = \$cartdata['totalsales'];
\$taxx = \$cartdata['totaltax'];
\$noTaxShipTotal = \$salesTotal + \$express + \$gift;
\$ordertotal = \$cartTotalCost + \$express + \$gift;
``````

My old file the

\$totalCost += (\$row["qty"] * \$row["price"]);

All the items are get the \$totalCost from (\$row["qty"] * \$row["price"]);

I don't have that anymore it's now

\$salesTotal = \$cartdata['totalsales'];

it's from the functions.php

My old file has this

\$ordertotal = \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] + \$express + \$gift;

Now I have this

\$ordertotal = \$cartTotalCost + \$express + \$gift;

I have 2 different '\$ordertotal' in the script at the same time!?!

I think it's the \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] might be the key to the solution but I can't seem to connect to the new ones that you created. If I can figure it out that it will work but I don't know where to start?

Because the whole checkout2.php is

\$totalCost + \$ship + \$taxx

This is the final total which also has this

<div id="stotal">\$<?php echo number_format(\$totalCost + \$ship + \$taxx, 2, ".", ","); ?></div>

Including the Form:

<input name="place" type="hidden" id="place" value="yes" />
<input name="tcost" type="hidden" id="tcost" value="<? echo \$totalCost; ?>" />
<input name="ship" type="hidden" id="ship" value="<? echo \$ship; ?>" />
<input name="taxx" type="hidden" id="taxx" value="<? echo \$taxx; ?>" />
<input type="submit" name="Submit" value="Place Order" />

When you help me created the functions.php

It's ["qty"] * ["unit"]

So I change it ["qty"] * ["price"] to match up with my code

Do I need to insert the

\$sql="INSERT INTO orders(cust_id, cart_total, taxx, shipping, express, gift_wrap, s_first, s_last, s_addr, s_city, s_stat, s_zip, s_email, s_country, dt, s_phone) VALUES (".

with totalbill, totalsales,totaltax too?

Do I need also need to create a

"'".mysql_real_escape_string(\$_SESSION [totalbill])."', ".
"'".mysql_real_escape_string(\$_SESSION [totalsales])."', ".
"'".mysql_real_escape_string(\$_SESSION [totaltax])."', ".

since I have

"'".mysql_real_escape_string(\$_SESSION["taxx"])."', ".
"'".mysql_real_escape_string(\$_SESSION["ship"])."', ".

?

As you can see it's getting more complicated!

All I need now is some directions in small steps, I just need to figure one of these \$totalCost + \$ship + \$taxx out.

Whether \$totalCost or \$ship or \$taxx . I just need one and the rest I can figure out immediately.

so I can modify your script to my script \$totalCost + \$ship + \$taxx

From there I know that I'm getting closed to resolve this bug!

I appreciated you taking your time to help me out and 'Thanks'. I definitely need your insight again!

## LastMitch

Hi Biiim,

I just realized I didn't mention correctly why it won't work from my preivous post

The " " is 'https://test.authorize.net/gateway/xxxxxxxx.dll' is for this

<FORM action="" method="POST" name="form1">

I can't put this

<FORM action="URL" method="POST" id="form1">

because it won't processes.

I switch the

to

and it also didn't work plus it stop the process half way meaning it got stuck right on the sim.php file but it doesn't show the payment process page.

This is the changes I got so far in 'checkout2.php':

`````` <?
if (mysql_num_rows(\$result)==0){echo mysql_num_rows(\$result);}
\$_SESSION["mthis"] ="";
\$input = array();
while(\$row = mysql_fetch_array(\$result)){

\$input[] = array(\$row['itemId'],\$row['itemName'],\$row['qty']);

}

cartdata = listItems(\$input,\$_SESSION['country'],\$_POST['stat']);

//\$totalCost += (\$row["qty"] * \$row["price"]);
\$totalCost += \$cartdata['totalsales'];

\$ship = \$cartdata['ship'];

\$taxx = \$cartdata['taxx'];

//----------store important values in session--------------//
\$_SESSION['tcost'] = \$totalCost;
\$_SESSION['ship'] = \$ship;
\$_SESSION['taxx'] = \$taxx;
//----------store important values in session--------------//

echo \$cartdata['html']

?>
``````

I kept this the same as the original:

`````` \$<?php echo number_format(\$totalCost + \$ship + \$taxx, 2, ".", ","); ?>
``````

and also this the same as the original:

``````<form action="checkout2.php?" method="post">

<input name="place" type="hidden" id="place" value="yes" />
<input name="tcost" type="hidden" id="tcost" value="<? echo \$totalCost; ?>" />
<input name="ship" type="hidden" id="ship" value="<? echo \$ship; ?>" />
<input name="taxx" type="hidden" id="taxx" value="<? echo \$taxx; ?>" />
<input type="submit" name="Submit" value="Place Order" />

</form>
``````

This is the only adjustment or changes in the 'functions.php'

``````function listItems(\$input,\$ship_country,\$sstat)

\$totalCost = number_format(\$qty * \$price,2);

\$running[\$type] += \$totalCost;

\$returndata['ship'] = \$ship;

\$returndata['taxx'] = \$total_tax;
``````

I manage to match up with your code with this:

\$ordertotal = \$_SESSION["tcost"] + \$_SESSION["ship"] + \$_SESSION["taxx"] + \$express + \$gift;

I took away:

\$ordertotal = \$cartTotalCost + \$express + \$gift;

I ran the test and it didn't go through.

It's the same issue, it won't redirect to payment page:

checkout2.php(process the order then redirect to payment page) -> sim.php

When I press "Place Order" the taxes disappear and it change the 'domestic shipping cost' to 'international shipping cost.

Can you teach me or show me how to debug correctly? Maybe my method is not working because I'm not identify or pinpoint the issue.

I appreciated help and your insight again.