001.<code><?php require_once('Connections/db_rice.php'); ?>
002.<?php
003.if (!isset($_SESSION)) {
004.session_start();
005.}
006.if (!function_exists("GetSQLValueString")) {
007.function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
008.{
009.if (PHP_VERSION < 6) {
010.$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
011.}
012.
013.$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
014.
015.switch ($theType) {
016.case "text":
017.$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
018.break;
019.case "long":
020.case "int":
021.$theValue = ($theValue != "") ? intval($theValue) : "NULL";
022.break;
023.case "double":
024.$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
025.break;
026.case "date":
027.$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
028.break;
029.case "defined":
030.$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
031.break;
032.}
033.return $theValue;
034.}
035.}
036.function check_product($var)
037.{
038.if(isset($var['chk_product']))return($var['chk_product'] == "on");
039.return;
040.}
041.
042.
043.;
044.$editFormAction = $_SERVER['PHP_SELF'];
045.if (isset($_SERVER['QUERY_STRING'])) {
046.$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
047.}
048.
049.if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
050.
051.
052.
053.mysql_select_db($database_db_rice, $db_rice);
054.$query_max = "SELECT MAX(OrderId) AS `maxid`,MAX(BillNumber) AS `maxnumber` FROM `order`";
055.$max_rows = mysql_query($query_max, $db_rice) or die(mysql_error());
056.$max_row_Record = mysql_fetch_assoc($max_rows);
057.$order_id =$max_row_Record['maxid']+1;
058.$order_number = $max_row_Record['maxnumber']+1;
059.
060.
061.
062.
063.
064.
065.
066.
067.
068.$total_price = 0;
069.foreach(array_filter($_POST['product'],"check_product") as &$item) {
070.$total_price=$total_price+($item['quantity']*$item['price']);
071.
072.}
073.
074.
075.$insertSQL = sprintf("INSERT INTO `order` (`OrderId`, `User_id`, `BillNumber`, `Date`, `TotalPriceAll`, `StatusID`, `DatePayment`) VALUES (%s, %s, %s, %s, %s, %s, %s)",
076. GetSQLValueString($order_id, "int"),
077. GetSQLValueString($_SESSION['MM_Userid'], "int"),
078. GetSQLValueString($order_number, "int"),
079. GetSQLValueString(date("Y-m-d"), "date"),
080. GetSQLValueString($total_price, "int"),
081. GetSQLValueString(2, "int"),
082. GetSQLValueString(date("Y-m-d"), "date"));
083. mysql_select_db($database_db_rice, $db_rice);
084. $Result1 = mysql_query($insertSQL, $db_rice) or die(mysql_error());
085. foreach(array_filter($_POST['product'],"check_product") as &$item) {
086. $insertSQL = sprintf("INSERT INTO `orderdetail` (`ProductId`, `OrderId`, `Quantiy`, `Price`, `TotalPrice`) VALUES (%s, %s, %s, %s, %s)",
087. GetSQLValueString($item['product_id'], "int"),
088. GetSQLValueString($order_id, "int"),
089. GetSQLValueString($item['quantity'], "int"),
090. GetSQLValueString($item['price'],"int"),
091. GetSQLValueString($item['quantity']*$item['price'], "int"));
092. mysql_select_db($database_db_rice, $db_rice);
093. $Result1 = mysql_query($insertSQL, $db_rice) or die(mysql_error());
094.}
095.}
096.
097.mysql_select_db($database_db_rice, $db_rice);
098.$query_Recordset1 = "SELECT * FROM product";
099.$Recordset1 = mysql_query($query_Recordset1, $db_rice) or die(mysql_error());
100.$row_Recordset1 = mysql_fetch_assoc($Recordset1);
101.$totalRows_Recordset1 = mysql_num_rows($Recordset1);
102.
103.mysql_select_db($database_db_rice, $db_rice);
104.$query_Recordset2 = "SELECT * FROM `order`";
105.$Recordset2 = mysql_query($query_Recordset2, $db_rice) or die(mysql_error());
106.$row_Recordset2 = mysql_fetch_assoc($Recordset2);
107.$totalRows_Recordset2 = mysql_num_rows($Recordset2);
108.?>
111.<head>
112.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
113.<link rel="stylesheet" type="text/css" href="templates/main.css"/>
114.<style type="text/css">
115..content1 { padding: 10px 0;
116.width: 80%;
117.float: left;
118.text-align: center;
119.}
120..container .content .content1 center #form1 h1 {
121.font-size: 100%;
122.font-family: Verdana, Geneva, sans-serif;
123.}
124.</style>
125.
126.<title>Rice Mart</title>
127.</head>
128.<body>
129.<div class="container">
130.<?php require_once("templates/header.inc.php")?>
131.<?php require_once("templates/sidenav2.inc.php")?>
132.<div class="content">
133.<div class="content1"action="" >
134.<center>
135. <form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
136. <h1>ซื้อสินค้า</h1>
137. <h3>ชื่อผู้สั่งซื้อสินค้า : <?php echo $_SESSION['MM_Username']; ?></h3>
138. <p>วันที่สั่งสินค้า : <?php echo date("d/m/Y"); ?></p>
139. <p> </p>
140. <table border="1">
141. <tr>
142. <td>เลือกสินค้า</td>
143. <td><code>รหัสสินค้า</code></td>
144. <td><code>ชื่อสินค้า</code></td>
145. <td><code>ชื่อพันธุ์ข้าว</code></td>
146. <td><code>ราคา</code></td>
147. <td><code>รูปภาพ</code></td>
148. <td>จำนวนสินค้า</td>
149. </tr>
150. <?php
151. $a=0;
152. do { ?>
153. <tr>
154. <td><input name="<?php echo "product[".$a."][chk_product]";?>" type="checkbox" /></td>
155. <td><?php echo $row_Recordset1['ProductId']; ?>
156. <input name="<?php echo "product[".$a."][product_id]";?>" type="hidden" id="ProductId" value="<?php echo $row_Recordset1['ProductId']; ?>" /></td>
157. <td><?php echo $row_Recordset1['ProductName']; ?></td>
158. <td><?php echo $row_Recordset1['RiceSeeDid']; ?></td>
159. <td><?php echo $row_Recordset1['price']; ?></td>
160. <input name="<?php echo "product[".$a."][price]";?>" type="hidden" id="ProductId" value="<?php echo $row_Recordset1['price']; ?>" /></td>
161. <td><img src ="/DW-DBrice/InsertData/img-products/<?php echo $row_Recordset1['Productimg']; ?>" alt="" width="100" height="100" /></td>
162. <td><input name="<?php echo "product[".$a."][quantity]";?>" type="text" value="0" placeholder="จำนวนสินค้า"style="text-align:right;padding-right:2px;"/>
163. กระสอบ</td>
164. </tr>
165. <?php
166. $a+=1;
167. } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>
168. </table>
169. <input name="OrderId" type="hidden" id="OrderId" value="<?php echo $row_Recordset2['OrderId']; ?>" />
170.<br />
171. <center>
172. <input type="submit" name="kuy" id="kuy" value="เพิ่มสินค้า" onClick="return confirm('ราคารวมสินค้าที่ท่านซื้อคือ '+<?php echo $total_price ?>+' บาท ท่านต้องการจะสั่งซื้อหรือไม่')"/>
173. <input type="hidden" name="MM_insert" value="form1" />
174. </form>
175.</center>
176.</div>
177.</div>
178.<?php require_once("templates/footer.inc.php")?>
179.</div>
180.</body>
181.</html>
182.<?php
183.mysql_free_result($Recordset1);
184.
185.mysql_free_result($Recordset2);
186.?>
187.</code>
