First, orderdetail.php is POST the data from order.php and orderdetail is link to PayPal page to give the payment. After click on "PAY" button, it will direct user to PayPal page, data in cart table will delete and insert into ordering table in MYSQL.
Here is orderdetail.php:
<div class="shopmain shopbox" style="margin-bottom:10px;">
<?php
$result=mysql_query("select * from cart where username='$user'");
$rownum=mysql_num_rows($result);
while($row=mysql_fetch_array($result)){
?>
<ul>
<li class="boxa"> <img src="<?php echo $row['pass_url']?>" width="130" height="98"> </li>
<li class="boxb">
<h3>Food name</h3>
<h4><?php echo $row['pass_name']?></h4>
</li>
<li class="boxc">
<h3>Restaurant</h3>
<h4><?php echo $row['pass_restaurant']?></h4>
</li>
<li class="boxc">
<h3>Food Price</h3>
<h4>RM <?php echo $row['pass_price']?> </h4>
</li>
<li class="boxc">
<h3>Order num</h3>
<h4> <?php echo $row['pass_num']?> </h4>
</li>
<li class="boxc">
<h3>Total</h3>
<h4>RM <i><?php echo $row['pass_total']?></i></h4>
</li>
</ul>
<?php } ?>
<form action="paydetail.php?pass_total=<?php echo $row2['SUM(pass_total)'];?>" method="get" id="pay">
<?php
$result2=mysql_query("select SUM(pass_total) from cart where username='$user'");
while($row2=mysql_fetch_array($result2)){
?>
<div class="total" style="font-size:32px;"> Total : <strong></strong>RM <i><?php echo $row2['SUM(pass_total)'];?></i></div>
</div>
<?php }?>
<div class="detaltop">
<h3>Orderer information </h3>
</div>
<div class="pay">
<ul>
<?php
$arr = mysql_query("select * from customer where username='$user'");
$result = mysql_fetch_array($arr)
?>
<li><span>Orderer's name </span><?php echo $result["fullname"]; ?></li>
<li><span>Contact number </span><?php echo $result["hpno"]; ?> </li>
<li><span>Email </span><?php echo $result["email"]; ?> </li>
<input name="submit" type="submit" value="PAY" class="buttoncss">
</ul>
</form>
</div>
</div>
After user click on "PAY" button, it direct to paydetail.php:
<?php
session_start();
ini_set('error_reporting', 'E_ALL ^ E_NOTICE');
header("Content-type: text/html; charset=utf-8");
include("conn.php");
$user = $_SESSION['username'];
$result1=mysql_query("select * from cart where username='$user'");
$row=mysql_fetch_array($result1);
$result2=mysql_query("select * from customer where username='$user'");
$row1=mysql_fetch_array($result2);
$result=mysql_query("INSERT INTO `ordering` (`orderID` ,`order_no` ,`order_user` ,`order_foods_id`,`order_num` ,`order_name`,`order_phone`,`order_email`,`order_time` ,`order_pay`) VALUES('','$booknum','$user','$row[pass_id]','$row[pass_num]','$row1[fullname]','$row1[hpno],'$row1[email]',now(),'$row[pass_total]')");
mysql_query("delete from cart where username='$user'");
?>
<!DOCTYPE >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tumy</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="scripts/jquery.min.js"></script>
</head>
<body>
<div style="display:none">
<form action="https://www.paypal.com/cgi-bin/webcsr" method="post" id="pay">
<input name="cmd" type="hidden" value="_xclick" />
<input name="seat" type="hidden" value="" />
<input name="business" type="text" class="paybox" value="tumy@yahoo.com" />
<input name="item_name" type="text" class="paybox" value="<?php echo "goods"; ?>" />
<input name="amount" type="text" class="paybox" value="<?php echo $total; ?>" />
<input name="currency_code" type="hidden" value="MYR" />
</form>
</div>
<script>
$(document).ready(function() {
$("#pay").submit();
});
</script>
</body>
</html>
So I want to ask why the data from cart cannot be insert into ordering table? But it can delete the data from cart after click on "PAY" button.
I'll only answer one of you questions. They are not related. When you fix it, edit the title and make a new post. You have an error in your mysql syntax. Write the following code
if (!$result) { echo 'Mysql Error'; exit();}
Then you will need to find out what that error is. It could be a lot of things, but start by testing the query with PHPMyadmin and removing the single quotes around '$booknum' and writing ".$booknum."
Then research how to escape strings for security. mysql_real_escape($booknum) or something similar.
"INSERT INTO `ordering` (`orderID` ,`order_no` ,`order_user` ,`order_foods_id`,`order_num` ,`order_name`,`order_phone`,`order_email`,`order_time` ,`order_pay`) VALUES('',".$booknum.",'$user','$row[pass_id]','$row[pass_num]','$row1[fullname]','$row1[hpno],'$row1[email]',now(),'$row[pass_total]')"