$date = date('Y-m-d H:i:s');
$qry = "INSERT INTO `guest` (`name`, `pincode`, `address`, `phone`, `date`) VALUES ('".$_SESSION['name']."', '".$_SESSION['pincode']."', '".$_SESSION['address']."', '".$_SESSION['phone']."', '".$date."');";
$result = $conn->query($qry);
//echo $qry;
$qry = "select guest_id from guest where name = '".$_SESSION['name']."' and pincode = '".$_SESSION['pincode']."' and address= '".$_SESSION['address']."' and phone= '".$_SESSION['phone']."' and date= '".$date."';";
//echo $qry;
$result = $conn->query($qry);
$row = $result -> fetch_assoc();
//echo $row['guest_id'];
$guest_id = $row['guest_id'];
$date = date('Y-m-d H:i:s');
//$qry1 = "INSERT INTO order (`order_date`, `payment_type`, `payment_status`, `order_status`, `order_type`, `amount`, `cust_id`) VALUES ('".$date."', 'cod', 'yes', 'Pending', 'yes', ".$_SESSION['total'].", '".$guest_id."');";
$qry1 = "INSERT INTO `grocery`.`order` (`order_date`, `payment_type`, `payment_status`, `order_status`, `delivery_slot`, `order_type`, `amount`, `deliver_date`, `cust_id`) VALUES ('sd', 'asd', 'sdf', 'sd', '4', 'sf', '23', '2017-04-19', 'sdfs');";
$result1 = $conn->query($qry1);
echo $qry1;
The first 2 queries are getting executed and data is added to db.. But the last statement is not adding the data to db. Please help me out
I'm going to assume $conn is a PDO object.
I have a few recommendations:
1) Use a higher level database abstraction. DBAL is really nice.
2) If you're going to use PDO, you have to check the return value of $conn->query() for false to know if an error occurred, then call $conn->errorInfo and $conn->errorCode to know what that error was. You should always handle error conditions in function calls.
3) Instead of handling error conditions, PDO can be configured to throw exceptions by using:
$conn->setAttribute("PDO::ATTR_ERRMODE", PDO::ERRMODE_EXCEPTION);
This means you have less error handling code to write if you simply want to abort on DB errors.
Leaving the issue of SQL injection to one side, for just a moment, it seems to me that everything after line 3 could be replaced with this:
INSERT INTO `order`
(order_date
,payment_type
,payment_status
,order_status
,order_type
,amount
,cust_id)
SELECT CURDATE()
, 'cod'
, 'yes'
, 'Pending'
, 'yes'
, {$_SESSION['total']}
, guest_id
FROM guest
WHERE name = '{$_SESSION['name']}'
AND pincode = '{$_SESSION['pincode']}'
AND address = '{$_SESSION['address']}'
AND phone = '{$_SESSION['phone']}'
AND date = CURDATE();