jwlevin
asked on
Capturing and Storing 3rd party order form parameters into php and store into mysql...
I am interested in setting up code to store order form variables passed back to my site from my 3rd party shopping cart and being new, I don't know how. Here are the parameters I wish to capture. Please show me the php code that will enable me to get and store the database into the database. thanks.
order_number
card_holder_name
street_address
city
state
zip
country
email
phone
credit_card_processed
total
product_id
quantity
product_description
order_number
card_holder_name
street_address
city
state
zip
country
phone
credit_card_processed
total
product_id
quantity
product_description
There are other steps, such as verifying the data you are receiving, parsing text fields to prevent SQL injection attacks, etc. Handle all of that at some point before your query. The query formulation uses a particular syntax...here's another, functionally equivalent line:
$query= "INSERT INTO MyTable (field1, field2, example, city, state) VALUES (" .
"'" . $_POST['field1'] . "', " .
"'" . ${POST['field2'] . "'', " .
"'" . $_POST['example'] . "', " .
"'" . $_POST['city'] . ", " .
"'" . $_POST['state'] . "')";
$query= "INSERT INTO MyTable (field1, field2, example, city, state) VALUES (" .
"'" . $_POST['field1'] . "', " .
"'" . ${POST['field2'] . "'', " .
"'" . $_POST['example'] . "', " .
"'" . $_POST['city'] . ", " .
"'" . $_POST['state'] . "')";
ASKER
Where should this code go? I am capturing the info from another site that sends me the parameters. How do I call the script? I am an extreme novice wihen it comes to this, so when you explain it, assume I know nothing.
1. Where does the code go?
2. What do I put where?
1. Where does the code go?
2. What do I put where?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Remember, the $_POST superglobal will show you the form fields submitted. If they are using the GET method, then $_GET will have them. I recommend you use the POST method with this, if possible.
Here's the flowchart of what you need to do:
<?
$username = ''; // put your db username here
$password = ''; // put your db password here
$hostname = ''; // put your db hostname here
if (!($myconnection = mysql_query($hostname, $username, $password))) {
// no connect....die/handle the error
}
$dbname = ''; // put your db name here
mysql_select_db($dbname, $myconnection);
// now you have a good connection generate your query
$query = "INSERT INTO MyTable (field1, field2, example, city, state) VALUES (" .
"'${_POST['field1']}', '${_POST['field2']}', '${_POST['example']}', '${_POST['city']}', '${_POST['state']}')";
//run the query
if (!($result = mysql_query($query, $myconnection))) {
// query did not work...handle the error?
}