makeorders.php

klkuigghi jbvvjjgkhilllllllllllllllllllllllllll

<?php
session_start();
session_register("isSave");
//if($isSave!="")
//{
 session_register("lsitems");
 require("../dbcon.inc");
 require("functions.php");
 require("../common.php");
 if($rdcusttype=="old")
  {				  
   $custid=$custid;  
  }
 else
  {
   if($rdcust=="Yes"){
     $strSQL="insert into tblCustomers";
     $strSQL .="(Username,Password,Custname,";
     $strSQL .="Address,Tel,FaxNo,Contact,";
     $strSQL .="ProvinceCode)";
     $strSQL .=" values('".$txtemail."','";
     $strSQL .=$txtpwd."','".$txtfullname;
     $strSQL .="','".$txtaddress."','".$txttel;
     $strSQL .="','".$txtfax."','".$txtcontact;
     $strSQL .="','".$txtprovince."')";
     //echo $strSQL;
     //doSQL(strSQL);
     $strSQL="select CustID as No from ";
     $strSQL .="tblCustomers where username='";
     $strSQL .=$txtemail."' order by ";
     $strSQL .="custid desc limit 0,1";
     //echo $strSQL;
     $custid=ReturnNo($strSQL);
   }else{
     $strSQL="insert into tblTempCustomers";
     $strSQL .="(Username,Custname,Address,";
     $strSQL .="Tel,FaxNo,Contact,ProvinceCode)";	
     $strSQL .=" values('".$txtemail."','";
     $strSQL .=$txtfullname."','".$txtaddress;
     $strSQL .="','".$txttel;
     $strSQL .="','".$txtfax."','".$txtcontact;
     $strSQL .="','".$txtprovince."')";
     //echo $strSQL;
     //doSQL(strSQL);
     $strSQL="select CustID as No from";
     $strSQL .=" tblCustomers where username='";
     $strSQL .=$txtemail."' order by ";
     $strSQL .="custid desc limit 0,1";
     $custid=ReturnNo($strSQL);
   }
  } 
 $strSQL="insert into tblOrders";
 $strSQL .="(CustID,OrderDate,Description";
 $strSQL .="TranID,PaymentID,Amount,";
 $strSQL .="ShipCost,TotalAmount) ";
 $strSQL .="values('".$custid."',CurDate,";
 $strSQL .="'Sales Online','".$rdship."','";
 $strSQL .=$rdpay."','".$txttotal."','";
 $strSQL .=$txtshipcost."','";
 $strSQL .=($txttotal+$txtshipcost)."')";
 //doSQL($strSQL);
 $strSQL="select OrderID as No from ";
 $strSQL .="tblOrders where CustID='";
 $strSQL .=$custid."' order by ";
 $strSQL .="OrderDate desc limit 0,1";
 $orderid=0;//ReturnNo($strSQL);
 //echo $orderid;
 for($No=1;$No<=Separate($lsitems,"No");$No++)
  {
    $strSQL="insert into tblorderdetails";
    $strSQL .="(ItemID,OrderID,No,Qtty,";
    $strSQL .="Price,Discount,Amount)"; 
    $strSQL .=" values('";
    $strSQL .=Separate($lsitems,"masp".$No);
    $strSQL .="','".$orderid."','".$No."','";
    $strSQL .=Separate($lsitems,"qtty".$No);
    $strSQL .="','".Separate($lsitems,"price".$No);
    $strSQL .="','";
    $strSQL .=Separate($lsitems,"discount".$No);
    $strSQL .="','";
    $strSQL .=Separate($lsitems,"amount".$No);
    $strSQL .="')";
    //echo $strSQL;
    //echo "<br>";
    //doSQL($strSQL);
  }
// $isSave="Y";
//}
?>
<html>
<head>
<title>InterShop-Make Order</title>
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" 
href="../style.css">
</head>
<body >
<h2 align=center>Make Orders</h2>
<form action="search.php" method="post">
<table width="400" border="0" align=center>
          <tr>           
          <td align="middle" valign="top" >
	  
		<b>Your Order have been registered 
		</b><br>
		we will be contact you as soon as 
		possible.<br><br>
		<?php
		if($rdpay=="1"){
		?>
		   You are about selecting payment by Cash<br>
		   Please contact Ms. Lan.
		<?php
		}
		else
		{
		?>
		   You are about selecting payment by Bank Tranfer<br>
		   Please tranfer money to our Account:<br>
			AccountNo: 54545454545454
			Bank: Saigon ACB Bank
			Address: 122 Le Duan Str., Dist 1., HCM City
		<?php
		}
		?>
		<br><br>
		Thank you for using our service!
	  </td>
         </tr>
	 <tr>
	  <td colspan=2 align=center> 
		<font face="Arial"><br>
		<input type="submit" 
		 value="Continue" 
		class="button">
		</font>
	  </td>
	</tr>
      </table>
</form>
</body>
</html>