How do I update mysql db payment status from pending to success in the flutterwave api please find the code snippet below. the db connection is included from a controller.php file
<php?
if($amountPaid >= $amountToPay)
{
echo 'Payment successful';
//* Continue to give item to the user
$res = json_decode($response);
$array= json_decode($response,true);
$payment_id = $array["data"]["id"];
$transaction_amount = $array["data"]["amount"];
$payment_status = $array["status"];
$tx_ref = $array["data"]["tx_ref"];
$query3 = "UPDATE transaction_details SET payment_id=$payment_id , payment_status=
$payment_status WHERE tx_ref=$tx_ref";
if ($conn->query($query3) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
header('location: congratulations.php');
} else {
echo 'unusual transaction detected';
}
}else
{
echo 'Can not process payment';
}
}
}
?>
Ok thanks everyone just figured it out . Had the problem because I sort of mixed up my coding styles using OOP and procedural in same codelines. solved it by using mysqli procedural prepared statement. This helped me to bind the variables to mysql db fields
Related
I wrote some code that handles the callback request from my payment service. But I get MethodNotAllowedHttpException. No message.
Here is my controller :
if(isset($_POST['State']) && $_POST['State'] == "OK") {
$soapclient = new soapclient('https://verify.sep.ir/Payments/ReferencePayment.asmx?WSDL');
$res = $soapclient->VerifyTransaction($_POST['RefNum'], $MerchantCode);
if( $res <= 0 )
{
// Transaction Failed
echo "Transaction Failed";
} else {
// Transaction Successful
echo "Transaction Successful";
echo "Ref : {$_POST['RefNum']}<br />";
echo "Res : {$res}<br />";
}
} else {
// Transaction Failed
echo "Transaction Failed";
}
What is wrong with my code?
Probably you used the GET method for the route, update it to a POST and will be working fine since the API seems to expect that.
I wrote this code to comment system on my webpage. But i want to keep showing all data on web page while another people do comment and see another people's comment
include 'connection.php';
$con1= new connection();
$db=$con1-> open();
$qry= "INSERT INTO post (content) VALUES ('".$_POST["commentEntered"]."')";
$db->exec($qry);
if(isset($_POST['Submit'])) {
if ($con1->query($qry) === TRUE) {
echo "Your Comment Successfull Submited";
} else {
echo "Error: " . $qry . "<br>" . $con1->error;
}
$sql = 'SELECT * FROM post';
$q = $db->query($sql);
$q->setFetchMode(PDO::FETCH_ASSOC);
$con1->close();
}
if ($_POST)
echo "<h2> Your Comment Successfully Submitted</h2> <br> ".$_POST['commentEntered']."<br>";
}
?>
after your select, inside your if($_POST) write this
while ($row = $q->fetch()) {
foreach($row as $key=>$val){
if (!is_numeric($key)) echo "<p>$key=>$val</p>";
}
}
EDIT i'm not 100% sure you can close the connection and still do a ->fetch, (I think you can but i've never tried it) so you may have to move your connection close after this (but I think you'll be alright), also I am not sure if setFetchMode will return duplicate numbered keys or not so as a precaution I have filtered for them you may not need to
I've been looking for hours atm but I can't seem to delete an item from my database. The $id is from $_GET['id']
<?php
$hostdb = "localhost";
$userdb = "root";
$pwdb = "";
$namedb = "cloud";
$dbCon = mysqli_connect($hostdb, $userdb, $pwdb, $namedb);
if(!$dbCon){
die("CONNECTION FAILED");
}
?>
Call to action remove button. Redirect to customers.php
<form action="customers.php" method="POST">
<button type="submit" name="remove" class="btn btn-sm btn-danger"><i class="glyphicon glyphicon-remove-circle"></i> Remove</button>
</form>
<?php
if(isset($_POST['remove'])) {
include("php/remove.php");
removeCustomer($id);
}
?>
Remove class
<?php
function removeCustomer($id){
include("connect.php");
$query = "DELETE FROM customers WHERE Id='$id'";
echo $id //gives me the right id
if(!mysqli_query($dbCon,$query) === TRUE){
echo "Error while removing customer from the database.";
}
mysqli_close($dbCon);
}
?>
UPDATE
When I redirect to the same page, then it does get removed.
But that's not the right way I suppose.
Ex. When I'm at page customer.php?id=2 and my form redirects to customer.php?id=2 then it's removed.
UPDATE 2 + SOLUTION
I've removed the "action" redirect in my form and it works fine.
There are a few things you can do to tighten up this code and make it more self-diagnostic when it goes wrong.
First, follow the convention on handling the result from mysqli_query(). Just check for the negation.
Secondly, make your error message announce the problem as well as the failure. Also, for troubleshooting's sake, make it announce success.
Thirdly, it's unlikely but possible that you don't have autocommit set. So commit your change immediately after you do the delete.
That will produce this code.
$query = "DELETE FROM customers WHERE Id='$id'";
if(!mysqli_query($dbCon,$query)){
echo "Error while removing customer ($id) from the database: "
. $dbCon->error;
}
else {
echo "Customer ($id) correctly removed from the database.";
}
if (!mysqli_commit($dbCon)) {
echo "Transaction commit failed: " . $dbCon->error;
}
mysqli_close($dbCon);
Finally, use a bind parameter to protect your code against cybercriminals. Then your code will look like this.
$query = "DELETE FROM customers WHERE Id=?";
$stmt = mysqli_prepare($dbCon, $query) || die ($dbCon->error);
mysqli_stmt_bind_param($stmt, 'd', $id) || die ($dbCon->error);
if(!mysqli_stmt_execute($stmt)){
echo "Error while removing customer ($id) from the database: "
. $dbCon->error;
}
mysqli_stmt_close($stmt);
if (!mysqli_commit($dbCon)) {
echo "Transaction commit failed: " . $dbCon->error;
}
mysqli_close($dbCon);
This business with the $stmt looks like a lot of extra work. But it's much safer -- proof against malicious rubbish in your $id variable.
Replace your If condition with this code.
if(mysqli_query($dbCon,$query) == FALSE){
echo "Error while removing customer from the database.";
}
OR
if(mysqli_query($dbCon,$query) != TRUE){
echo "Error while removing customer from the database.";
}
AND
if your Id is int then remove single quote in where condition.
I'm currently struggling with a page that allows a user to complete one of two options. They can either update an existing item in the SQL database or they can delete it. When the customer deletes an option everything runs perfectly well, however whenever a customer updated an item it displays the Query failed statement from the delete function before applying the update.
It seems obvious to me that the problem must be in my IF statement and that the DeleteButton function isn't exiting if the $deleteno variable isn't set. Any help would be appreciated. Excuse the horribly messy code PHP isn't a language I am familiar with. (I have not included the connect information for privacy reasons)
function DeleteButton(){
#mysqli_select_db($con , $sql_db);
//Checks if connection is successful
if(!$con){
echo"<p>Database connection failure</p>";
} else {
if(isset($_POST["deleteID"])) {
$deleteno = $_POST["deleteID"];
}
if(!isset($deleteno)) {
$sql = "delete from orders where orderID = $deleteno;";
$result = #mysqli_query($con,$sql);
if((!$result)) {
echo "<p>Query failed please enter a valid ID </p>";
} else {
echo "<p>Order $deleteno succesfully deleted</p>";
unset($deleteno);
}
}
}
}
That is the code for the delete button and the following code is for the UpdateButton minus the connection information (which works fine).
if(isset($_POST["updateID"])) {
$updateno = $_POST["updateID"];
}
if(isset($_POST["updatestatus"])) {
if($_POST["updatestatus"] == "Fulfilled") {
$updatestatus = "Fulfilled";
} elseif ($_POST["updatestatus"] == "Paid") {
$updatestatus = "Paid";
}
}
if(isset($updateno) && isset($updatestatus)) {
$sql ="update orders set orderstatus='$updatestatus' where orderID=$updateno;";
$result = #mysqli_query($con,$sql);
if(!$result) {
echo "<p>Query failed please enter a valid ID</p>";
} else {
echo "<p>Order: $updateno succesfully updated!</p>";
}
}
Once again these are incomplete functions as I have omitted the connection sections.
if(!isset($deleteno)) {
$sql = "delete from orders where orderID = $deleteno;";
Are you sure you want to execute that block if $deleteno is NOT set?
P.S. You shouldn't rely on $_POST['deleteId'] being a number. Please read about SQL injections, how to avoid them and also about using prepared statements.
I've update your code, but you need to write cleaner code ( spaces, indents, etc ) this won't only help you to learn but to find your errors easily.
<?php
function DeleteButton()
{
#mysqli_select_db($con , $sql_db);
/*
Checks if connection is successful
*/
if(!$con){
echo"<p>Database connection failure</p>";
} else {
/*
Check if $_POST["deleteID"] exists, is not empty and it is numeric.
*/
if(isset($_POST["deleteID"]) && ! empty($_POST["deleteID"]) && ctype_digit(empty($_POST["deleteID"]))
$deleteno = $_POST["deleteID"];
$sql = "delete from orders where orderID='$deleteno'";
$result = #mysqli_query($con,$sql);
if(!$result){
echo "<p>Query failed please enter a valid ID </p>"
} else {
echo "<p>Order $deleteno succesfully deleted</p>";
unset($deleteno);
}
} else {
echo "<p>Please enter a valid ID </p>" ;
}
}
}
/*
Part 2:
===========================================================================
Check if $_POST["updateID"] exists, is not empty and it is numeric.
Check if $_POST["updatestatus"] exists, is not empty and equal to Paid or Fullfilled
*/
if( isset($_POST["updateID"]) &&
! empty($_POST["updateID"]) &&
ctype_digit(empty($_POST["updateID"]) &&
isset($_POST["updatestatus"]) &&
! empty($_POST["updatestatus"]) &&
( $_POST["updatestatus"] == "Fulfilled" || $_POST["updatestatus"] == "Paid" ) )
{
$updateno = $_POST["updateID"];
$updatestatus = $_POST["updatestatus"];
$sql ="update orders set orderstatus='$updatestatus' where orderID=$updateno;";
$result = #mysqli_query($con,$sql);
if(!$result){
echo "<p>Query failed please enter a valid ID</p>";
} else {
echo "<p>Order: $updateno succesfully updated!</p>";
}
}
There is an error in MySQL Syntax
$sql = "delete from orders where orderID = $deleteno;";
$deleteno after orderID must be inside single quotes.
change it to this $sql = "delete from orders where orderID = '$deleteno';";
Simple PHP page (I'm no PHP expert, just learning) to update a MS SQL database. The following code generates an error that I dont know how to solve.
include '/connections/SFU.php';
$query = "UPDATE Person SET PhotoURL = '".$file["name"]."' WHERE USERID='".$_REQUEST['user_id']."';";
if ($result = odbc_exec($dbconnect, $query)) {
echo "// Success!";
}
else {
echo "// Failure!";
}
odbc_close($dbconnect);
//End Update
This fails every time in the "if ($result ..." section
However, if I run virtually the same code
include '/connections/SFU.php';
$query = "UPDATE Person SET PhotoURL = '89990.jpg' WHERE USERID='80'";
if ($result = odbc_exec($dbconnect, $query)) {
// Success!
}
else {
// Failure!
}
odbc_close($dbconnect);
//End Update
It works just fine. I have echoed the $query string to the screen and the string is the same for both. I can't figure out why it fails in one and not the other?
Also weird is when I use a parameterized query such as
include '/connections/SFU.php';
$query = "UPDATE dbo.Person SET PhotoURL=? WHERE USERID=?";
if ($res = odbc_prepare($dbconnect,$query)) {
echo "Prepare Success";
} else {
echo "Prepare Failed".odbc_errormsg();
}
$uid = $_REQUEST['user_id'];
$fn = $file["name"];
echo "query=".$query." userid=".$uid." filename=".$fn;
if ($result = odbc_exec($res, array($fn, $uid))) {
echo "// Success!";
}
else {
echo odbc_errormsg();
echo "// Failure!";
}
odbc_close($dbconnect);
The query fails in the prepare section above, but fails in the odbc_exec section below:
include '/connections/SFU.php';
$query = "UPDATE Person SET PhotoURL=? WHERE USERID=?";
if ($res = odbc_prepare($dbconnect,$query)) {
echo "Prepare Success";
} else {
echo "Prepare Failed".odbc_errormsg();
}
$uid = "80";
$fn = "samplefile.jpg";
echo "query=".$query." userid=".$uid." filename=".$fn;
if ($result = odbc_exec($res, array($fn, $uid))) {
echo "// Success!";
}
else {
echo odbc_errormsg();
echo "// Failure!";
}
odbc_close($dbconnect);
In all cases I do not get any odbc_errormsg ().
Remove the extra ; from your query.
$query = "UPDATE Person SET PhotoURL = '".$file["name"]."' WHERE
USERID='".$_REQUEST['user_id']."';";
^
So your query should be,
$query = "UPDATE Person SET PhotoURL = '".$file["name"]."' WHERE
USERID='".$_REQUEST['user_id'];
Also have practice of using odbc_errormsg() so you can have a better idea why your query gets failed.
Warning: Your code is vulnerable to sql injection attacks!