home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    

Web Database Applications with PHP \& MySQLWeb Database Applications with PHP \& MySQLSearch this book

Chapter 12. Ordering and Shipping at the Winestore

We complete our description of the shopping components of the winestore by outlining the ordering and shipping modules in this chapter. The ordering module manages the conversion of the shopping cart discussed in Chapter 11 to an order. The module manages the most complex database interactions in the winestore and includes locking to address concurrency problems. The shipping module consists of two receipts: an email receipt that shows how the PHP mail( ) function is used in practice and an HTML receipt that is similar to the customer receipt in Chapter 10.

This chapter is the third of four that outline the complete winestore application. As in the previous two chapters, we emphasize that the scripts aren't a production system but an illustration of web database application practice. We encourage use of the scripts for any purpose and suggest that the best method to understand the scripts is to view, edit, and use them while reading the chapter. We also emphasize that the descriptions in this chapter are outlines and that a full understanding of the scripts requires reading and using the code.

The scripts discussed in this chapter perform the following functions:

Finalize orders
Convert a shopping cart in the items and orders tables to an order and manage the sale of wine through the inventory table

Email receipts
Send a confirmation email to the user

HTML order receipts
Complete the ordering process with an HTML receipt that avoids the reload problem

12.1. Finalizing Orders

When a user finishes adding items to his cart, he usually proceeds to a purchase. Finalizing an order requires several steps that include checking that sufficient inventory is available to complete the order, converting the shopping cart to an order, and deducting the wines sold from the inventory. These tasks require locking of the database and are examples of moderately complex query processing. The script order.3 shown in Example 12-1 performs these tasks.

The script works as follows:

  1. It tests that the user is logged in and that the cart has contents. These tests should never fail, as the Make Purchase button is shown only when the user is viewing the cart, is logged in, and the cart has contents. If either test fails, an error message is registered, and the script redirects to the calling script.

  2. The inventory, items, and orders tables are locked for writing, and the users and customer tables are locked for reading. The inventory, items, and orders tables are all updated in the purchasing process, and they must be locked because the inventory is first checked to ensure that sufficient quantities of wine are available and then later updated. Without locking, it is possible for another user to purchase the wine while this script is running, resulting in more wine being sold than is in stock. This is an example of the dirty read concurrency problem discussed in Chapter 6, and locking must be used to avoid the problem.

  3. Each item in the cart is then processed, and the inventory is checked to ensure that enough wine is available. If no wine is available—the count( ) of the matching inventory rows is zero—an error message is registered. Similarly, if less wine is available than the user wants—the sum( ) of the on_hand quantity of the matching rows is less than the user's cart qty—an error message is also registered. On error, the script also updates the user's cart so that the quantity (qty) of wine in the user's cart matches the quantity that is on_hand. In the case of an error, the script uses the function showWine( ) to show the user the details of the wine. This function opens its own connection to the DBMS so that the wine, wine_variety, winery, and grape_variety tables don't need to be locked for reading in the order.

  4. If the inventory checks succeed, the script proceeds to convert the user's cart to be a customer's order. This process is straightforward:

    1. Determine the cust_id from the loginUsername session variable using the function getCustomerID( ).

    2. Find the maximum order_id for this customer.

    3. Update the orders and items rows by replacing the cust_id of -1 with the customer's cust_id and the order_id with the next available order_id for this customer.

  5. After the database has been updated, the cart is emptied using session_unregister( ) to remove the order_no session variable.

  6. Having completed the order and checked the inventory, the script finishes the ordering process by reducing the inventory. This can never fail, since all required tables are locked, and you've checked that sufficient quantities are available. The process is similar to checking the cart: you iterate through each item and, for each one, you update the inventory. The inventories are processed from oldest to newest. Consider an example in which the user wants to purchase 24 bottles of a wine. There are two inventories of this wine: the first has 13 bottles and was added in May 2000; the second has 25 bottles and was added in September 2001. To satisfy the order, the oldest inventory of 13 bottles is emptied and deleted, and the second inventory is reduced by 11 bottles.

  7. With the process complete, the tables are unlocked. If there are no errors, the script redirects to the shipping.1 script to confirm the order, and the cust_id and order_id are passed as GET method parameters. If there are errors, the user is returned to the cart view page.

Example 12-1. order.3 finalizes the user's purchase

<?php
   // This script finalizes a purchase
   // It expects that a cart has contents and that the
   // user is logged in

   include 'include.inc';

   set_error_handler("errorHandler");

   // Re-establish the existing session
   session_start( );    

   // Check if a cart exists - this should never fail
   // unless the script is run directly
   if (!session_is_registered("order_no"))
   {
      session_register("message");
      $message = 
         "There are no items in your shopping cart!";

      // Redirect the browser back to the calling page
      header("Location: $HTTP_REFERER");
      exit;
   }      

   // Check if the user is logged in - this should 
   // never fail unless the script is run directly
   if (!session_is_registered("loginUsername"))
   {
      session_register("message");
      $message = 
         "You must login to finalize your purchase.";

      // Redirect the browser back to the calling page
      header("Location: $HTTP_REFERER");
      exit;
   }      
   
   // Open a connection to the DBMS
   if (!($connection = @ mysql_pconnect($hostName, 
                                       $username, 
                                       $password)))
      showerror( );                                     

   if (!mysql_select_db($databaseName, $connection))
      showerror( );

   // Several tables must be locked to finalize a purchase.
   // We avoid locking four other tables by
   // using another DBMS connection to produce the wine
   // information
   $query = "LOCK TABLES inventory WRITE, 
                         orders WRITE, 
                         items WRITE, 
                         users READ, 
                         customer READ";

   // LOCK the tables
   if (!(@ mysql_query ($query, $connection)))
      showerror( );   

   // Process each wine in the cart and find out if 
   // there is sufficient stock available in the inventory
   $query = "SELECT * FROM items 
             WHERE cust_id = -1 
             AND order_id = $order_no";

   // Initialise an empty error message
   $message = "";

   if (!($result = @ mysql_query ($query, $connection)))
      showerror( );
      
   // Get the next wine in the cart         
   for ($winesInCart = 0; 
        $winesInCart < mysql_num_rows($result); 
        $winesInCart++)
   {
      $cartRow[$winesInCart] = @ mysql_fetch_array($result);

      // Is there enough of this wine on hand?
      $query = "SELECT COUNT(on_hand), SUM(on_hand)
                FROM inventory 
                WHERE wine_id = " . 
                $cartRow[$winesInCart]["wine_id"];

      if (!($stockResult = @ mysql_query ($query,
                                          $connection)))
         showerror( );
                                       
      $on_hand = @ mysql_fetch_array($stockResult);

      if ($on_hand["COUNT(on_hand)"] == 0)
         $available = 0;
      else
         $available = $on_hand["SUM(on_hand)"];
                      
      // Is there more wine in the cart than is for sale?
      if ($cartRow[$winesInCart]["qty"] > $available)
      {
         if (!session_is_registered("message"))
            session_register("message");

         if ($available == 0)
            $message .= "Sorry! We just sold out of " . 
               showWine($cartRow[$winesInCart]["wine_id"],
                        NULL) .
                        "\n<br>";
         else 
            $message .= "Sorry! We only have " . 
                        $on_hand["SUM(on_hand)"] . 
                        " bottles left of " . 
               showWine($cartRow[$winesInCart]["wine_id"],
                        NULL) .
                        "\n<br>";

         // Update the user's quantity to match the
         // available amount
         $query = "UPDATE items
                   SET qty = " . $available . 
                   " WHERE cust_id = -1
                   AND order_id = $order_no
                   AND item_id = " .
                   $cartRow[$winesInCart]["item_id"];

         if (!(@ mysql_query ($query, $connection)))
            showerror( );
      }                                                           
   } // for $winesInCart < mysql_num_rows($result);

   // We have now checked if there is enough wine 
   // available.
   // If there is, we can proceed with the order. 
   // If not, we send the user back to the amended
   // cart to think about purchasing the lesser
   // amount.
   
   if (empty($message))
   {
      // Everything is ok - let's proceed then!
      // First of all, find out the user's cust_id and
      // the next available order_id for this customer.
      $custID = getCustomerID($loginUsername, NULL);

      $query = "SELECT max(order_id) 
                FROM orders 
                WHERE cust_id = $custID";

      if (($result = @ mysql_query ($query, $connection)))
         $row = mysql_fetch_array($result);         
      else
         showerror( );

      $newOrder_no = $row["max(order_id)"] + 1;
      
      // Now, change the cust_id and order_id of their cart!
      $query = "UPDATE orders 
                SET cust_id = $custID , " . 
                "order_id = " . $newOrder_no .
               " WHERE order_id = $order_no";

      if (!(@ mysql_query ($query, $connection)))
         showerror( );

      $query = "UPDATE items 
                SET cust_id = $custID , " . 
               "order_id = " . $newOrder_no .
               " WHERE order_id = $order_no";

      if (!(@ mysql_query ($query, $connection)))
         showerror( );

      // Officially empty the cart
      session_unregister("order_no");

      // Now we have to do the inventory. 
      // We do this one cart item at a time.
      // For all items, we know that there *is*
      // sufficient inventory, since we've checked earlier
      foreach($cartRow as $currentRow)
      {
         // Find the inventories for this wine, oldest first
         $query = "SELECT inventory_id, on_hand
                   FROM inventory
                   WHERE wine_id = " .
                   $currentRow["wine_id"] .
                   " ORDER BY date_added";

         if (!($result = @ mysql_query ($query,
                                        $connection)))
            showerror( );

         // While there are still bottles to be deducted
         while($currentRow["qty"] > 0)
         {
            // Get the next-oldest inventory
            $row = @ mysql_fetch_array($result);

            // Is there more wine in this inventory than 
            // the user wants?
            if ($row["on_hand"] > $currentRow["qty"])
            {
               // Reduce the inventory by the amount the
               // user ordered
               $query = "UPDATE inventory 
                    SET on_hand = on_hand - " .
                        $currentRow["qty"] .
                  " WHERE wine_id = " . 
                        $currentRow["wine_id"] .
                  " AND inventory_id = " . 
                        $row["inventory_id"];

               // The user doesn't need any more of this
               // wine
               $currentRow["qty"] = 0;
            }
            else
            {
               // Remove the inventory - we sold the
               // remainder to this user
               $query = "DELETE FROM inventory 
                         WHERE wine_id = " .
                        $currentRow["wine_id"] .
                       " AND inventory_id = " . 
                        $row["inventory_id"];

               // This inventory reduces the customer's
               // required amount by at least 1, but 
               // we need to process more inventory
               $currentRow["qty"] -= $row["on_hand"];
            }   

            // UPDATE or DELETE the inventory
            if (!(@ mysql_query ($query, $connection)))
               showerror( );
         }
      }
   }
   else
      $message .=  "\n<br>The quantities in your cart " .
                   "have been updated\n.";

   // Last, UNLOCK the tables
   $query = "UNLOCK TABLES";
   if (!(@ mysql_query ($query, $connection)))
     showerror( );

   // Redirect to the email confirmation page if 
   // everything is ok
   // (supply the custID and orderID to the script)
   // otherwise go back to the cart page and show a message
   if (empty($message))
   {
      header("Location: example.shipping.1.php?" .
             "custID=$custID&orderID=$newOrder_no");
      exit;
   }
   else
      header("Location: example.cart.2.php");
?>


Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.











??????????????@Mail.ru