browser back button ...orderID already sent to DB giving dup

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

browser back button ...orderID already sent to DB giving dup

Post by jonnyfortis »

I have a checkout.php going to a payment gateway using a form and "process payment" button, as the user is sent to the payment gateway hosted page the orderID with other information is sent to the database. The trouble i am having is if the user hits the back button on the brower then returns back to the checkout.php then try and click process payment again the are given the duplicate key as this orderID has already been sent to the database

what options do i have for correcting this. i thought about having a refresh once script then killing the orderID on the checkout.php page. this way if they return to the page via the back button the page should refresh then kill the orderID.

is this a way of doing it or incorrect?

thanks in advance
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: browser back button ...orderID already sent to DB giving

Post by requinix »

The method I like best is, basically, recording that the order was placed (with that order ID) as one of the first things your payment processing script does. It can be in a pending state which you would then update later to indicate it's been processed, or even whether it succeeded.

That way if they click back and resubmit, that order ID will already be associated with something and the processing script can abort with some kind of "duplicate order" error.
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: browser back button ...orderID already sent to DB giving

Post by jonnyfortis »

requinix wrote:The method I like best is, basically, recording that the order was placed (with that order ID) as one of the first things your payment processing script does. It can be in a pending state which you would then update later to indicate it's been processed, or even whether it succeeded.

That way if they click back and resubmit, that order ID will already be associated with something and the processing script can abort with some kind of "duplicate order" error.
hello I have a value of pending that is sent to the order details that is associated with the orderID but how to i tell the code the if pending choose that orderID and continue?

this is the code i have for getting the order ID etc..

Code: Select all

// *** Retrieve X ID ***
if (!session_id()) session_start();
$XC_OrderIdSessionVar = "OrderID";
if (!isset($_SESSION[$XC_OrderIdSessionVar])) {
  // Get a unique OrderID number and save to session.
  $XC_tableName = "LOTTIE_nextorder";
  $XC_fieldName = "NextOrderID";
  mysql_select_db($database_lotties, $lotties);
  $XC_IdSource = "select " . $XC_fieldName . " from " .  $XC_tableName;
  $XC_rsId = mysql_query($XC_IdSource, $lotties) or die(mysql_error());
  $row_XC_rsId = mysql_fetch_assoc($XC_rsId);
  $_SESSION[$XC_OrderIdSessionVar] = $row_XC_rsId[$XC_fieldName];
  $$XC_OrderIdSessionVar = $_SESSION[$XC_OrderIdSessionVar];
  session_register($XC_OrderIdSessionVar);
  $XC_next = $_SESSION[$XC_OrderIdSessionVar] + 1;
  $XC_upd = "update " . $XC_tableName . " set " . $XC_fieldName . " = " . $XC_next;
  $XC_rsId = mysql_query($XC_upd, $lotties) or die(mysql_error());
  $XC_rsId = null;
}
and for adding order information to the DB

Code: Select all


if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO LOTTIE_orders (OrderID, CustomerID, OrderDate, Shipping, Discount, Tax, Total, TransactResult) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['OrderID'], "text"),
                       GetSQLValueString($_POST['CustomerID'], "int"),
                       GetSQLValueString($_POST['OrderDate'], "date"),
                       GetSQLValueString($_POST['Shipping'], "double"),
                       GetSQLValueString($_POST['Discount'], "double"),
                       GetSQLValueString($_POST['Tax'], "double"),
					   GetSQLValueString($_POST['XC_Amount'], "double"),
					   GetSQLValueString($_POST['TransactResult'], "text"));

thanks
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: browser back button ...orderID already sent to DB giving

Post by requinix »

Isn't there a second page in your checkout process? Something that comes after the order is initiated and before the payment is committed, like a confirmation page?
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: browser back button ...orderID already sent to DB giving

Post by jonnyfortis »

requinix wrote:Isn't there a second page in your checkout process? Something that comes after the order is initiated and before the payment is committed, like a confirmation page?
its is sent to a process.php page using this code

Code: Select all

// *** Save XCart contents to table ***
require_once('XCInc/XCsaveAction.inc');
if (isset($_GET['XC_SaveCartToTable']) && ($_GET['XC_SaveCartToTable'] == "1")) {
  $XC_destColName = array("ProductID","Quantity","","UnitPrice","","Total");
  $XC_destColType = array("str","str","str","num","num","num");
  $XC_orderId = $_SESSION['OrderID'];
  $XC_tableName = "LOTTIE_orderdetails";
  $XC_OrderIDCol = "OrderID";
  $XC_OrderIDType = "num";
  $XC_AddToTableRedirect = "../HostedSample/Process.php?$x_reqstr";
  $XC_conName = "lotties";
  require_once('XCInc/SaveXCartToTable.inc');
}
the process.php has variavles including

Code: Select all

<?php
// variables to send
if (!session_id()) session_start();
$itemNumber = $_SESSION["OrderID"];
//$itemNumber = $_SESSION["OrderID"];
$itemName = "Shopping at Lottie and Jakes ";
$amount = $_GET["amount"];
$firstN = $_GET["firstname"];
$lastN = $_GET["lastname"];
$emailC = $_GET["cemail"];
?>
but the process page is an invisible page
Post Reply