im creating invoicing localhost system
..
this is my process.php located at form action in my index.php which contain form to create invoice
..
how to redirect to invoice.php?order=idInvoice with last data submitted ? i need it to redirect to submitted random number on $idInvoice
but
help me please with my code
<?php
include("../conn.php");
if(isset($_POST['create'])){
$idInvoice = (rand(10000000,99000000));
$waInvoice = $_POST['waInvoice'];
$useridInvoice = $_POST['useridInvoice'];
$serveridInvoice = $_POST['serveridInvoice'];
$produkInvoice = $_POST['layanan'];
$sql = "INSERT INTO invoice (idInvoice, waInvoice, useridInvoice, serveridInvoice, produkInvoice, statusInvoice) VALUE ('$idInvoice', '$waInvoice', '$useridInvoice', '$serveridInvoice', '$produkInvoice', 'NOT PAID')";
$query = mysqli_query($conn, $sql);
if( $query ) {
header('Location: invoice.php?order=echo '$idInvoice'');
} else {
header('Location: index.php?status=failed');
}
} else {
die("access prohibited...");
}
?>
please help me with below code
if( $query ) {
header('Location: invoice.php?order=echo '$idInvoice'');
} else {
header('Location: index.php?status=failed');
}
CodePudding user response:
Change to this , remove your echo
header('Location: invoice.php?order='.$idInvoice);
CodePudding user response:
You need to update the header and remove the echo word:
header('Location: invoice.php?order='.$idInvoice);
You should also really look into using prepared statements for SQL so you aren't potentially opening yourself up to MySQL injection attacks.
You also may want to consider your method of displaying the invoice differently, right now it looks like your generating a random number for an invoice ID and then redirecting to a page that will likely display the invoice details. You could run into an issue with duplicate IDs by random chance, but also people can just type in random numbers to potentially find someone else's invoice. Be careful with what you are displaying on the invoice page if there is no authentication behind it.