- This topic is empty.
-
AuthorPosts
-
October 6, 2013 at 10:42 pm #152189iamRDMParticipant
Hello,
I need some help with a script.
Basically its a billing script. It assigns a invoice number to every bill and to next bill it ads 1 (say 41 then 42).
What I want is that it should start from number 400 onwards, as its starting from 1.
Here is the code of its step that assigns Invoice number.
http://codepen.io/iamrdm/pen/hgealOctober 6, 2013 at 11:17 pm #152190__Participant$res=mysql_query("select * from invoices order by id desc")or die(mysql_error());
$r=mysql_fetch_array($res);
$id=$r['id']++;
oh my.
That’s so horrible.
well; Strictly speaking, you can solve your immediate problem by simply adding (or changing) a record with an
id
of400
. You can use a tool like phpMyAdmin, if it is available to you. You could also simply do it via the command line.However, the better way to do it would be to make the
id
anautoincrement
column. What your code does now is very inefficient and error-prone.(Please know that I am not attacking or blaming you with any of this, and that I know how difficult it can be to “fix” bad coding. I only want you to be aware of some problems you may potentially face in the future.)
1)
select *
is almost always a bad idea. (I say “almost” because “heck, anything’s possible.”) You should explicitly list the columns you want, even if you really do want all of them.2) also consider that you are selecting all rows and columns from your table. Because you need to find one number.
This might not cause too many problems with only 41 or 42 records in the table, but you will come to the point where your application crashes because PHP literally runs out of memory trying to fetch the results.
3) not an SQL problem, but
or die()
is a very bad way to handle errors. It breaks things in the middle of a page. Puttingmysql_error()
inside it only shows everyone (including attackers!) exactly what your weaknesses are.4)
$id = $res['id']++
– SQL has an attribute calledAUTOINCREMENT
. It does basically this, but inside the database. This is not only more efficient, but also avoids possible errors, like “race conditions.”Imagine:
… user 1 buys something. Your script queries the invoice database and finds the biggest
id
is99
. It uses100
for its invoice.… in the meantime, user 2 buys something. Your first user has not yet finished their transaction, so when the script queries the database, it also finds the biggest
id
is99
, and also uses100
as its invoice id.… what happens when both users finish their purchases? Hopefully, your
id
field is aPRIMARY
orUNIQUE
key, and this will cause the second order submission to fail.That’s the “hopeful” result, because the other option is that the second order will overwrite the first one, and you’ll have two paying customers, but you only know about one of them.
5) also not an SQL problem, and harder to solve, but the
mysql_*
functions are deprecated. If you are able, it would be advisable to update all your code and usemysqli
orPDO
instead.October 6, 2013 at 11:36 pm #152191iamRDMParticipant@traq
thanks for your response but I know nothing about php.
Bought this script from some developer and now he’s gone -_-
But I’m the only one who can generate bills users and no do that.
I’m also planning to not to use this script.
Can you suggest me any script which I can use to generate bills in my factory, it must have a invoice number field.
Only I’ll be having the right to generate bills.October 7, 2013 at 9:21 am #152222__ParticipantWell, if there’s only one person using the system, it’s likely that many of these problems will not manifest. Likewise, if your database stays small, you might never have memory problems either.
If you want to switch invoicing scripts, you might actually look into a service (like freshbooks, for example). I’ve never used such services, so I can’t recommend any specific service. But they seem suitable and small-business friendly.
October 14, 2013 at 4:57 am #152934iamRDMParticipantThanks @traq
But can you please explain how can I change the invoice number to start from 400.
If you need script I can email you.October 14, 2013 at 9:57 am #152961__ParticipantDo you have access to a database utility, such as phpMyAdmin? If so, you can simply create a “dummy” invoice and then change the number manually. Subsequent invoices would increment from there.
October 16, 2013 at 4:34 am #153147 -
AuthorPosts
- The forum ‘Back End’ is closed to new topics and replies.