Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Need some help with changing some script

  • This topic is empty.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • October 6, 2013 at 10:42 pm #152189
    iamRDM
    Participant

    Hello,
    I need some help with a script.
    Basically its a billing script. It assigns a invoice number to every bill and to next bill it ads 1 (say 41 then 42).
    What I want is that it should start from number 400 onwards, as its starting from 1.
    Here is the code of its step that assigns Invoice number.
    http://codepen.io/iamrdm/pen/hgeal

    October 6, 2013 at 11:17 pm #152190
    __
    Participant

    $res=mysql_query("select * from invoices order by id desc")or die(mysql_error()); $r=mysql_fetch_array($res); $id=$r['id']++;

    oh my.

    That’s so horrible.

    well; Strictly speaking, you can solve your immediate problem by simply adding (or changing) a record with an id of 400. You can use a tool like phpMyAdmin, if it is available to you. You could also simply do it via the command line.

    However, the better way to do it would be to make the id an autoincrement column. What your code does now is very inefficient and error-prone.

    (Please know that I am not attacking or blaming you with any of this, and that I know how difficult it can be to “fix” bad coding. I only want you to be aware of some problems you may potentially face in the future.)

    1) select * is almost always a bad idea. (I say “almost” because “heck, anything’s possible.”) You should explicitly list the columns you want, even if you really do want all of them.

    2) also consider that you are selecting all rows and columns from your table. Because you need to find one number.

    This might not cause too many problems with only 41 or 42 records in the table, but you will come to the point where your application crashes because PHP literally runs out of memory trying to fetch the results.

    3) not an SQL problem, but or die() is a very bad way to handle errors. It breaks things in the middle of a page. Putting mysql_error() inside it only shows everyone (including attackers!) exactly what your weaknesses are.

    4) $id = $res['id']++ – SQL has an attribute called AUTOINCREMENT. It does basically this, but inside the database. This is not only more efficient, but also avoids possible errors, like “race conditions.”

    Imagine:

    … user 1 buys something. Your script queries the invoice database and finds the biggest id is 99. It uses 100 for its invoice.

    … in the meantime, user 2 buys something. Your first user has not yet finished their transaction, so when the script queries the database, it also finds the biggest id is 99, and also uses 100 as its invoice id.

    … what happens when both users finish their purchases? Hopefully, your id field is a PRIMARY or UNIQUE key, and this will cause the second order submission to fail.

    That’s the “hopeful” result, because the other option is that the second order will overwrite the first one, and you’ll have two paying customers, but you only know about one of them.

    5) also not an SQL problem, and harder to solve, but the mysql_* functions are deprecated. If you are able, it would be advisable to update all your code and use mysqli or PDO instead.

    October 6, 2013 at 11:36 pm #152191
    iamRDM
    Participant

    @traq
    thanks for your response but I know nothing about php.
    Bought this script from some developer and now he’s gone -_-
    But I’m the only one who can generate bills users and no do that.
    I’m also planning to not to use this script.
    Can you suggest me any script which I can use to generate bills in my factory, it must have a invoice number field.
    Only I’ll be having the right to generate bills.

    October 7, 2013 at 9:21 am #152222
    __
    Participant

    Well, if there’s only one person using the system, it’s likely that many of these problems will not manifest. Likewise, if your database stays small, you might never have memory problems either.

    If you want to switch invoicing scripts, you might actually look into a service (like freshbooks, for example). I’ve never used such services, so I can’t recommend any specific service. But they seem suitable and small-business friendly.

    October 14, 2013 at 4:57 am #152934
    iamRDM
    Participant

    Thanks @traq

    But can you please explain how can I change the invoice number to start from 400.
    If you need script I can email you.

    October 14, 2013 at 9:57 am #152961
    __
    Participant

    Do you have access to a database utility, such as phpMyAdmin? If so, you can simply create a “dummy” invoice and then change the number manually. Subsequent invoices would increment from there.

    October 16, 2013 at 4:34 am #153147
    iamRDM
    Participant

    @traq thanks a ton man.. Now finally I can use it..

    Thanks a lot :)

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • The forum ‘Back End’ is closed to new topics and replies.