php - Assign the order ID to to its products -

need separately store products purchased customers , use 1 primary key called order_id know order products belong to.
in 1 table store order , in purchased products.
orders table struct is:

order_id (primary key), customer_id, customer_name, order_price, order_date 

my purchased_products table struct is:

order_id (foreign key references orders(order_id)), product_name, product_price, quantity 

how works
when buy something, run code store data:

try {     $connection = new pdo("mysql:host={$host};dbname={$db_name}", $username, $pass); }  $connection->begintransaction(); $sql = "insert orders (customer_id, customer_name, order_price, order_date)         values (?, ?, ?, ?)";  $query = $connection->prepare($sql); $query->execute(array (     $user_id,     $user['user_name'],     $order_price,     $date ));  $id_of_respective_order = $connection->lastinsertid();  $sql = "insert purchased_products (order_id, product_name, product_price, quantity)         values (?, ?, ?, ?)";  $query = $connection->prepare($sql);  foreach($_session['cart'] $product) {     $query->execute(array     (         $id_of_respective_order,         $product['product_name'],         $product['product_price'],         $product['quantity']     )); }  $connection->commit(); 

with logic lock table, order inserted and, assign correct order id products belongs use pdo lastinsertid. after can query using:

select * orders c, purchased_products pc c.customer_id {$user_id} , pc.order_id = c.order_id order c.order_id desc 

my questions are:

1. method 100% secure? if not, do?

2. if many customers buy @ same time table locked data inserted correctly, one-by-one, in sequence, waiting previous order or user purchased when data being inserted receive error , required try finish order later?

3. if many customers buy @ same time, there chance of products being assigned wrong order id?

appreciate attention, immensely receive concrete answer take away doubts , assure me can use method quietly without fear.

1. is method 100% secure? if not, do?

from sql injection pov, @ least prevented 1 way using bound parameters. still suggest using manual pre-check, though. golden rule is: never trust user input, don't see in code suppose so.

2. if many customers buy @ same time table locked data inserted correctly, one-by-one, in sequence, waiting previous order or user purchased when data being inserted receive error , required try finish order later?

in mysql, depends on both storage engine , transaction isolation level, transactions may run in parallel, "one-by-one, in sequence" doesn't apply. there no error dbms level, there lost update if have stock field in products table. 2 (or more!) users buying same product may update stock independently, without 1 aware of other. result ranges negative stock inconsistent stock vs quantity. experienced before , need use application level transaction locking solve it. if don't have it, though, should safe.

3. if many customers buy @ same time, there chance of products being assigned wrong order id?

you use transactions secure it, no.