Your code is absolutely wide open to sql injection attacks. I could delete your entire database just by passing certain text to one of your input fields.
Using a foreach loop to automatically setup data from your $_POST array is a stupid thing to do - this should never be done under any circumstances, ever. There is never a good reason to do this and you should stop doing it instantly.
You should also have quotations around ‘total_price’ in this line: $data[total_price].
You also shouldn’t be using mysql_ functions, as they have been deprecated for YEARS. Stop using them.
I suggest you work on fixing these issues (particularly the sql injection issues) before doing anything else.