One way might to have a dummy login-id that all guests use. You’d need to ensure that doing it that way does not mean that one guest can see another guests orders, payment information, etc. Probably a better way of doing it.
When you’re dealing with any data that has been submitted by the user you need to always use prepared statements otherwise you’ll leave yourself wide open to SQL Injection attacks. You also should be validating any user submitted data for example if login IDs are numeric you could use is_int() to check if the login ID is a number.
Create a new field “is_guest” to be used as boolean in user_table. Then use unique/random generated $loginid (or the default autoincrement) to insert this new guest user.
From time to time, run a cron job for deleting old “is_guest” records from the user_table if needed.
If the user is not a guest anymore (i.e. he subscribed), update the row to is_guest=false.
If you are using sage pay/paypal or something I have found it easier to not worry about storing the information untill after the payment, on the sucess callback just fetch the transaction records and save the relevant information to your invoice database.