</tr> <tr> <td class="rightalign"><?php echo $lang["E-mail:"]; ?> </td><td><input type ="text" name="email" value="<?php echo db_decode($answer["email"]); ?> "/></td> </tr> <tr> <td class="rightalign"><?php echo $lang["Phone:"]; ?> </td><td><input type ="text" name="phone" value="<?php echo db_decode($answer["phone"]); ?> "/></td> </tr> </table> <input type="submit" value="<?php echo $lang["Submit"]; ?> "/> <input type="reset" value="<?php echo $lang["Reset"]; ?> "/> </form> <!-- End --> </div>
<td><?php echo db_decode($answer["sellerKey"]); ?> </td> <td><a href="<?php echo mergeGetUrlData($_GET, "seller-info.php?key=" . db_decode($answer["sellerKey"]) . "&sort="); ?> "><?php echo db_decode($answer["lastName"]); ?> , <?php echo db_decode($answer["firstName"]); ?> </a></td> <td><?php echo db_decode($answer["sales"]) . " " . $lang["CURRENCY"]; ?> </td> </tr> <?php } ?> </table> <!-- End --> </div> </div> </div> <!-- Navigation thread --> <div id="navigation"> <h2 id="navigation-title"><?php
echo mergeGetUrlData($_GET, "book-info.php?bookid=" . db_decode($answer["bookID"]) . "&sort=&show=&key="); ?> "><?php echo db_decode($answer["title"]); ?> </a></td> <td><?php echo db_decode($answer["author"]); ?> </td> <td><?php echo db_decode($answer["sellerKey"]); ?> </td> <td><?php echo db_decode($answer["price"]); ?> <?php echo $lang["CURRENCY"]; ?> </td> <td> <?php switch ($answer["status"]) { case "instock": echo "<span class=\"instock\">" . $lang["In stock"] . "</span>\n"; break; case "expected": echo "<span class=\"expected\">" . $lang["Expected"] . "</span>\n"; break; case "lost":
$db = db_connect(); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // Checks for valid data if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") { header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php")); exit; } // Checks if seller exists in database (it must) $query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper($_POST["sellerid"]) . "' LIMIT 1;"; $result = db_query($db, $query_string); if (is_null($result) || db_num_rows($result) < 1) { header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php")); exit; } // Adds book into database $timestamp = time(); $query_string = "INSERT INTO " . $config["ddDBPrefix"] . "books SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "title = '" . db_encode($_POST["title"]) . "', " . "author = '" . db_encode($_POST["author"]) . "', " . "bookYear = " . ($_POST["year"] == "" ? "NULL" : db_encode($_POST["year"])) . ", " . "price = " . db_encode(format_number($_POST["price"])) . ", " . "status = '" . db_encode($_POST["status"]) . "', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "';"; $result = db_query($db, $query_string); // Gets book ID $query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "' AND " . "title = '" . db_encode($_POST["title"]) . "' AND " . "author = '" . db_encode($_POST["author"]) . "' AND " . "bookYear " . ($_POST["year"] == "" ? " IS NULL" : " = " . db_encode($_POST["year"])) . " AND " . "ABS(price - " . db_encode(format_number($_POST["price"])) . ") < 0.01 AND " . "status = '" . db_encode($_POST["status"]) . "' AND " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' LIMIT 1;"; $result = db_query($db, $query_string); //echo $query_string; $answer = db_fetch_assoc_array($result); $bookid = $answer["bookID"]; // Sleeps for 1/2 second so that MySQL can add the record usleep(500000); // Redirects to book information page header("Location: " . mergeGetUrlData($_GET, "book-info.php?bookid=" . db_decode($answer["bookID"]))); exit;
<tr class="bookbrowse-data-<?php echo $modulo; ?> "> <td><?php echo db_decode($answer["sellerKey"]); ?> </td> <td><a href="<?php echo mergeGetUrlData($_GET, "seller-info.php?key=" . db_decode($answer["sellerKey"]) . "&sort="); ?> "><?php echo db_decode($answer["lastName"]); ?> , <?php echo db_decode($answer["firstName"]); ?> </a></td> </tr> <?php } ?> </table> <!-- End --> </div> </div> </div> <!-- Navigation thread --> <div id="navigation"> <h2 id="navigation-title"><?php
echo $answer["bookID"]; ?> </td> <td><a href="<?php echo mergeGetUrlData($_GET, "book-info.php?bookid=" . $answer["bookID"] . "&sort=&show="); ?> "><?php echo $answer["title"]; ?> </a></td> <td><?php echo $answer["author"]; ?> </td> <td><a href="<?php echo mergeGetUrlData($_GET, "seller-info.php?key=" . db_decode($answer["sellerKey"]) . "&sort=&show=&bookid="); ?> "><?php echo $answer["sellerKey"]; ?> </a></td> <td><?php echo $answer["price"]; ?> <?php echo $lang["CURRENCY"]; ?> </td> <td> <?php switch ($answer["status"]) {