function dispCart()
{
$cartLen = count($_SESSION['cart']);
if ($cartLen < 1) {
echo 'You have no items in your cart.<br><a href="main.php">Keep shopping</a><br>';
die;
}
//for loop to iterate through cart items
for ($i = 0; $i < $cartLen; $i++) {
if ($cartLen > 0) {
$newconn = conndb();
//sql
$s = oci_parse($newconn, "select * from PRODUCT where PRODUCTID=:pid_prefix");
$plook = $_SESSION['cart'][$i]['productid'];
oci_bind_by_name($s, ':pid_prefix', $plook);
oci_execute($s);
//fetch a single row depending on product id
$res = oci_fetch_assoc($s);
echo "Product name: ", $res['PRODUCTNAME'], " Price: ", $res['PRODUCTPRICE'];
echo '<a href="cart.php?del=' . $i . '"> Remove item</a><br>';
}
}
if ($cartLen > 0) {
echo '<a href="checkout.php">Proceed to checkout</a><br>';
}
}
function dispCart()
{
$total = 0;
//Price total of shopping cart.
$cartLen = count($_SESSION['cart']);
if ($cartLen < 1) {
echo 'You have no items in your cart.<br><a href="main.php">Keep shopping</a><br>';
die;
}
//for loop to iterate through cart items
for ($i = 0; $i < $cartLen; $i++) {
if ($cartLen > 0) {
$newconn = conndb();
/* *** A1 - Injection attacks, converted all SQL statments to include binding/placeholders to prevent injection attacks.
*
*/
$s = oci_parse($newconn, "select * from PRODUCT where PRODUCTID=:pid_prefix");
$plook = $_SESSION['cart'][$i]['productid'];
oci_bind_by_name($s, ':pid_prefix', $plook);
oci_execute($s);
//fetch a single row depending on product id
$res = oci_fetch_assoc($s);
//quantity update
$qty_ = $_SESSION['cart'][$i]['qty'];
$price_ = $res['PRODUCTPRICE'];
//display cart total
$total_ = $qty_ * $price_;
$total += $total_;
if ($res) {
echo '<form name="form2" method="get">';
echo "Product name: ", $res['PRODUCTNAME'], " Price: ", number_format($res['PRODUCTPRICE'], 2, '.', '');
echo '<a href="cart.php?del=' . $i . '"> Remove item</a><br>';
echo "</form>";
}
}
}
//add the cart total to the session array and display total
//setlocale(LC_MONETARY, 'en_AUS');
$_SESSION['cart'][0]['total'] = $total;
$cartTotal = $_SESSION['cart'][0]['total'];
$cartTotal = number_format($cartTotal, 2, '.', '');
echo "<br>Your cart total is \${$cartTotal}<br>";
if ($cartLen > 0) {
echo '<a href="payment_page.php">Proceed to checkout</a><br>';
}
}
oci_execute($s);
//evaluate based on db information
$res = oci_fetch_row($s);
if ($res) {
oci_free_statement($s);
oci_close($conn);
return true;
} else {
oci_free_statement($s);
oci_close($conn);
echo "Username or password were incorrect.</br> Please try to login again, <a href='login.html'>click to return to login page</a>.";
return false;
}
}
//call database connection function
$newconn = conndb();
//call add user to database funtion
$loginUsr = loginChk($newconn);
//once login is succesfull, create seassion and forward user
if ($loginUsr) {
//echo 'logged in';
session_start();
global $username;
$encrypted_data = createEnc($username);
$_SESSION['email'] = $encrypted_data;
$_SESSION['loggedin'] = time();
$_SESSION['token'] = session_id();
//addSessDb($newconn);
session_write_close();
//sess to db
/* *** A10 - Unvalidated Redirects and Forwards. Only relative url is given and the full/absolute is avoided.
.forntsarabun {
font-family: "TH SarabunPSK";
font-size:20px;
}
-->
</style>
<?
header("content-type: text/html; charset=tis-620");
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");
include "Connections/dbconfig.php";
conndb();
$data = $_GET['data'];
$val = $_GET['val'];
if ($data=='vaccine') {
echo "<select name='vaccine' onChange=\"dochange('vaccine_detail', this.value)\" class='table_font2'>\n";
echo "<option value='0'>===àÅ×Í¡ÇѤ«Õ¹===</option>\n";
$result=mysql_db_query($dbname,"select * from vaccine order by id_vac");
while($row = mysql_fetch_array($result)){
echo "<option value=\"$row[id_vac]\" >$row[vac_name]</option> \n" ;
}
} else if ($data=='vaccine_detail') {
echo "<select name='vaccine_detail' class='table_font2'>\n";
echo "<option value='0'>=== àÅ×Í¡à¢çÁ ===</option>\n";
