function dispCart() { $cartLen = count($_SESSION['cart']); if ($cartLen < 1) { echo 'You have no items in your cart.<br><a href="main.php">Keep shopping</a><br>'; die; } //for loop to iterate through cart items for ($i = 0; $i < $cartLen; $i++) { if ($cartLen > 0) { $newconn = conndb(); //sql $s = oci_parse($newconn, "select * from PRODUCT where PRODUCTID=:pid_prefix"); $plook = $_SESSION['cart'][$i]['productid']; oci_bind_by_name($s, ':pid_prefix', $plook); oci_execute($s); //fetch a single row depending on product id $res = oci_fetch_assoc($s); echo "Product name: ", $res['PRODUCTNAME'], " Price: ", $res['PRODUCTPRICE']; echo '<a href="cart.php?del=' . $i . '"> Remove item</a><br>'; } } if ($cartLen > 0) { echo '<a href="checkout.php">Proceed to checkout</a><br>'; } }
function dispCart() { $total = 0; //Price total of shopping cart. $cartLen = count($_SESSION['cart']); if ($cartLen < 1) { echo 'You have no items in your cart.<br><a href="main.php">Keep shopping</a><br>'; die; } //for loop to iterate through cart items for ($i = 0; $i < $cartLen; $i++) { if ($cartLen > 0) { $newconn = conndb(); /* *** A1 - Injection attacks, converted all SQL statments to include binding/placeholders to prevent injection attacks. * */ $s = oci_parse($newconn, "select * from PRODUCT where PRODUCTID=:pid_prefix"); $plook = $_SESSION['cart'][$i]['productid']; oci_bind_by_name($s, ':pid_prefix', $plook); oci_execute($s); //fetch a single row depending on product id $res = oci_fetch_assoc($s); //quantity update $qty_ = $_SESSION['cart'][$i]['qty']; $price_ = $res['PRODUCTPRICE']; //display cart total $total_ = $qty_ * $price_; $total += $total_; if ($res) { echo '<form name="form2" method="get">'; echo "Product name: ", $res['PRODUCTNAME'], " Price: ", number_format($res['PRODUCTPRICE'], 2, '.', ''); echo '<a href="cart.php?del=' . $i . '"> Remove item</a><br>'; echo "</form>"; } } } //add the cart total to the session array and display total //setlocale(LC_MONETARY, 'en_AUS'); $_SESSION['cart'][0]['total'] = $total; $cartTotal = $_SESSION['cart'][0]['total']; $cartTotal = number_format($cartTotal, 2, '.', ''); echo "<br>Your cart total is \${$cartTotal}<br>"; if ($cartLen > 0) { echo '<a href="payment_page.php">Proceed to checkout</a><br>'; } }
oci_execute($s); //evaluate based on db information $res = oci_fetch_row($s); if ($res) { oci_free_statement($s); oci_close($conn); return true; } else { oci_free_statement($s); oci_close($conn); echo "Username or password were incorrect.</br> Please try to login again, <a href='login.html'>click to return to login page</a>."; return false; } } //call database connection function $newconn = conndb(); //call add user to database funtion $loginUsr = loginChk($newconn); //once login is succesfull, create seassion and forward user if ($loginUsr) { //echo 'logged in'; session_start(); global $username; $encrypted_data = createEnc($username); $_SESSION['email'] = $encrypted_data; $_SESSION['loggedin'] = time(); $_SESSION['token'] = session_id(); //addSessDb($newconn); session_write_close(); //sess to db /* *** A10 - Unvalidated Redirects and Forwards. Only relative url is given and the full/absolute is avoided.
.forntsarabun { font-family: "TH SarabunPSK"; font-size:20px; } --> </style> <? header("content-type: text/html; charset=tis-620"); header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Cache-Control: no-cache, must-revalidate"); header ("Pragma: no-cache"); include "Connections/dbconfig.php"; conndb(); $data = $_GET['data']; $val = $_GET['val']; if ($data=='vaccine') { echo "<select name='vaccine' onChange=\"dochange('vaccine_detail', this.value)\" class='table_font2'>\n"; echo "<option value='0'>===àÅ×Í¡ÇѤ«Õ¹===</option>\n"; $result=mysql_db_query($dbname,"select * from vaccine order by id_vac"); while($row = mysql_fetch_array($result)){ echo "<option value=\"$row[id_vac]\" >$row[vac_name]</option> \n" ; } } else if ($data=='vaccine_detail') { echo "<select name='vaccine_detail' class='table_font2'>\n"; echo "<option value='0'>=== àÅ×Í¡à¢çÁ ===</option>\n";