function callDB() { $option = $_REQUEST['operation']; $table = $_REQUEST['target']; $selectSQL = ''; $loadSql = ''; $newSql = ''; $updateSql = ''; $name = ''; $id = ''; $param = ''; switch ($table) { case 2: $tableName = 'project_info'; if ($option == 'read') { $loadSql = "select p.ID, p.IMAGE,p.IMAGE_PATH, c.Name, p.CAPTION,p.CREATED, p.UPDATED from project_info p inner join category c on p.IMAGE_CATEGORY = c.ID where p.DELETED=0 and c.DELETED=0"; } if ($option == 'select') { $id = $_REQUEST['RecId']; $selectSQL = "select p.ID,p.IMAGE,p.IMAGE_PATH, c.NAME, p.CAPTION from project_info p inner join category c on p.IMAGE_CATEGORY = c.ID where p.ID = {$id}"; } if ($option == 'new') { $param = $_REQUEST['name']; $newSql = "insert into project_info (IMAGE, IMAGE_CATEGORY, CAPTION, IMAGE_PATH) VALUES ('{$param['0']}',(select ID from category where NAME= '{$param['1']}' and DELETED = 0),'{$param['2']}', '{$param['3']}')"; } if ($option == 'update') { $param = $_REQUEST['name']; $id = $_REQUEST['id']; if (empty($param[3])) { $updateSql = "update project_info set IMAGE='{$param['0']}',IMAGE_CATEGORY = (select ID from category where Name='{$param['1']}'), CAPTION ='{$param['2']}', UPDATED = now() where ID = {$id} and DELETED=0"; } else { $updateSql = "update project_info set IMAGE='{$param['0']}',IMAGE_CATEGORY = (select ID from category where Name='{$param['1']}'), CAPTION ='{$param['2']}', IMAGE_PATH = '{$param['3']}', UPDATED = now() where ID = {$id} and DELETED=0"; } } break; case 4: $tableName = 'slider'; if ($option == 'read') { $loadSql = "select * from slider where DELETED = 0"; } if ($option == 'select') { $id = $_REQUEST['RecId']; $selectSQL = "select * from slider where ID={$id}"; } if ($option == 'new') { $param = $_REQUEST['name']; $newSql = "insert into slider (IMAGE, HEAD_CAPTION, SUB_CAPTION, IMAGE_PATH) VALUES ('{$param['0']}','{$param['1']}','{$param['2']}', '{$param['3']}')"; //print_r($newSql); } if ($option == 'update') { $param = $_REQUEST['name']; $id = $_REQUEST['id']; if (empty($param[3])) { $updateSql = "update slider set IMAGE = '{$param['0']}', HEAD_CAPTION = '{$param['1']}' , SUB_CAPTION = '{$param['2']}' , UPDATED = now() where ID = {$id} and DELETED= 0 "; } else { $updateSql = "update slider set IMAGE = '{$param['0']}', HEAD_CAPTION = '{$param['1']}' , SUB_CAPTION = '{$param['2']}', IMAGE_PATH = '{$param['3']}' , UPDATED = now() where ID = {$id} and DELETED= 0 "; } } break; } switch ($option) { case "read": //callread(); echo json_encode(readRecords($loadSql)); break; case "select": echo json_encode(readRecords($selectSQL)); break; case "update": //$date = now(); //echo($date); updateRecords($updateSql); if ($table == 2) { echo "<script>window.location = 'portfolio.php';</script>"; } else { if ($table == 4) { echo "<script>window.location = 'slider.php';</script>"; } } break; case "delete": $id = $_REQUEST['RecId']; $sql = "update {$tableName} set DELETED = 1 where ID={$id} "; echo deleteRecords($sql); break; case "new": WriteRecords($newSql); if ($table == 2) { echo "<script>window.location = 'portfolio.php';</script>"; } else { if ($table == 4) { echo "<script>window.location = 'slider.php';</script>"; } } break; } }
function createBasketPage($userID) { $varsSet = false; $logged = "Log In"; $loggedLink = "index.php"; if (!empty($_SESSION['userID'])) { $varsSet = true; $logged = "Log Out"; $loggedLink = "logout.php"; } $userID = $_SESSION['userID']; $firstName = " "; $lastName = " "; if ($varsSet) { $firstName = $_SESSION['firstName']; $lastName = $_SESSION['lastName']; } $scripts = array("Script.js"); $stylesheets = array("indexPage.css", "StyleSheet.css", "bootstrap.css", "basket.css"); $title = "Basket"; require "../local/nbgardens_connection.php"; $basketDetails = readRecordsWhereID("basket", "user_id", $userID); include "includes/header.php"; ?> <nav> <div class="container"> <ul class="pull-left" class="nav nav-tabs"> <li><a href="index.php">Home</a></li> <li><a href="catalogue.php">Catalogue</a></li> </ul> <ul class="pull-right" class="nav nav-tabs"> <li class="active"><a href="#">Basket</a></li> <li><a href=<?php echo '"' . $loggedLink . '">' . $logged; ?> </a></li> <?php if ($varsSet) { if ($_SESSION['username'] == 'administrator') { echo '<li><a href="addProduct.php">Add New Product</a></li>'; } } ?> </ul> </div> </nav> <br> <br> <h3 id="title">Basket (<?php echo $firstName . " " . $lastName; ?> ) </h3> <div id="basket"> <?php $total = 0; for ($i = 0; $i < count($basketDetails); $i++) { $prodID = $basketDetails[$i]['product_id']; $basketQuantity = $basketDetails[$i]['quantity']; $productDetails = readRecordsWhereID("products", "product_ID", $prodID); $productPic = $productDetails[0]['image']; $productName = $productDetails[0]['name']; $productPrice = $productDetails[0]['price']; $subTotal = $productPrice * $basketQuantity; $total += $subTotal; if ($basketQuantity > 0) { ?> <div> <a href="product.php?prodID=<?php echo $prodID; ?> "> <img src="Images/<?php echo $productPic; ?> " alt="<?php echo $productName; ?> " style="height: 100px; width: 100px"></a> <p><?php echo $productName; ?> : <?php echo $basketQuantity; ?> </p> <p>Cost per Item: £<?php echo $productPrice; ?> </p> <p>SubTotal: £<?php echo $subTotal; ?> </p> <form method="post" action="basket.php"> Remove:<br> <input type="text" name="removeQuantity"> <input type="hidden" name="productID" value="<?php echo $prodID; ?> "> <input type="submit" value="Remove" name="removeAmount"> <input type="submit" value="Remove All" name="removeAll"> </form> </div> <?php } } ?> <br> <h4 style="margin-left: 20px;">Total cost of basket: £<?php echo $total . '</p>'; ?> </div> <?php if (isset($_POST['removeAmount'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { // collect value of input field $removeQuantity = $_POST['removeQuantity']; $prodID = $_POST['productID']; $columns = ['quantity']; $productDetails = readRecordsWhereID('basket', 'product_id', $prodID); $basketQuantity = $productDetails[0]['quantity']; if ($removeQuantity <= $basketQuantity) { $basketQuantity -= $removeQuantity; $query = updateRecords('basket', 'quantity', $basketQuantity, 'product_id', $prodID); $db = connect(); $db->exec($query); } } } elseif (isset($_POST['removeAll'])) { if ($_SERVER["REQUEST_METHOD"] == "POST") { $prodID = $_POST['productID']; $productDetails = readRecordsWhereID('basket', 'product_id', $prodID); $query = updateRecords('basket', 'quantity', 0, 'product_id', $prodID); $db = connect(); $db->exec($query); } } include "includes/footer.php"; }
<?php require "../local/nbgardens_connection.php"; if ($_SERVER["REQUEST_METHOD"] == "POST") { // collect value of input field $removeQuantity = $_POST['removeQuantity']; $prodID = $_POST['productID']; $columns = ['quantity']; $productDetails = readRecordsWhereID('basket', 'product_id', $prodID); $basketQuantity = $productDetails[0]['quantity']; if ($removeQuantity <= $basketQuantity) { $basketQuantity -= $removeQuantity; $query = updateRecords('basket', 'quantity', $basketQuantity, 'product_id', $prodID); $db = connect(); $db->exec($query); } }
function callDB() { $option = $_REQUEST['operation']; //echo('option choosed'.$option); //$option="update"; //$tableName=$_GET['table']; //$tableName='category'; $table = $_REQUEST['target']; $selectSQL; $loadSql; $newSql; $updateSql; $name; $id; $param; switch ($table) { case 1: $tableName = 'category'; //echo ' '.$tableName.' '.$option; if ($option == 'read') { $loadSql = "select * from category where DELETED = 0"; } if ($option == 'select') { $id = $_REQUEST['RecId']; $selectSQL = "select * from category where ID={$id}"; } if ($option == 'update') { $name = $_REQUEST['name']; //check same name for current record $match = "select NAME from category where NAME= '{$name}' and DELETED= 0 "; $result = readRecords($match); if ($result) { echo 'duplicate'; return; } else { $id = $_REQUEST['RecId']; $match = "select NAME from category where NAME = '{$name}' and ID != {$id} and DELETED = 0 "; $result = readRecords($match); //print_r($result); if ($result) { //echo('in second update'); echo 'duplicate'; return; } else { //print_r('in update'); $updateSql = "update category set NAME='{$name}', UPDATED = now() where ID = {$id} and deleted=0"; //print_r($updateSql); } } } if ($option == "new") { $name = $_REQUEST['name']; //check same name for current record $match = "select NAME from category where NAME= '{$name}' and DELETED= 0 "; $result = readRecords($match); if ($result) { echo 'duplicate'; return; } else { $newSql = "insert into category(NAME) values('{$name}')"; } } break; case 3: $tableName = 'footer_info'; //echo ' '.$tableName.' '.$option; if ($option == 'read') { $loadSql = "select * from footer_info where DELETED = 0"; } if ($option == 'select') { $id = $_REQUEST['RecId']; $selectSQL = "select * from footer_info where ID={$id}"; } if ($option == 'new') { $name = $_REQUEST['name']; //echo($name); $newSql = "insert into footer_info(ABOUT) values('{$name}')"; } if ($option == 'update') { $name = $_REQUEST['name']; $id = $_REQUEST['RecId']; $updateSql = "update footer_info set ABOUT='{$name}', UPDATED = now() where ID = {$id} and deleted=0"; } break; } //echo($table); switch ($option) { case "read": //callread(); echo json_encode(readRecords($loadSql)); break; case "select": echo json_encode(readRecords($selectSQL)); break; case "update": //$date = now(); //echo($date); //echo('in update'); die(); echo updateRecords($updateSql); //echo "<script>window.location = 'fileUpload.php';</script>"; break; case "delete": $id = $_REQUEST['RecId']; $sql = "update {$tableName} set DELETED = 1 where ID={$id} "; echo deleteRecords($sql); break; case "new": echo json_encode(WriteRecords($newSql)); break; } }