/**
* Displays the main content of the page.
*
* @param $title The title of the page
*/
function showContent($title)
{
$db = new DB();
$cartID = getCartID();
$sql = "SELECT ID, name, products.price, quantity, date \n FROM shoppingcarts, products\n WHERE productID=ID AND CartID='{$cartID}'";
$result = $db->query($sql);
echo "<h1>{$title}</h1>\n";
echo "<table>\n";
showHeading();
$user = isset($_SESSION['user']) ? $_SESSION['user'] : "";
while ($row = mysql_fetch_row($result)) {
list($productId, $prodName, $price, $qty, $date) = $row;
$total += $price * $qty;
showItem($productId, $prodName, $price, $qty);
$sql = "INSERT INTO orders(username, date, status)\n VALUES ('{$user}', '{$date}', 'ordered')";
$db->query($sql);
$sql = "INSERT INTO orderItems(orderID, productID, quantity, status)\n VALUES ('LAST_INSERT_ID()', '{$productId}', '{$qty}', 'ordered')";
$db->query($sql);
$sql = "DELETE FROM shoppingcarts WHERE CartID='{$cartID}'";
$db->query($sql);
}
$total = "\$" . number_format($total, 2);
showFooter($total);
echo "</table>\n";
$sql = "SELECT fname, lname, address, city, state, zip, country\n FROM customers, addresses \n WHERE customers.username=addresses.username \n AND customers.username='******'";
$result = $db->query($sql);
$row = mysql_fetch_row($result);
list($fname, $lname, $address, $city, $state, $zip, $country) = $row;
echo "<p>This order will be shipped to</p>";
echo "<p>{$fname} {$lname}</p>";
echo "<p>{$address}</p>";
echo "<p>{$city}, {$state} {$zip}</p>";
echo "<p>{$country}</p>";
setcookie('cartID', '', time() - 86400, '/');
session_destroy();
}
/**
* Updates the quantity of an item.
*
* @param $db A DB object for secure database operations
* @param $pid The product ID
*/
function updateItem($db, $pid)
{
$cartID = getCartID();
$qty = getQuantity();
if ($qty <= 0) {
deleteItem($db, $pid);
} else {
$sql = "UPDATE shoppingcarts SET Quantity={$qty} \n WHERE CartID='{$cartID}' AND ProductID={$pid}";
$db->query($sql);
}
}
