/** * Displays the main content of the page. * * @param $title The title of the page */ function showContent($title) { $db = new DB(); $cartID = getCartID(); $sql = "SELECT ID, name, products.price, quantity, date \n FROM shoppingcarts, products\n WHERE productID=ID AND CartID='{$cartID}'"; $result = $db->query($sql); echo "<h1>{$title}</h1>\n"; echo "<table>\n"; showHeading(); $user = isset($_SESSION['user']) ? $_SESSION['user'] : ""; while ($row = mysql_fetch_row($result)) { list($productId, $prodName, $price, $qty, $date) = $row; $total += $price * $qty; showItem($productId, $prodName, $price, $qty); $sql = "INSERT INTO orders(username, date, status)\n VALUES ('{$user}', '{$date}', 'ordered')"; $db->query($sql); $sql = "INSERT INTO orderItems(orderID, productID, quantity, status)\n VALUES ('LAST_INSERT_ID()', '{$productId}', '{$qty}', 'ordered')"; $db->query($sql); $sql = "DELETE FROM shoppingcarts WHERE CartID='{$cartID}'"; $db->query($sql); } $total = "\$" . number_format($total, 2); showFooter($total); echo "</table>\n"; $sql = "SELECT fname, lname, address, city, state, zip, country\n FROM customers, addresses \n WHERE customers.username=addresses.username \n AND customers.username='******'"; $result = $db->query($sql); $row = mysql_fetch_row($result); list($fname, $lname, $address, $city, $state, $zip, $country) = $row; echo "<p>This order will be shipped to</p>"; echo "<p>{$fname} {$lname}</p>"; echo "<p>{$address}</p>"; echo "<p>{$city}, {$state} {$zip}</p>"; echo "<p>{$country}</p>"; setcookie('cartID', '', time() - 86400, '/'); session_destroy(); }
/** * Updates the quantity of an item. * * @param $db A DB object for secure database operations * @param $pid The product ID */ function updateItem($db, $pid) { $cartID = getCartID(); $qty = getQuantity(); if ($qty <= 0) { deleteItem($db, $pid); } else { $sql = "UPDATE shoppingcarts SET Quantity={$qty} \n WHERE CartID='{$cartID}' AND ProductID={$pid}"; $db->query($sql); } }