<?php session_start(); require "db.php"; require "functions.php"; $validid = pf_validate_number($_GET['id'], "redirect", $config_basedir); $prodsql = "SELECT * FROM products WHERE id = " . $validid . ";"; // $prodres = mysql_query($prodsql); // $numrows = mysql_num_rows($prodres); // $prodrow = mysql_fetch_assoc($prodres); $prodres = $db->query($prodsql); $numrows = $prodres->rowCount(); $prodrow = $prodres->fetchAll(PDO::FETCH_ASSOC); if ($numrows == 0) { header("Location: " . $config_basedir); } else { if ($_POST['submit']) { if ($_SESSION['SESS_ORDERNUM']) { $itemsql = "INSERT INTO orderitems(order_id, product_id, quantity) VALUES(" . $_SESSION['SESS_ORDERNUM'] . ", " . $validid . ", " . $_POST['amountBox'] . ")"; //mysql_query($itemsql); $db->query($itemsql); } else { if ($_SESSION['SESS_LOGGEDIN']) { $sql = "INSERT INTO orders(customer_id, registered, date) VALUES(" . $_SESSION['SESS_USERID'] . ", 1, NOW())"; //mysql_query($sql); $db->query($sql); //session_register("SESS_ORDERNUM"); //$_SESSION['SESS_ORDERNUM'] = mysql_insert_id(); $_SESSION['SESS_ORDERNUM'] = null; $_SESSION['SESS_ORDERNUM'] = $db->lastInsertId(); $itemsql = "INSERT INTO orderitems(order_id, product_id, quantity) VALUES(" . $_SESSION['SESS_ORDERNUM'] . ", " . $validid . ", " . $_POST['amountBox'] . ")";
<?php require "config.php"; require "db.php"; require "functions.php"; $validid = pf_validate_number($_GET['id'], "redirect", $config_basedir . "showcart.php"); $itemsql = "SELECT * FROM orderitems WHERE id = " . $_GET['id'] . ";"; // $itemres = mysql_query($itemsql); // $numrows = mysql_num_rows($itemres); $itemres = $db->query($itemsql); $numrows = $itemres->rowCount(); if ($numrows == 0) { header("Location: " . $config_basedir . "showcart.php"); } //$itemrow = mysql_fetch_assoc($itemres); $itemrow = $itemres->fetchAll(PDO::FETCH_ASSOC); $prodsql = "SELECT price FROM products WHERE id = " . $itemrow[0]['product_id'] . ";"; // $prodres = mysql_query($prodsql); // $prodrow = mysql_fetch_assoc($prodres); $prodres = $db->query($prodsql); $prodrow = $prodres->fetchAll(PDO::FETCH_ASSOC); $sql = "DELETE FROM orderitems WHERE id = " . $_GET['id']; //mysql_query($sql); $db->query($sql); $totalprice = $prodrow[0]['price'] * $itemrow[0]['quantity']; $updsql = "UPDATE orders SET total = total - " . $totalprice . " WHERE id = " . $_SESSION['SESS_ORDERNUM'] . ";"; //mysql_query($updres); $db->query($updres); header("Location: " . $config_basedir . "/showcart.php"); ?>
<?php include "config.php"; include "functions.php"; $validid = pf_validate_number($_GET['id'], "value", $config_basedir); require "header.php"; if ($validid == 0) { $sql = "SELECT items.* FROM items WHERE dateends > NOW()"; } else { $sql = "SELECT * FROM items WHERE dateends > NOW() AND cat_id = " . $validid . ";"; } //$result = mysql_query($sql); //$numrows = mysql_num_rows($result); $result = $db->query($sql); $numrows = $result->rowCount(); echo "<h1>Items available</h1>"; echo "<table cellpadding='5'>"; echo "<tr>"; echo "<th>Image</th>"; echo "<th>Item</th>"; echo "<th>Bids</th>"; echo "<th>Price</th>"; echo "</tr>"; if ($numrows == 0) { echo "<tr><td colspan=4>No items!</td></tr>"; } else { //while($row = mysql_fetch_assoc($result)) { foreach ($result as $row) { $imagesql = "SELECT * FROM images WHERE item_id = " . $row['id'] . " LIMIT 1"; // $imageresult = mysql_query($imagesql); // $imagenumrows = mysql_num_rows($imageresult);
<?php session_start(); require "config.php"; require "functions.php"; if (isset($_SESSION['SESS_ADMINLOGGEDIN']) == FALSE) { header("Location: " . $basedir); } $validid = pf_validate_number($_GET['id'], "redirect", $config_basedir . "adminorders.php"); require "header.php"; echo "<h1>Order Details</h1>"; echo "<a href='adminorders.php'><-- go back to the main orders screen</a>"; $ordsql = "SELECT * from orders WHERE id = " . $validid; // $ordres = mysql_query($ordsql); // $ordrow = mysql_fetch_assoc($ordres); $ordres = $db->query($ordsql); $ordrow = $ordres->fetchAll(PDO::FETCH_ASSOC); echo "<table cellpadding=10>"; echo "<tr><td><strong>Order Number</strong></td><td>" . $ordrow[0]['id'] . "</td>"; echo "<tr><td><strong>Date of order</strong></td><td>" . date('D jS F Y g.iA', strtotime($ordrow[0]['date'])) . "</td>"; echo "<tr><td><strong>Payment Type</strong></td><td>"; if ($ordrow[0]['payment_type'] == 1) { echo "PayPal"; } else { echo "Cheque"; } echo "</td>"; echo "</table>"; if ($ordrow[0]['delivery_add_id'] == 0) { $addsql = "SELECT * FROM customers WHERE id = " . $ordrow[0]['customer_id']; //$addres = mysql_query($addsql);
<?php session_start(); include "config.php"; include "functions.php"; //$db = mysql_connect($dbhost, $dbuser, $dbpassword); //mysql_select_db($dbdatabase, $db); try { $db = new PDO("mysql:host={$dbhost};dbname={$dbdatabase}", $dbuser, $dbpassword); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo 'database connection error: ' . $e->getMessage(); } $validid = pf_validate_number($_GET['id'], "redirect", "index.php"); if (isset($_SESSION['USERNAME']) == FALSE) { //header("Location: " . $HOST_NAME . "login.php?ref=images&id=" . $validid); header("Location: " . $_SERVER['HTTP_HOST'] . "login.php?ref=images&id=" . $validid); } $theitemsql = "SELECT user_id FROM items WHERE id = " . $validid . ";"; //$theitemresult = mysql_query($theitemsql); //$theitemrow = mysql_fetch_assoc($theitemresult); $theitemresult = $db->query($theitemsql); $theitemrow = $theitemresult->fetchAll(PDO::FETCH_ASSOC); if ($theitemrow[0]['user_id'] != $_SESSION['USERID']) { header("Location: " . $config_basedir); } if ($_POST['submit']) { if ($_FILES['userfile']['name'] == '') { // header("Location: " . $HOST_NAME . $SCRIPT_NAME . "?error=nophoto"); header("Location: " . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . "?error=nophoto"); } elseif ($_FILES['userfile']['size'] == 0) {