function create_update_list($post_update_list, $db_update_list) { $set_update = ''; foreach ($post_update_list as $key => $value) { if (postOK($value)) { if (empty($set_update)) { $set_update .= $db_update_list[$key] . ' = "' . tep_db_prepare_input($_POST[$value]) . '"'; } else { $set_update .= ',' . $db_update_list[$key] . ' = "' . tep_db_prepare_input($_POST[$value]) . '"'; } } } return $set_update; }
<?php function postOK() { return isset($_POST["marka"]) && isset($_POST["model"]) && isset($_POST["cena"]) && isset($_POST["data"]); } function fileOK() { return $_FILES["snimka"]["error"] > 0 && ($_FILES["snimka"]["type"] == "image/gif" || $_FILES["snimka"]["type"] == "image/jpeg" || $_FILES["snimka"]["type"] == "image/jpg" || $_FILES["snimka"]["type"] == "image/pjpeg" || $_FILES["snimka"]["type"] == "image/x-png" || $_FILES["snimka"]["type"] == "image/png"); } if (!(fileOK() && postOK())) { $con = mysqli_connect("localhost", "root", "", "test"); if (mysqli_connect_errno($con)) { echo "Failed to connect" . mysqli_connect_error(); } $marka = mysqli_real_escape_string($con, $_POST["marka"]); $model = mysqli_real_escape_string($con, $_POST["model"]); $cena = mysqli_real_escape_string($con, $_POST["cena"]); $date = mysqli_real_escape_string($con, $_POST["date"]); $name = mysqli_real_escape_string($con, $_COOKIE["name"]); $expire = time() + 2 * 24 * 60 * 60; $expire = date("Y-m-d", $expire); $snimka = $_FILES["snimka"]["name"]; $image = "Images/" . $_FILES["snimka"]["name"]; if (file_exists("Images/" . $_FILES["snimka"]["name"])) { echo $_FILES["snimka"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["snimka"]["tmp_name"], "Images/" . $snimka["_FILES"]["name"]); } $msg = "INSERT INTO carsinfo (Car,DateofProduction,Model,BidPrice,image,sellerName,Expire)\r\n VALUES ('{$marka}','{$date}','{$model}','{$cena}','{$image}','{$name}','{$expire}')"; $mysqli_query($con, $msg);
/** * Retrieves all the organisations */ include_once 'database.php'; include_once 'functions.php'; include_once '../includes/configure.php'; include_once '../includes/database_tables.php'; include_once '../includes/functions/database.php'; if (postOK('organisation_id') && !verifyExistence(TABLE_ADDRESS_BOOK, 'address_book_id', $_POST['organisation_id'])) { header('Content-type: text/xml'); echo '<xml></xml>'; die; } $query = 'select ab.address_book_id as id, ab.entry_country_id as country_id, ab.entry_company as title, c.customers_email_address as email, c.customers_telephone as phone, c.customers_fax as fax, ctr.countries_name as country ' . 'from ' . TABLE_ADDRESS_BOOK . ' as ab, ' . TABLE_CUSTOMERS . ' as c, ' . TABLE_COUNTRIES . ' as ctr ' . 'where ab.customers_id = c.customers_id and ab.entry_company != "" and ctr.countries_id = ab.entry_country_id'; if (postOK('organisation_id')) { $query .= ' and ab.address_book_id = ' . $_POST['organisation_id']; } include_once 'object_query.php'; $query = new Object_query($query); if ($query->isRequestOk()) { $xml = '<xml>'; $organisations = array(); foreach ($query->getCollection() as $organisation) { if (!isKnownOrganisation($organisations, $organisation['title'])) { $organisations[$organisation['title']] = array(); } else { if (isKnownCountryForOrg($organisations, $organisation['title'], $organisation['country_id'])) { continue; } }
<?php /** * Retrieves all the lines (products linked with an order) of an order */ include_once 'database.php'; include_once 'functions.php'; include_once '../includes/configure.php'; include_once '../includes/functions/database.php'; include_once '../includes/database_tables.php'; include_once '../includes/functions/general.php'; tep_db_connect() or die('Unable to connect to database'); if (!postOK('sale_order_id') or !verifyExistence(TABLE_ORDERS_PRODUCTS, 'orders_id', $_POST['sale_order_id'])) { header('Content-type: text/xml'); echo '<xml></xml>'; die; } $query = 'select orders_products_id as id, products_name as title, concat_ws(" ", "", products_name) as reference, products_price as price, products_quantity as quantity, products_tax as vat from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = ' . $_POST['sale_order_id']; header('Content-type: text/xml'); echo executeSQL($query); tep_db_close();
<?php include 'tiosafe_config.php'; if (postOK('sale_order_line_id') and postOK('sale_order_id')) { $products_id = $_POST['sale_order_line_id']; $orders_id = $_POST['sale_order_id']; $query2 = 'SELECT orders_products_attributes_id AS id, products_options, products_options_values FROM ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' WHERE orders_id = ' . $orders_id . ' AND orders_products_id = ' . $products_id; $result2 = $db->Execute($query2); $xml = '<xml>'; while (!$result2->EOF) { $xml .= '<object>'; $xml .= '<id>' . $result2->fields['orders_products_attributes_id'] . '</id>'; $xml .= '<category>' . $result2->fields['products_options'] . '/' . $result2->fields['products_options_values'] . '</category>'; $xml .= '</object>'; $result2->MoveNext(); } $xml .= '</xml>'; header('Content-type: text/xml'); echo $xml; } $db->close(); ?>
if ( !(int) $_POST['person_id'] ) { header('Content-type: text/xml'); echo '<xml></xml>'; die(); } } if ( postOK('person_id') && !verifyExistence(TABLE_CUSTOMERS, 'customers_id', $_POST['person_id'])) { header('Content-type: text/xml'); echo '<xml></xml>'; die(); } */ tep_db_connect() or die('Unable to connect to database'); $query = 'select c.customers_id as id, c.customers_firstname as firstname, c.customers_lastname as lastname, c.customers_email_address as email, c.customers_dob as birthday, c.customers_telephone as telephone, c.customers_fax as fax, concat_ws(" ", "", ab.entry_company, ctr.countries_name) as relation ' . 'from ' . TABLE_CUSTOMERS . ' as c , ' . TABLE_ADDRESS_BOOK . ' as ab, ' . TABLE_COUNTRIES . ' as ctr ' . 'where c.customers_default_address_id = ab.address_book_id and ab.entry_country_id = ctr.countries_id'; if (postOK('person_id')) { $query .= ' and c.customers_id = ' . $_POST['person_id']; } include_once 'object_query.php'; $query = new Object_query($query); if ($query->isRequestOk()) { $xml = '<xml>'; foreach ($query->getCollection() as $person) { $xml .= '<object>'; foreach ($person as $key => $value) { if ($key == 'relation') { if ($value != '' and isValidRelation($person['id'])) { $xml .= "<nb_rel>" . count(explode(" ", $value)) . "</nb_rel>"; $xml .= "<{$key}>{$value}</{$key}>"; } continue;
<?php /** * Retrieves all the products of the products table */ include_once 'database.php'; include_once 'functions.php'; include_once '../includes/configure.php'; include_once '../includes/database_tables.php'; include_once '../includes/functions/database.php'; tep_db_connect() or die('Unable to connect to database'); if (postOK('products_id') && !verifyExistence(TABLE_PRODUCTS, 'products_id', $_POST['product_id'])) { header('Content-type: text/xml'); echo '<xml></xml>'; die; } $language_id = getDefaultLanguageID(); $query = 'select p.products_id as id, p.products_id as reference, pd.products_name as title from ' . TABLE_PRODUCTS . ' as p, ' . TABLE_PRODUCTS_DESCRIPTION . ' as pd where p.products_id = pd.products_id and pd.language_id = ' . $language_id; if (postOK('product_id')) { $query .= ' and p.products_id = ' . $_POST['product_id']; } header('Content-type: text/xml'); echo executeSQL($query); tep_db_close();
<?php include_once 'functions.php'; include_once '../includes/configure.php'; include_once '../includes/database_tables.php'; include_once '../includes/functions/database.php'; if (!postNotEmpty('id')) { die('Product Id not given'); } $products_id = $_POST['id']; if (postOK('category')) { $category = explode('/', $_POST['category']); $option = $category[0]; $value = $category[1]; $optionId = optionExists($option); $valueId = valueExists($value); if (!$optionId) { $optionId = createOption($option); } if (!$valueId) { $valueId = createValue($value); } if (!isOptionLinkedToValue($optionId, $valueId)) { createLink($optionId, $valueId); } if (!isProductLinked($optionId, $valueId, $products_id)) { createLinkToProduct($optionId, $valueId, $products_id); } die; } tep_db_connect() or die('Unable to connect to database');
<?php /** * Retrieves all the orders in the orders table */ include_once 'database.php'; include_once 'functions.php'; include_once '../includes/configure.php'; include_once '../includes/database_tables.php'; include_once '../includes/functions/database.php'; tep_db_connect() or die('Unable to connect to database'); if (postOK('sale_order_id') && !verifyExistence(TABLE_ORDERS, 'orders_id', $_POST['sale_order_id'])) { header('Content-type: text/xml'); echo "<xml></xml>"; die; } $destination = 'concat(" ", concat_ws(" ", o.delivery_name, o.customers_email_address))'; $destination_ownership = 'concat(" ", concat_ws(" ", c.customers_firstname, c.customers_lastname, c.customers_email_address))'; $destination_administration = 'concat(" ", concat_ws(" ", o.billing_name, c.customers_email_address))'; $destination_decision = 'concat(" ", concat_ws(" ", o.customers_name, c.customers_email_address))'; // Getting only delivered orders ie orders_status=3 $query = 'select o.orders_id as id, o.orders_id as reference, o.currency as currency, ' . $destination . ' as destination, ' . $destination_administration . ' as destination_administration, ' . $destination_decision . ' as destination_decision, ' . $destination_ownership . ' as destination_ownership, o.payment_method as payment_mode ' . 'from ' . TABLE_ORDERS . ' as o, ' . TABLE_CUSTOMERS . ' as c where c.customers_id = o.customers_id and orders_status = 3'; if (postOK('sale_order_id')) { $query .= ' and o.orders_id = ' . $_POST['sale_order_id']; } header('Content-type: text/xml'); echo executeSQL($query); tep_db_close(); ?>
die; } if (postOK('product_id') and !postOK('order_id')) { $product_id = $_POST['product_id']; $language_id = getDefaultLanguageID(); $query = 'select pa.products_attributes_id, po.products_options_name, pov.products_options_values_name from ' . TABLE_PRODUCTS_ATTRIBUTES . ' as pa, ' . TABLE_PRODUCTS_OPTIONS . ' as po, ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' as pov where pa.products_id = ' . $product_id . ' and pa.options_id = po.products_options_id and pa.options_values_id = pov.products_options_values_id and po.language_id = ' . $language_id . ' and pov.language_id = ' . $language_id; $db_query = tep_db_query($query); $xml = '<xml>'; while ($result = tep_db_fetch_array($db_query)) { $xml .= '<object>'; $xml .= '<category>' . $result['products_options_name'] . '/' . strtolower($result['products_options_values_name']) . '</category>'; $xml .= '</object>'; } $xml .= '</xml>'; } else { if (postOK('product_id') and postOK('order_id')) { $query = 'select products_options, products_options_values from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = ' . $_POST['order_id'] . ' and orders_products_id = ' . $_POST['product_id']; $db_query = tep_db_query($query); $xml = '<xml>'; while ($result = tep_db_fetch_array($db_query)) { $xml .= '<object>'; $xml .= '<category>' . $result['products_options'] . '/' . strtolower($result['products_options_values']) . '</category>'; $xml .= '</object>'; } $xml .= '</xml>'; } } tep_db_close(); header('Content-type: text/xml'); echo $xml; ?>