function create_update_list($post_update_list, $db_update_list)
{
$set_update = '';
foreach ($post_update_list as $key => $value) {
if (postOK($value)) {
if (empty($set_update)) {
$set_update .= $db_update_list[$key] . ' = "' . tep_db_prepare_input($_POST[$value]) . '"';
} else {
$set_update .= ',' . $db_update_list[$key] . ' = "' . tep_db_prepare_input($_POST[$value]) . '"';
}
}
}
return $set_update;
}
<?php
function postOK()
{
return isset($_POST["marka"]) && isset($_POST["model"]) && isset($_POST["cena"]) && isset($_POST["data"]);
}
function fileOK()
{
return $_FILES["snimka"]["error"] > 0 && ($_FILES["snimka"]["type"] == "image/gif" || $_FILES["snimka"]["type"] == "image/jpeg" || $_FILES["snimka"]["type"] == "image/jpg" || $_FILES["snimka"]["type"] == "image/pjpeg" || $_FILES["snimka"]["type"] == "image/x-png" || $_FILES["snimka"]["type"] == "image/png");
}
if (!(fileOK() && postOK())) {
$con = mysqli_connect("localhost", "root", "", "test");
if (mysqli_connect_errno($con)) {
echo "Failed to connect" . mysqli_connect_error();
}
$marka = mysqli_real_escape_string($con, $_POST["marka"]);
$model = mysqli_real_escape_string($con, $_POST["model"]);
$cena = mysqli_real_escape_string($con, $_POST["cena"]);
$date = mysqli_real_escape_string($con, $_POST["date"]);
$name = mysqli_real_escape_string($con, $_COOKIE["name"]);
$expire = time() + 2 * 24 * 60 * 60;
$expire = date("Y-m-d", $expire);
$snimka = $_FILES["snimka"]["name"];
$image = "Images/" . $_FILES["snimka"]["name"];
if (file_exists("Images/" . $_FILES["snimka"]["name"])) {
echo $_FILES["snimka"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["snimka"]["tmp_name"], "Images/" . $snimka["_FILES"]["name"]);
}
$msg = "INSERT INTO carsinfo (Car,DateofProduction,Model,BidPrice,image,sellerName,Expire)\r\n VALUES ('{$marka}','{$date}','{$model}','{$cena}','{$image}','{$name}','{$expire}')";
$mysqli_query($con, $msg);
/**
* Retrieves all the organisations
*/
include_once 'database.php';
include_once 'functions.php';
include_once '../includes/configure.php';
include_once '../includes/database_tables.php';
include_once '../includes/functions/database.php';
if (postOK('organisation_id') && !verifyExistence(TABLE_ADDRESS_BOOK, 'address_book_id', $_POST['organisation_id'])) {
header('Content-type: text/xml');
echo '<xml></xml>';
die;
}
$query = 'select ab.address_book_id as id, ab.entry_country_id as country_id, ab.entry_company as title, c.customers_email_address as email, c.customers_telephone as phone, c.customers_fax as fax, ctr.countries_name as country ' . 'from ' . TABLE_ADDRESS_BOOK . ' as ab, ' . TABLE_CUSTOMERS . ' as c, ' . TABLE_COUNTRIES . ' as ctr ' . 'where ab.customers_id = c.customers_id and ab.entry_company != "" and ctr.countries_id = ab.entry_country_id';
if (postOK('organisation_id')) {
$query .= ' and ab.address_book_id = ' . $_POST['organisation_id'];
}
include_once 'object_query.php';
$query = new Object_query($query);
if ($query->isRequestOk()) {
$xml = '<xml>';
$organisations = array();
foreach ($query->getCollection() as $organisation) {
if (!isKnownOrganisation($organisations, $organisation['title'])) {
$organisations[$organisation['title']] = array();
} else {
if (isKnownCountryForOrg($organisations, $organisation['title'], $organisation['country_id'])) {
continue;
}
}
<?php
/**
* Retrieves all the lines (products linked with an order) of an order
*/
include_once 'database.php';
include_once 'functions.php';
include_once '../includes/configure.php';
include_once '../includes/functions/database.php';
include_once '../includes/database_tables.php';
include_once '../includes/functions/general.php';
tep_db_connect() or die('Unable to connect to database');
if (!postOK('sale_order_id') or !verifyExistence(TABLE_ORDERS_PRODUCTS, 'orders_id', $_POST['sale_order_id'])) {
header('Content-type: text/xml');
echo '<xml></xml>';
die;
}
$query = 'select orders_products_id as id, products_name as title, concat_ws(" ", "", products_name) as reference, products_price as price, products_quantity as quantity, products_tax as vat from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = ' . $_POST['sale_order_id'];
header('Content-type: text/xml');
echo executeSQL($query);
tep_db_close();
<?php
include 'tiosafe_config.php';
if (postOK('sale_order_line_id') and postOK('sale_order_id')) {
$products_id = $_POST['sale_order_line_id'];
$orders_id = $_POST['sale_order_id'];
$query2 = 'SELECT orders_products_attributes_id AS id,
products_options,
products_options_values
FROM ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . '
WHERE orders_id = ' . $orders_id . '
AND orders_products_id = ' . $products_id;
$result2 = $db->Execute($query2);
$xml = '<xml>';
while (!$result2->EOF) {
$xml .= '<object>';
$xml .= '<id>' . $result2->fields['orders_products_attributes_id'] . '</id>';
$xml .= '<category>' . $result2->fields['products_options'] . '/' . $result2->fields['products_options_values'] . '</category>';
$xml .= '</object>';
$result2->MoveNext();
}
$xml .= '</xml>';
header('Content-type: text/xml');
echo $xml;
}
$db->close();
?>
if ( !(int) $_POST['person_id'] ) {
header('Content-type: text/xml');
echo '<xml></xml>';
die();
}
}
if ( postOK('person_id') && !verifyExistence(TABLE_CUSTOMERS, 'customers_id', $_POST['person_id'])) {
header('Content-type: text/xml');
echo '<xml></xml>';
die();
}
*/
tep_db_connect() or die('Unable to connect to database');
$query = 'select c.customers_id as id, c.customers_firstname as firstname, c.customers_lastname as lastname, c.customers_email_address as email, c.customers_dob as birthday, c.customers_telephone as telephone, c.customers_fax as fax, concat_ws(" ", "", ab.entry_company, ctr.countries_name) as relation ' . 'from ' . TABLE_CUSTOMERS . ' as c , ' . TABLE_ADDRESS_BOOK . ' as ab, ' . TABLE_COUNTRIES . ' as ctr ' . 'where c.customers_default_address_id = ab.address_book_id and ab.entry_country_id = ctr.countries_id';
if (postOK('person_id')) {
$query .= ' and c.customers_id = ' . $_POST['person_id'];
}
include_once 'object_query.php';
$query = new Object_query($query);
if ($query->isRequestOk()) {
$xml = '<xml>';
foreach ($query->getCollection() as $person) {
$xml .= '<object>';
foreach ($person as $key => $value) {
if ($key == 'relation') {
if ($value != '' and isValidRelation($person['id'])) {
$xml .= "<nb_rel>" . count(explode(" ", $value)) . "</nb_rel>";
$xml .= "<{$key}>{$value}</{$key}>";
}
continue;
<?php
/**
* Retrieves all the products of the products table
*/
include_once 'database.php';
include_once 'functions.php';
include_once '../includes/configure.php';
include_once '../includes/database_tables.php';
include_once '../includes/functions/database.php';
tep_db_connect() or die('Unable to connect to database');
if (postOK('products_id') && !verifyExistence(TABLE_PRODUCTS, 'products_id', $_POST['product_id'])) {
header('Content-type: text/xml');
echo '<xml></xml>';
die;
}
$language_id = getDefaultLanguageID();
$query = 'select p.products_id as id, p.products_id as reference, pd.products_name as title from ' . TABLE_PRODUCTS . ' as p, ' . TABLE_PRODUCTS_DESCRIPTION . ' as pd where p.products_id = pd.products_id and pd.language_id = ' . $language_id;
if (postOK('product_id')) {
$query .= ' and p.products_id = ' . $_POST['product_id'];
}
header('Content-type: text/xml');
echo executeSQL($query);
tep_db_close();
<?php
include_once 'functions.php';
include_once '../includes/configure.php';
include_once '../includes/database_tables.php';
include_once '../includes/functions/database.php';
if (!postNotEmpty('id')) {
die('Product Id not given');
}
$products_id = $_POST['id'];
if (postOK('category')) {
$category = explode('/', $_POST['category']);
$option = $category[0];
$value = $category[1];
$optionId = optionExists($option);
$valueId = valueExists($value);
if (!$optionId) {
$optionId = createOption($option);
}
if (!$valueId) {
$valueId = createValue($value);
}
if (!isOptionLinkedToValue($optionId, $valueId)) {
createLink($optionId, $valueId);
}
if (!isProductLinked($optionId, $valueId, $products_id)) {
createLinkToProduct($optionId, $valueId, $products_id);
}
die;
}
tep_db_connect() or die('Unable to connect to database');
<?php
/**
* Retrieves all the orders in the orders table
*/
include_once 'database.php';
include_once 'functions.php';
include_once '../includes/configure.php';
include_once '../includes/database_tables.php';
include_once '../includes/functions/database.php';
tep_db_connect() or die('Unable to connect to database');
if (postOK('sale_order_id') && !verifyExistence(TABLE_ORDERS, 'orders_id', $_POST['sale_order_id'])) {
header('Content-type: text/xml');
echo "<xml></xml>";
die;
}
$destination = 'concat(" ", concat_ws(" ", o.delivery_name, o.customers_email_address))';
$destination_ownership = 'concat(" ", concat_ws(" ", c.customers_firstname, c.customers_lastname, c.customers_email_address))';
$destination_administration = 'concat(" ", concat_ws(" ", o.billing_name, c.customers_email_address))';
$destination_decision = 'concat(" ", concat_ws(" ", o.customers_name, c.customers_email_address))';
// Getting only delivered orders ie orders_status=3
$query = 'select o.orders_id as id, o.orders_id as reference, o.currency as currency, ' . $destination . ' as destination, ' . $destination_administration . ' as destination_administration, ' . $destination_decision . ' as destination_decision, ' . $destination_ownership . ' as destination_ownership, o.payment_method as payment_mode ' . 'from ' . TABLE_ORDERS . ' as o, ' . TABLE_CUSTOMERS . ' as c where c.customers_id = o.customers_id and orders_status = 3';
if (postOK('sale_order_id')) {
$query .= ' and o.orders_id = ' . $_POST['sale_order_id'];
}
header('Content-type: text/xml');
echo executeSQL($query);
tep_db_close();
?>
die;
}
if (postOK('product_id') and !postOK('order_id')) {
$product_id = $_POST['product_id'];
$language_id = getDefaultLanguageID();
$query = 'select pa.products_attributes_id, po.products_options_name, pov.products_options_values_name from ' . TABLE_PRODUCTS_ATTRIBUTES . ' as pa, ' . TABLE_PRODUCTS_OPTIONS . ' as po, ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' as pov where pa.products_id = ' . $product_id . ' and pa.options_id = po.products_options_id and pa.options_values_id = pov.products_options_values_id and po.language_id = ' . $language_id . ' and pov.language_id = ' . $language_id;
$db_query = tep_db_query($query);
$xml = '<xml>';
while ($result = tep_db_fetch_array($db_query)) {
$xml .= '<object>';
$xml .= '<category>' . $result['products_options_name'] . '/' . strtolower($result['products_options_values_name']) . '</category>';
$xml .= '</object>';
}
$xml .= '</xml>';
} else {
if (postOK('product_id') and postOK('order_id')) {
$query = 'select products_options, products_options_values from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = ' . $_POST['order_id'] . ' and orders_products_id = ' . $_POST['product_id'];
$db_query = tep_db_query($query);
$xml = '<xml>';
while ($result = tep_db_fetch_array($db_query)) {
$xml .= '<object>';
$xml .= '<category>' . $result['products_options'] . '/' . strtolower($result['products_options_values']) . '</category>';
$xml .= '</object>';
}
$xml .= '</xml>';
}
}
tep_db_close();
header('Content-type: text/xml');
echo $xml;
?>
