function simpleInsert($insertData, $tableName, $cols, $conn) { $sqlQuery = "INSERT INTO " . $tableName . " (" . arrToQueryString($cols, false) . ") VALUES (" . arrToQueryString($insertData, true) . ")"; $conn->real_escape_string($sqlQuery); debugMessages($sqlQuery, "debugSQL"); $res = $conn->query($sqlQuery); if (!empty(mysqli_error($conn))) { debugMessages(mysqli_error($conn), "debugSQL"); } return $res; }
$prodQuantity = array(); foreach ($_POST['products'] as $pid => $q) { $pid = $conn->real_escape_string($pid); $prodids[] = $pid; if (!is_int($q) || $q < 1) { $q = 1; } $prodQuantity[$pid] = $q; } $selQ = new selectSQL($conn); $selQ->distinct = true; $selQ->select = array("p.id as prodid", "names" . $language . " as name", "IF(dp.flat, dp.flat, dc.flat) as flat", "IF(dp.percent, dp.percent, dc.percent) as percent", "IF(dp.minprice, dp.minprice, dc.minprice) as minprice", "p.price as price"); $selQ->tableNames = array("products as p", "discounts as dp", "discounts as dc"); $selQ->joinTypes = array("LEFT JOIN", "LEFT JOIN"); $selQ->joins = array("p.id = dp.productid", "p.catid = dc.categoryid"); $selQ->where = "p.id IN (" . arrToQueryString($prodids, true) . ")"; if (!$selQ->executeQuery()) { $statusMessage = $selQ->status; mysqli_close($conn); return; } if ($selQ->getNumberOfResults() < 1) { $statusMessage = makeStatusMessage(52, "error"); mysqli_close($conn); return; } $productInfo = array(); while ($r = $selQ->result->fetch_assoc()) { $r['price'] *= $prodQuantity[$r['prodid']]; if (!empty($r['percent'])) { $r['price'] *= $r['percent'] / 100;
function insCat($conn) { require_once 'languageConfig.php'; $insQ = new insertSQL($conn); $insQ->insertData = array(); $insQ->cols = array(); foreach ($langArr as $l) { if (isset($_POST['names'][$l])) { $insQ->insertData[] = $conn->real_escape_string($_POST['names'][$l]); $insQ->cols[] = "name" . $l; } if (isset($_POST['desc'][$l])) { $insQ->insertData[] = $conn->real_escape_string($_POST['desc'][$l]); $insQ->cols[] = "desc" . $l; } } if (isset($_POST['imgUrl'])) { $insQ->insertData[] = $conn->real_escape_string($_POST['imgUrl']); $insQ->cols[] = "imgurl"; } if (isset($_POST['parentid'])) { $insQ->insertData[] = $conn->real_escape_string($_POST['parentid']); $insQ->cols[] = "parentid"; } $insQ->tableName = "categories"; if (!$insQ->executeQuery()) { $statusMessage = $insQ->status; } else { $selQid = new selectSQL($conn); $selQid->where = ""; foreach ($langArr as $l) { if (isset($_POST['names'][$l])) { $selQid->where = "name" . $l . " = '" . $conn->real_escape_string($_POST['names'][$l]) . "' OR "; } } $selQid->where = substr($selQid->where, 0, -4); $selQid->order = "id DESC"; $selQid->tableNames = array("categories"); $selQid->select = array("id"); if (!$selQid->executeQuery()) { $statusMessage = $selQid->status; } else { $row = $selQid->result->fetch_assoc(); $catid = $row['id']; $selQ = new selectSQL($conn); $selQ->select = array("name", "langDependant"); $selQ->tableNames = array("properties"); $tmp = array(); foreach ($_POST['fid'] as $f) { $tmp[] = $conn->real_escape_string($f); } $selQ->where = "id IN (" . arrToQueryString($tmp, null) . ")"; if (!$selQ->executeQuery() or $selQ->getNumberOfResults() == 0) { $statusMessage = makeStatusMessage(53, "error"); } else { $propsDef = array(); $propsLang = array(); while ($row = $selQ->result->fetch_assoc()) { if ($row['langDependant']) { $propsLang[] = $row['name']; } else { $propsDef[] = $row['name']; } } $ctQ = new createTableSQL($conn); $ctQ->cols = array(); $ctQ->cols[] = "infoid"; $ctQ->colTypes = array(); $ctQ->colTypes[] = "int(11) NOT NULL"; $ctQ->name = "products_" . $catid; if (count($propsDef)) { foreach ($propsDef as $pr) { $ctQ->cols[] = $pr; $ctQ->colTypes[] = "varchar(40) COLLATE utf8_unicode_ci DEFAULT NULL"; } if (!$ctQ->executeQuery()) { $statusMessage = $ctQ->status; mysqli_close($conn); return; } } if (count($propsLang)) { foreach ($langArr as $l) { unset($ctQ->cols); $ctQ->cols[] = "infoid"; unset($ctQ->colTypes); $ctQ->colTypes[] = "int(11) NOT NULL"; $ctQ->name = "products_" . $catid . "_" . $l; foreach ($propsLang as $pr) { $ctQ->cols[] = $pr . $l; $ctQ->colTypes[] = "varchar(40) COLLATE utf8_unicode_ci DEFAULT NULL"; } if (!$ctQ->executeQuery()) { $GLOBALS['statusMessage'] = $ctQ->status; mysqli_close($conn); return; } } } $insQ = new insertSQL($conn); $insQ->cols = array("catid", "propid"); $insQ->tableName = "props_to_prods"; foreach ($_POST['fid'] as $f) { $insQ->insertData = array($catid, $conn->real_escape_string($f)); if (!$insQ->executeQuery()) { $resultAddProps = true; } } if (isset($resultAddProps)) { $statusMessage = makeStatusMessage(103, "error"); } else { $statusMessage = makeStatusMessage(11, "success"); } } } } $GLOBALS['statusMessage'] = $statusMessage; }