<?php
//$_GET vars setting:
//category:
if (isset($_GET["category"]) and !empty($_GET["category"])) {
if (!lib_letter_validate($_GET["category"])) {
die("<h2>ERROR ON PAGE</h2>");
}
//security checking.
$category = $_GET["category"];
} else {
$category = "all";
}
//page:
if (isset($_GET["page"]) and !empty($_GET["page"])) {
if (!lib_number_validate($_GET["page"])) {
die("<h2>ERROR ON PAGE</h2>");
}
//security checking.
$page = $_GET["page"];
} else {
$page = 1;
}
?>
<div class="left_content">
<div class="crumb_nav">
<a href="index.php">home</a> >> <?php
echo $category;
?>
</div>
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) {
setAlertMsg("You must log in in order to add any items to shopping cart!");
header("Location:../login.php");
exit;
}
if (isset($_GET["pid"]) and !empty($_GET["pid"]) and isset($_SESSION["id"])) {
if (lib_number_validate($_GET["pid"])) {
$pid = $_GET["pid"];
} else {
die("<h2>ERROR ON PAGE</h2>");
}
$query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'";
$result1 = mysql_query($query1);
if (mysql_num_rows($result1) == 0) {
$query2 = "INSERT INTO `carts` ( `cid` , `id` , `pid` , `quantity` )\n\t\t\t\t\tVALUES (NULL ,'{$_SESSION['id']}','{$pid}','1')";
mysql_query($query2);
} else {
if (mysql_num_rows($result1) == 1) {
$query2 = "UPDATE `carts`\n\t\t\t\t\tSET quantity=quantity+1 \n\t\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'";
mysql_query($query2);
}
}
} else {
die("<h2>ERROR ON PAGE</h2>");
}
setAlertMsg("Item has been added to shopping cart!");
header("Location:../detail.php?pid={$pid}");
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) {
echo "請登入";
exit;
}
if (isset($_POST["pid"]) and !empty($_POST["pid"]) and isset($_SESSION["id"]) and isset($_POST["quantity"]) and !empty($_POST["quantity"])) {
if (lib_number_validate($_POST["quantity"])) {
$QTY = $_POST["quantity"];
} else {
die("不能打数字以外的字符!");
}
if (lib_psw_filter($_POST["pid"])) {
$pid = $_POST["pid"];
} else {
die("不正確的字符!");
}
$query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'";
$result1 = mysql_query($query1);
if (mysql_num_rows($result1) == 0) {
$QTY = checkQTY($pid, $QTY);
if ($QTY == 0) {
echo "對不起本書暫時缺貨,如要预订,请联系我们!";
} else {
if ($_POST["quantity"] != $QTY) {
echo "抱歉, 庫存量限制我們給了最大數量, 如要预订,请联系我们!";
} else {
echo "成功添加到購物車";
}
die("ERROR");
}
///
$name = trim($_POST["pass"]);
if (cn_name_input_validate($name) and strlen($name) >= 4) {
$query = "\n\t\t\tUPDATE membership_ipn\n\t\t\tSET real_name = '{$name}'\n\t\t\tWHERE user_id = {$id}\n\t\t";
$result = mysql_query($query);
}
///
} else {
if ($action == "editPhone") {
if (!isset($_POST["pass"])) {
die("ERROR");
}
$phone = trim($_POST["pass"]);
if (lib_number_validate($phone) and strlen($phone) >= 9 and strlen($phone) <= 11) {
$query = "\n\t\t\tUPDATE membership_ipn\n\t\t\tSET phone = '{$phone}'\n\t\t\tWHERE user_id = {$id}\n\t\t";
$result = mysql_query($query);
}
///
}
}
//end else
$query = "\n\tSELECT * \n\tFROM membership_ipn\n\tWHERE user_id = {$id}\n\t";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
if ($action == "editName") {
echo $row["real_name"];
} else {
if ($action == "editPhone") {
echo $row["phone"];
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"]) or !isset($_GET["cid"]) or !lib_number_validate($_GET["cid"])) {
die("ERROR ON PAGE");
}
$id = $_SESSION["id"];
$cid = $_GET["cid"];
//secret code: cid=0 means delete the whole cart:
if ($cid == 0) {
$query = "DELETE FROM carts WHERE id = {$id}";
$result = mysql_query($query);
setAlertMsg("購物車已清空!");
} else {
$query = "DELETE FROM carts WHERE id = {$id} AND cid = {$cid}";
$result = mysql_query($query);
setAlertMsg("項目已被刪除!");
}
header("Location:../cart.php");
exit;
