function mergeCart($usr)
{
require "mysql.php";
require "../../library/connect.php";
$conn = server_connect();
//if there are items in the cart add them to the data base
if (isset($_SESSION['cart'])) {
$cart = $_SESSION['cart'];
foreach ($cart as $item_id => $quantity) {
$query = "INSERT INTO cart (user_id, item_id, quantity) VALUES ({$usr}, {$item_id}, {$quantity}) ON DUPLICATE KEY UPDATE quantity = {$quantity} ";
dbUpdate($query);
}
}
$cart = array();
$query = "SELECT item_id, quantity FROM cart WHERE user_id = {$usr}";
$result = mysqli_query($conn, $query);
if ($result) {
while ($row = mysqli_fetch_assoc($result)) {
$cart[$row["item_id"]] = $row["quantity"];
}
$_SESSION['cart'] = $cart;
} else {
$_SESSION['log'] .= mysqli_error($conn);
}
}
function dbUpdate($query)
{
require "../../library/connect.php";
$conn = server_connect();
if ($conn->query($query) === TRUE) {
//echo "Record updated successfully";
} else {
//echo "Error updating record: " . $conn->error;
}
$conn->close();
}
function cookie_check()
{
$expire = time() - 3600;
$loc = "/";
if (!empty($_COOKIE["user"])) {
require "connect.php";
$conn = server_connect();
$array = explode("-", $_COOKIE["user"]);
$uid = $array[0];
$session = $array[1];
$key = $array[2];
$query = "\tselect *\n\t\t\t\t\tfrom sessions\n\t\t\t\t\twhere user_id = '" . $uid . "'\n\t\t\t\t\tand session_id = '" . $session . "'\n\t\t\t\t\tand key_id = '" . $key . "'";
$result = mysqli_query($conn, $query);
if ($result) {
$rows = mysqli_num_rows($result);
if ($rows > 0) {
$today = getdate();
$date = $today['year'] . "-" . $today['mon'] . "-" . $today['mday'];
//--------------
$query = "\tupdate users\n\t\t\t\t\t\t\tset date_last = '" . $date . "'\n\t\t\t\t\t\t\twhere user_id = '" . $uid . "'";
$result = mysqli_query($conn, $query);
} else {
//kill cookies
setcookie("uname", "null", $expire, $loc);
setcookie("user", "null", $expire, $loc);
}
} else {
//kill cookies
setcookie("uname", "null", $expire, $loc);
setcookie("user", "null", $expire, $loc);
}
} else {
//kill cookies
setcookie("uname", "null", $expire, $loc);
setcookie("user", "null", $expire, $loc);
}
}
<?php
//dont update this. no value added as josh's is more up to date
require "../library/connect.php";
$conn = server_connect();
//-----------------------------------------------------------------
//TEST QUERY
$query = $_GET['query'];
print $query;
//if results returned true
if (empty($query)) {
echo "No Query";
} else {
//array of unwelcome input
$takeMe = array("/\\;/", "/drop/", "/delete/", "/insert/");
//takes unwelcome items out of input
foreach ($takeMe as $takeThis) {
$query = preg_replace($takeThis, "", strtolower($query), -1, $result);
}
$result = mysqli_query($conn, $query);
//if not empty
if ($result) {
$rows = mysqli_num_rows($result);
$fields = mysqli_num_fields($result);
print_r($result);
print_r($rows);
print_r($fields);
echo "<h1>Tables</h1>";
echo "<table border>";
echo "<tr>";
for ($i = 0; $i < $fields; $i++) {
function header_print()
{
echo '<script>
$(function() {
var availableTags = [';
require "connect.php";
$conn = server_connect();
$query = "select name from location_continent";
$result = mysqli_query($conn, $query);
if ($result) {
$rows = mysqli_num_rows($result);
$fields = mysqli_num_fields($result);
while ($row = mysqli_fetch_row($result)) {
echo '"' . $row[0] . '",';
}
}
$query = "select name from location_country";
$result = mysqli_query($conn, $query);
if ($result) {
$rows = mysqli_num_rows($result);
$fields = mysqli_num_fields($result);
while ($row = mysqli_fetch_row($result)) {
echo '"' . $row[0] . '",';
}
}
$query = "select name from location_city";
$result = mysqli_query($conn, $query);
if ($result) {
$rows = mysqli_num_rows($result);
$fields = mysqli_num_fields($result);
while ($row = mysqli_fetch_row($result)) {
echo '"' . $row[0] . '",';
}
}
echo ' ];
$( "#s" ).autocomplete({
source: availableTags
});
});
</script>';
if (isset($_GET['s'])) {
$search = $_GET['s'];
} else {
$search = "";
}
$count = 0;
if (isset($_SESSION['cart'])) {
foreach ($_SESSION['cart'] as $k => $x) {
$count += $x;
}
}
/*$errorLog = "";
if (isset($_SESSION['log'])) {
$errorLog = $_SESSION['log'];
}*/
echo ' <header>';
echo ' <div id="reg">';
if (!isset($_COOKIE['uname']) or !$_COOKIE['uname']) {
echo ' <a href="login"><i class="fa fa-sign-in"></i> Login/Register</a>';
} else {
$name = $_COOKIE['uname'];
echo ' <a href="user"><i class="fa fa-user"></i> Welcome Back ' . ucwords($name) . '</a>';
print "\t\t\t<br />";
echo ' <a href="php/logout"><i class="fa fa-sign-out"></i> Logout </a>';
}
echo ' </div>';
echo ' <div id="mini">';
echo ' <h1><a href="http://deepblue.cs.camosun.bc.ca/~comp19900/">Anywhere Air</a></h1>';
echo ' <a id="top"></a>';
echo ' <p>From Anywhere To Anywhere</p>';
echo ' </div>';
echo ' <div id="nav">';
echo ' <div class="input">';
echo ' <form action="search" id="sgo" method="get">';
echo ' <input type="text" id="s" name="s" placeholder="Search" value="' . $search . '">';
echo ' <button type="submit">Go <i class="fa fa-search"></i></input>';
echo ' </form>';
echo ' </div>';
echo ' <ul>';
echo ' <li><a href="search"><i class="fa fa-navicon"></i> All Products</a></li>';
echo ' <li><a href="search?new=true"><i class="fa fa-plus"></i> New Products</a></li>';
echo ' <li><a href="locations"><i class="fa fa-flag"></i> Locations</a></li>';
echo ' <li><a href="search?promo=true"><i class="fa fa-usd"></i> Sale Items</a></li>';
if (!empty($_COOKIE['user'])) {
print ' <li><a href="wish"><i class="fa fa-list"></i> Wish List</a></li>';
echo "<style>#nav li {width:" . 100 / 6 . "%;}</style>";
} else {
echo "<style>#nav li {width:20%;}</style>";
}
echo ' <li><a href="cart"><i class="fa fa-shopping-cart"></i> Cart (<span id="cart_count">' . $count . '</span>)</a></li>';
echo ' </ul>';
echo ' </div>';
echo ' </header>';
}
/** TAKEN FROM utils_db.php
* insert or update record for given table
*
* returns record ID in case success or error message
*
* @param mixed $mysqli
* @param mixed $table_name
* @param mixed $table_prefix
* @param mixed $record - array(fieldname=>value) - all values considered as String except when field ended with ID
* fields that don't have specified prefix are ignored
*/
function mysql__insertupdate($database, $table_name, $table_prefix, $record)
{
$mysqli = server_connect();
mysql__usedatabase($mysqli, $database);
$ret = null;
if (substr($table_prefix, -1) !== '_') {
$table_prefix = $table_prefix . '_';
}
$rec_ID = intval(@$record[$table_prefix . 'ID']);
$isinsert = $rec_ID < 1;
if ($isinsert) {
$query = "INSERT into {$table_name} (";
$query2 = ') VALUES (';
} else {
$query = "UPDATE {$table_name} set ";
}
$params = array();
$params[0] = '';
foreach ($record as $fieldname => $value) {
if (strpos($fieldname, $table_prefix) !== 0) {
//ignore fields without prefix
//$fieldname = $table_prefix.$fieldname;
continue;
}
if ($isinsert) {
$query = $query . $fieldname . ', ';
$query2 = $query2 . '?, ';
} else {
if ($fieldname == $table_prefix . "ID") {
continue;
}
$query = $query . $fieldname . '=?, ';
}
$dtype = substr($fieldname, -2) === 'ID' || substr($fieldname, -2) === 'Id' ? 'i' : 's';
$params[0] = $params[0] . $dtype;
if ($dtype == 'i' && $value == '') {
$value = null;
}
array_push($params, $value);
}
$query = substr($query, 0, strlen($query) - 2);
if ($isinsert) {
$query2 = substr($query2, 0, strlen($query2) - 2) . ")";
$query = $query . $query2;
} else {
$query = $query . " where " . $table_prefix . "ID=" . $rec_ID;
}
//error_log($query);
//error_log(print_r($params, true));
$stmt = $mysqli->prepare($query);
if ($stmt) {
call_user_func_array(array($stmt, 'bind_param'), refValues($params));
if (!$stmt->execute()) {
$ret = $mysqli->error;
} else {
$ret = $isinsert ? $stmt->insert_id : $rec_ID;
}
$stmt->close();
} else {
$ret = $mysqli->error;
}
return $ret;
}