<?php
session_start();
include_once 'connect.php';
include_once 'common.php';
if ($_POST) {
$pubtime = time();
$shipment = antisqlin($_POST['shipment']);
$address = array();
foreach ($_POST['ship'] as $k => $v) {
$val = antisqlin($v);
$address[] = $k . ': ' . $val;
}
$products = $_POST['products'];
$nums = $_POST['nums'];
$price = $_POST['price'];
$address = implode("\n", $address);
$_SESSION['produ'] = $_POST['products'];
$_SESSION['nums'] = $_POST['nums'];
$sql = "\n\t\t\tINSERT INTO orders \n\t\t\tSET\n\t\t\tproducts = '{$products}',\n\t\t\tprodnum = '{$nums}',\n\t\t\tprice = '{$price}',\n\t\t\taddress = '{$address}',\n\t\t\tshipment = '{$shipment}',\n\t\t\tpubtime = '{$pubtime}',\n\t\t\tmember_id = '{$_SESSION['member']['id']}'\n\t\t\t";
$a = mysql_query($sql);
$oid = mysql_insert_id();
$productid = explode(",", $products);
$productqty = explode(",", $nums);
for ($i = 0; $i < count($productid); $i++) {
$productsid = $productid[$i];
$productquanty = $productqty[$i];
$sql1 = "\n\t\tSELECT * \n\t\tFROM products\n\t\tWHERE id ='{$productsid}'\n\t\t";
$res1 = mysql_query($sql1);
$row1 = mysql_fetch_array($res1);
$productprice = $row1['price'];
<ul>
<?php
$perNum = 18;
if (empty($_GET['page'])) {
$page = 1;
} elseif (preg_match('/\\d+/', $_GET['page'], $matches)) {
$page = $matches[0];
} else {
$page = 1;
}
//echo $_GET['page'];
//echo "<br>";
//echo $page;
if (isset($_GET['key'])) {
if (preg_match('/^[a-zA-Z0-9_\\s]+$/', $_GET['key'])) {
$key = antisqlin($_GET['key']);
$search = ' WHERE title LIKE "%' . $key . '%" ';
} else {
echo "<script language=\"javascript\">";
echo "alert(\"Keywords are not correct\");";
echo "location.href=\"products.php\"";
echo "</script>";
}
} else {
$search = '';
}
$offset = ($page - 1) * $perNum;
$sql = "\n\t\t\tSELECT * \n\t\t\tFROM products\n\t\t\t{$search}\n\t\t\tLIMIT {$offset}, {$perNum}\n\t\t\t";
$query = mysql_query($sql);
while ($row = mysql_fetch_array($query)) {
if ($row['is_spsale'] == 1 && (strtotime($row['enddate']) <= time() || time() <= strtotime($row['startdate']))) {