$enc = iconv_array($sourceencoding, $targetencoding, $res);
for ($i = 0; $i < count($enc); $i++) {
$row = $enc[$i];
// check if encoding really changed
if (join(array_values($row)) == join(array_values($res[$i]))) {
continue;
}
$id = $row['id'];
if (!$id) {
die("No ID found");
}
unset($row['id']);
$SQL = '';
foreach ($row as $key => $val) {
if ($SQL) {
$SQL .= ', ';
}
$SQL .= $key . '=' . db_encode($val);
}
$SQL = "UPDATE {$table} SET " . $SQL . " WHERE id=" . $id;
dump($SQL);
if (!$simulate) {
sql_native($SQL);
}
}
}
}
?>
</body>
</html>
if (!isset($_GET["key"])) {
header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php"));
exit;
}
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Gets seller info if it exists in the database
$result = db_query($db, "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . $_GET["key"] . "' LIMIT 1;");
if (!is_null($result) && db_num_rows($result) != 0) {
$answer = db_fetch_assoc_array($result);
} else {
$answer = array();
$answer["sellerKey"] = db_encode($_GET["key"]);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
include "stylesheet.inc.php";
?>
<title>
<?php
echo $lang["Edit a seller"];
?>
- <?php
echo $config["appname"];
break;
case "sellerid":
$sortstring .= "sellerKey";
break;
default:
$sortstring .= "bookID";
break;
}
// Get display criterion if specified
if (isset($_GET["show"]) && $_GET["show"] == "instock") {
$whereclause = "status = 'instock' ";
} else {
$whereclause = "TRUE ";
}
// Get all the books
$result = db_query($db, "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE sellerKey = '" . db_encode($_GET["key"]) . "' AND " . $whereclause . $sortstring . ";");
if (!is_null($result)) {
?>
<?php
if (isset($_GET["show"]) && $_GET["show"] == "instock") {
?>
<p><a href="<?php
echo mergeGetUrlData($_GET, "seller-info.php?show=");
?>
"><?php
echo $lang["Show all books"];
?>
</a></p>
<?php
} else {
?>
// Checks if target seller ID exists in database
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (!is_null($result) && db_num_rows($result) > 0) {
// If yes, warns and redirects to this seller info page
header("Location: " . mergeGetUrlData($_GET, "error-duplicate-seller.php?key=" . $_POST["sellerid"]));
exit;
}
// Otherwise, delete previous table entry
$query_string = "DELETE FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper(db_encode($_POST["originalid"])) . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (is_null($result)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// And inserts new
$query_string = "INSERT INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';";
$result = db_query($db, $query_string);
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
} else {
// Replaces seller into database
$query_string = "REPLACE INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';";
$result = db_query($db, $query_string);
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
}
// Redirects to seller information page
header("Location: " . mergeGetUrlData($_GET, "seller-info.php?key=" . strtoupper($_POST["sellerid"])));
exit;
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Checks for valid data
if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") {
header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php"));
exit;
}
// Checks if seller already exists; if it does, shows info
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . $_POST["sellerid"] . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (!is_null($result) && db_num_rows($result) > 0) {
header("Location: " . mergeGetUrlData($_GET, "error-duplicate-seller.php?key=" . $_POST["sellerid"]));
exit;
}
// Adds seller into database
$query_string = "INSERT INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = UCASE('" . db_encode($_POST["sellerid"]) . "'), " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';";
$result = db_query($db, $query_string);
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Redirects to seller information page
header("Location: " . mergeGetUrlData($_GET, "seller-info.php?key=" . strtoupper($_POST["sellerid"])));
exit;
MA 02110-1301, USA.
******************************************************************************/
// Inclusion of configuration files
require_once "config.inc.php";
// Inclusion of libraries
require_once "db-connection.lib.php";
require_once "encode-decode.lib.php";
require_once "merge-get.lib.php";
require_once "session.lib.php";
// Override default language settings by session settings
if ($_SESSION["lang"]) {
include_once "lang/" . $_SESSION["lang"] . ".php";
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Marks all the books as sold
for ($i = 1; $i <= 10; $i++) {
if ($_POST["bookid-" . $i] != "") {
$result = db_query($db, "UPDATE " . $config["ddDBPrefix"] . "books SET status = 'sold', lastUpdate = '" . date("Y-m-d H:i:s", time()) . "' WHERE bookID = " . db_encode($_POST["bookid-" . $i]) . " LIMIT 1;");
}
}
// Redirects to success page
header("Location: " . mergeGetUrlData($_GET, "book-sell-success.php"));
exit;
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Checks for valid data
if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") {
header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php"));
exit;
}
// Checks if seller exists in database (it must)
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper($_POST["sellerid"]) . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (is_null($result) || db_num_rows($result) < 1) {
header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php"));
exit;
}
// Adds book into database
$timestamp = time();
$query_string = "INSERT INTO " . $config["ddDBPrefix"] . "books SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "title = '" . db_encode($_POST["title"]) . "', " . "author = '" . db_encode($_POST["author"]) . "', " . "bookYear = " . ($_POST["year"] == "" ? "NULL" : db_encode($_POST["year"])) . ", " . "price = " . db_encode(format_number($_POST["price"])) . ", " . "status = '" . db_encode($_POST["status"]) . "', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "';";
$result = db_query($db, $query_string);
// Gets book ID
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "' AND " . "title = '" . db_encode($_POST["title"]) . "' AND " . "author = '" . db_encode($_POST["author"]) . "' AND " . "bookYear " . ($_POST["year"] == "" ? " IS NULL" : " = " . db_encode($_POST["year"])) . " AND " . "ABS(price - " . db_encode(format_number($_POST["price"])) . ") < 0.01 AND " . "status = '" . db_encode($_POST["status"]) . "' AND " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' LIMIT 1;";
$result = db_query($db, $query_string);
//echo $query_string;
$answer = db_fetch_assoc_array($result);
$bookid = $answer["bookID"];
// Sleeps for 1/2 second so that MySQL can add the record
usleep(500000);
// Redirects to book information page
header("Location: " . mergeGetUrlData($_GET, "book-info.php?bookid=" . db_decode($answer["bookID"])));
exit;
<input type="hidden" name="bookid-<?php
echo $i;
?>
" value="<?php
echo $_POST["bookid-" . $i];
?>
"/>
<?php
}
?>
<table id="book-checklist">
<?php
$total_price = 0;
for ($i = 1; $i <= 10; $i++) {
if ($_POST["bookid-" . $i] != "") {
$result = db_query($db, "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE bookID = " . db_encode($_POST["bookid-" . $i]) . " LIMIT 1;");
$answer = db_fetch_assoc_array($result);
$total_price += $answer["price"];
?>
<tr>
<td>
<span class="bookid"><?php
echo db_decode($answer["bookID"]);
?>
</span>
</td>
<td>
<?php
switch ($answer["status"]) {
case "instock":
echo "<span class=\"instock\">" . $lang["In stock"] . "</span>\n";
if ($_SESSION["lang"]) {
include_once "lang/" . $_SESSION["lang"] . ".php";
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Checks for valid data
if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") {
header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php"));
exit;
}
// Checks if seller exists in database (it must)
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . $_POST["sellerid"] . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (is_null($result) || db_num_rows($result) < 1) {
header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php"));
exit;
}
// Adds book into database
$timestamp = time();
$query_string = "UPDATE " . $config["ddDBPrefix"] . "books SET " . "sellerKey = '" . db_encode($_POST["sellerid"]) . "', " . "title = '" . db_encode($_POST["title"]) . "', " . "author = '" . db_encode($_POST["author"]) . "', " . "bookYear = " . db_encode($_POST["year"]) . ", " . "price = " . db_encode(format_number($_POST["price"])) . ", " . "status = '" . db_encode($_POST["status"]) . "', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' " . "WHERE bookID = " . $_POST["bookid"] . " LIMIT 1;";
$result = db_query($db, $query_string);
// Redirects to book information page
header("Location: " . mergeGetUrlData($_GET, "book-info.php?bookid=" . $_POST["bookid"]));
exit;
