$enc = iconv_array($sourceencoding, $targetencoding, $res); for ($i = 0; $i < count($enc); $i++) { $row = $enc[$i]; // check if encoding really changed if (join(array_values($row)) == join(array_values($res[$i]))) { continue; } $id = $row['id']; if (!$id) { die("No ID found"); } unset($row['id']); $SQL = ''; foreach ($row as $key => $val) { if ($SQL) { $SQL .= ', '; } $SQL .= $key . '=' . db_encode($val); } $SQL = "UPDATE {$table} SET " . $SQL . " WHERE id=" . $id; dump($SQL); if (!$simulate) { sql_native($SQL); } } } } ?> </body> </html>
if (!isset($_GET["key"])) { header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php")); exit; } // Connects to the database $db = db_connect(); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // Gets seller info if it exists in the database $result = db_query($db, "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . $_GET["key"] . "' LIMIT 1;"); if (!is_null($result) && db_num_rows($result) != 0) { $answer = db_fetch_assoc_array($result); } else { $answer = array(); $answer["sellerKey"] = db_encode($_GET["key"]); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <?php include "stylesheet.inc.php"; ?> <title> <?php echo $lang["Edit a seller"]; ?> - <?php echo $config["appname"];
break; case "sellerid": $sortstring .= "sellerKey"; break; default: $sortstring .= "bookID"; break; } // Get display criterion if specified if (isset($_GET["show"]) && $_GET["show"] == "instock") { $whereclause = "status = 'instock' "; } else { $whereclause = "TRUE "; } // Get all the books $result = db_query($db, "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE sellerKey = '" . db_encode($_GET["key"]) . "' AND " . $whereclause . $sortstring . ";"); if (!is_null($result)) { ?> <?php if (isset($_GET["show"]) && $_GET["show"] == "instock") { ?> <p><a href="<?php echo mergeGetUrlData($_GET, "seller-info.php?show="); ?> "><?php echo $lang["Show all books"]; ?> </a></p> <?php } else { ?>
// Checks if target seller ID exists in database $query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "' LIMIT 1;"; $result = db_query($db, $query_string); if (!is_null($result) && db_num_rows($result) > 0) { // If yes, warns and redirects to this seller info page header("Location: " . mergeGetUrlData($_GET, "error-duplicate-seller.php?key=" . $_POST["sellerid"])); exit; } // Otherwise, delete previous table entry $query_string = "DELETE FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper(db_encode($_POST["originalid"])) . "' LIMIT 1;"; $result = db_query($db, $query_string); if (is_null($result)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // And inserts new $query_string = "INSERT INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';"; $result = db_query($db, $query_string); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } } else { // Replaces seller into database $query_string = "REPLACE INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';"; $result = db_query($db, $query_string); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } } // Redirects to seller information page header("Location: " . mergeGetUrlData($_GET, "seller-info.php?key=" . strtoupper($_POST["sellerid"]))); exit;
} // Override default language settings by URL settings if ($_GET["lang"]) { include_once "lang/" . $_GET["lang"] . ".php"; } // Connects to the database $db = db_connect(); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // Checks for valid data if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") { header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php")); exit; } // Checks if seller already exists; if it does, shows info $query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . $_POST["sellerid"] . "' LIMIT 1;"; $result = db_query($db, $query_string); if (!is_null($result) && db_num_rows($result) > 0) { header("Location: " . mergeGetUrlData($_GET, "error-duplicate-seller.php?key=" . $_POST["sellerid"])); exit; } // Adds seller into database $query_string = "INSERT INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = UCASE('" . db_encode($_POST["sellerid"]) . "'), " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';"; $result = db_query($db, $query_string); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // Redirects to seller information page header("Location: " . mergeGetUrlData($_GET, "seller-info.php?key=" . strtoupper($_POST["sellerid"]))); exit;
MA 02110-1301, USA. ******************************************************************************/ // Inclusion of configuration files require_once "config.inc.php"; // Inclusion of libraries require_once "db-connection.lib.php"; require_once "encode-decode.lib.php"; require_once "merge-get.lib.php"; require_once "session.lib.php"; // Override default language settings by session settings if ($_SESSION["lang"]) { include_once "lang/" . $_SESSION["lang"] . ".php"; } // Override default language settings by URL settings if ($_GET["lang"]) { include_once "lang/" . $_GET["lang"] . ".php"; } // Connects to the database $db = db_connect(); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // Marks all the books as sold for ($i = 1; $i <= 10; $i++) { if ($_POST["bookid-" . $i] != "") { $result = db_query($db, "UPDATE " . $config["ddDBPrefix"] . "books SET status = 'sold', lastUpdate = '" . date("Y-m-d H:i:s", time()) . "' WHERE bookID = " . db_encode($_POST["bookid-" . $i]) . " LIMIT 1;"); } } // Redirects to success page header("Location: " . mergeGetUrlData($_GET, "book-sell-success.php")); exit;
$db = db_connect(); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // Checks for valid data if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") { header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php")); exit; } // Checks if seller exists in database (it must) $query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper($_POST["sellerid"]) . "' LIMIT 1;"; $result = db_query($db, $query_string); if (is_null($result) || db_num_rows($result) < 1) { header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php")); exit; } // Adds book into database $timestamp = time(); $query_string = "INSERT INTO " . $config["ddDBPrefix"] . "books SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "title = '" . db_encode($_POST["title"]) . "', " . "author = '" . db_encode($_POST["author"]) . "', " . "bookYear = " . ($_POST["year"] == "" ? "NULL" : db_encode($_POST["year"])) . ", " . "price = " . db_encode(format_number($_POST["price"])) . ", " . "status = '" . db_encode($_POST["status"]) . "', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "';"; $result = db_query($db, $query_string); // Gets book ID $query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "' AND " . "title = '" . db_encode($_POST["title"]) . "' AND " . "author = '" . db_encode($_POST["author"]) . "' AND " . "bookYear " . ($_POST["year"] == "" ? " IS NULL" : " = " . db_encode($_POST["year"])) . " AND " . "ABS(price - " . db_encode(format_number($_POST["price"])) . ") < 0.01 AND " . "status = '" . db_encode($_POST["status"]) . "' AND " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' LIMIT 1;"; $result = db_query($db, $query_string); //echo $query_string; $answer = db_fetch_assoc_array($result); $bookid = $answer["bookID"]; // Sleeps for 1/2 second so that MySQL can add the record usleep(500000); // Redirects to book information page header("Location: " . mergeGetUrlData($_GET, "book-info.php?bookid=" . db_decode($answer["bookID"]))); exit;
<input type="hidden" name="bookid-<?php echo $i; ?> " value="<?php echo $_POST["bookid-" . $i]; ?> "/> <?php } ?> <table id="book-checklist"> <?php $total_price = 0; for ($i = 1; $i <= 10; $i++) { if ($_POST["bookid-" . $i] != "") { $result = db_query($db, "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE bookID = " . db_encode($_POST["bookid-" . $i]) . " LIMIT 1;"); $answer = db_fetch_assoc_array($result); $total_price += $answer["price"]; ?> <tr> <td> <span class="bookid"><?php echo db_decode($answer["bookID"]); ?> </span> </td> <td> <?php switch ($answer["status"]) { case "instock": echo "<span class=\"instock\">" . $lang["In stock"] . "</span>\n";
if ($_SESSION["lang"]) { include_once "lang/" . $_SESSION["lang"] . ".php"; } // Override default language settings by URL settings if ($_GET["lang"]) { include_once "lang/" . $_GET["lang"] . ".php"; } // Connects to the database $db = db_connect(); if (is_null($db)) { die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db)); } // Checks for valid data if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") { header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php")); exit; } // Checks if seller exists in database (it must) $query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . $_POST["sellerid"] . "' LIMIT 1;"; $result = db_query($db, $query_string); if (is_null($result) || db_num_rows($result) < 1) { header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php")); exit; } // Adds book into database $timestamp = time(); $query_string = "UPDATE " . $config["ddDBPrefix"] . "books SET " . "sellerKey = '" . db_encode($_POST["sellerid"]) . "', " . "title = '" . db_encode($_POST["title"]) . "', " . "author = '" . db_encode($_POST["author"]) . "', " . "bookYear = " . db_encode($_POST["year"]) . ", " . "price = " . db_encode(format_number($_POST["price"])) . ", " . "status = '" . db_encode($_POST["status"]) . "', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' " . "WHERE bookID = " . $_POST["bookid"] . " LIMIT 1;"; $result = db_query($db, $query_string); // Redirects to book information page header("Location: " . mergeGetUrlData($_GET, "book-info.php?bookid=" . $_POST["bookid"])); exit;