function change_order_data()
{
$result = array();
global $auth;
$order_id = intval($_REQUEST['order_id']);
if (!$order_id) {
return array('mess' => 'no order id', 'result' => false);
}
require_once CLASSPATH . 'ps_country.php';
$db = new ps_DB();
$db->query('SELECT COUNT(*) AS cnt FROM address_log WHERE order_id = "' . $order_id . '"');
$db->next_record();
if (!$db->f('cnt')) {
// записали авторские данные
$sql = 'SELECT first_name, phone_1, address_1, country, state, zip, user_email FROM jos_vm_order_user_info
WHERE order_id = "' . $order_id . '"';
$db->query($sql);
$db->next_record();
$country = new ps_country();
$dbc = $country->get_country_by_code($db->f('country'));
$country_name = $dbc->f('country_name');
$dbc = $country->get_state_by_code($db->f('state'), $db->f('country'));
$state_name = $dbc->f('state_name');
$sql = 'INSERT INTO address_log (order_id, first_name, phone_1, address_1, country, state, zip, user_email, user_id, date)
VALUES (
"' . $order_id . '",
"' . mysql_escape_string($db->f('first_name')) . '",
"' . mysql_escape_string($db->f('phone_1')) . '",
"' . mysql_escape_string($db->f('address_1')) . '",
"' . mysql_escape_string($country_name) . '",
"' . mysql_escape_string($state_name) . '",
"' . mysql_escape_string($db->f('zip')) . '",
"' . mysql_escape_string($db->f('user_email')) . '",
"0",
NOW())';
$db->query($sql);
}
// апдейтнули
$sql = 'UPDATE jos_vm_order_user_info SET
first_name = "' . mysql_escape_string($_REQUEST['first_name']) . '",
phone_1 = "' . mysql_escape_string($_REQUEST['phone_1']) . '",
address_1 = "' . mysql_escape_string($_REQUEST['address_1']) . '",
country = "' . mysql_escape_string($_REQUEST['country']) . '",
state = "' . mysql_escape_string($_REQUEST['state']) . '",
zip = "' . mysql_escape_string($_REQUEST['zip']) . '",
user_email = "' . mysql_escape_string($_REQUEST['user_email']) . '"
WHERE order_id = "' . mysql_escape_string($_REQUEST['order_id']) . '"';
$db = new ps_DB();
$db->query($sql);
// записали ещё раз
$sql = 'SELECT first_name, phone_1, address_1, country, state, zip, user_email FROM jos_vm_order_user_info
WHERE order_id = "' . $order_id . '"';
$db->query($sql);
$db->next_record();
$country = new ps_country();
$dbc = $country->get_country_by_code($db->f('country'));
$country_name = $dbc->f('country_name');
$dbc = $country->get_state_by_code($db->f('state'), $db->f('country'));
$state_name = $dbc->f('state_name');
$sql = 'INSERT INTO address_log (order_id, first_name, phone_1, address_1, country, state, zip, user_email, user_id, date)
VALUES (
"' . $order_id . '",
"' . mysql_escape_string($db->f('first_name')) . '",
"' . mysql_escape_string($db->f('phone_1')) . '",
"' . mysql_escape_string($db->f('address_1')) . '",
"' . mysql_escape_string($country_name) . '",
"' . mysql_escape_string($state_name) . '",
"' . mysql_escape_string($db->f('zip')) . '",
"' . mysql_escape_string($db->f('user_email')) . '",
"' . mysql_escape_string($auth['user_id']) . '",
NOW())';
$db->query($sql);
$result['mess'] = 'OK';
$result['result'] = true;
return $result;
}
<td width="65%" align="left"><?php
switch ($field->name) {
case 'country':
$country = new ps_country();
$dbc = $country->get_country_by_code($dbt->f($field->name));
$country_id = $dbt->f($field->name);
//if ($dbc !== false)
// echo $dbc->f('country_name');
$ps_html = new ps_html();
$onchange = "onchange=\"changeStateList();\"";
$ps_html->list_country("country", $country_id, "id=\"country_field\" {$onchange}");
break;
case 'state':
$country = new ps_country();
$state = $dbt->f($field->name);
$dbc = $country->get_state_by_code($state, $country_id);
//if ($dbc !== false)
// echo $dbc->f('state_name');
echo $ps_html->dynamic_state_lists("country", "state", $country_id, $state);
break;
default:
$fieldvalue = $dbt->f($field->name);
if (0) {
echo " ";
} else {
echo '<input type="text" name="' . $field->name . '" value="' . htmlspecialchars($fieldvalue) . '" class="order_user_filed">';
}
break;
}
?>
</td>
