/**
* Displays the page.
*
* @param $title The title of the page
*/
function showContent($title)
{
$db = new DB();
$category = trim($_REQUEST["category"]);
$sql = "SELECT ID, image, name, price, description FROM products";
if ($category) {
$sql .= " WHERE category = '{$category}'";
}
$result = $db->query($sql);
echo "<h1>{$title}</h1>\n";
echo "<table border=\"1\">\n";
showHeading();
while ($row = mysql_fetch_row($result)) {
list($id, $image, $name, $price, $description) = $row;
$price = "\$" . number_format($price, 2);
showItem($id, $name, $description, $image, $price);
}
echo "</table>\n";
}
/**
* Displays the main content of the page.
*
* @param $title The title of the page
*/
function showContent($title)
{
$db = new DB();
$cartID = getCartID();
$sql = "SELECT ID, name, products.price, quantity, date \n FROM shoppingcarts, products\n WHERE productID=ID AND CartID='{$cartID}'";
$result = $db->query($sql);
echo "<h1>{$title}</h1>\n";
echo "<table>\n";
showHeading();
$user = isset($_SESSION['user']) ? $_SESSION['user'] : "";
while ($row = mysql_fetch_row($result)) {
list($productId, $prodName, $price, $qty, $date) = $row;
$total += $price * $qty;
showItem($productId, $prodName, $price, $qty);
$sql = "INSERT INTO orders(username, date, status)\n VALUES ('{$user}', '{$date}', 'ordered')";
$db->query($sql);
$sql = "INSERT INTO orderItems(orderID, productID, quantity, status)\n VALUES ('LAST_INSERT_ID()', '{$productId}', '{$qty}', 'ordered')";
$db->query($sql);
$sql = "DELETE FROM shoppingcarts WHERE CartID='{$cartID}'";
$db->query($sql);
}
$total = "\$" . number_format($total, 2);
showFooter($total);
echo "</table>\n";
$sql = "SELECT fname, lname, address, city, state, zip, country\n FROM customers, addresses \n WHERE customers.username=addresses.username \n AND customers.username='******'";
$result = $db->query($sql);
$row = mysql_fetch_row($result);
list($fname, $lname, $address, $city, $state, $zip, $country) = $row;
echo "<p>This order will be shipped to</p>";
echo "<p>{$fname} {$lname}</p>";
echo "<p>{$address}</p>";
echo "<p>{$city}, {$state} {$zip}</p>";
echo "<p>{$country}</p>";
setcookie('cartID', '', time() - 86400, '/');
session_destroy();
}
/**
* Displays the main content of the page.
*
* @param $title The title of the page
* @param $db A DB object for secure database operations
*/
function showContent($title, $db)
{
$cartID = getCartId();
$sql = "SELECT ID, name, products.price, Quantity \n FROM shoppingcarts, products \n WHERE ID=ProductID AND CartID='{$cartID}'";
$result = $db->query($sql);
echo "<h1>{$title}</h1>\n";
echo "<table>\n";
showHeading();
$total = 0;
while ($row = mysql_fetch_row($result)) {
list($id, $prodName, $price, $qty) = $row;
$total += $price * $qty;
showItem($id, $prodName, $price, $qty);
}
$total = "\$" . number_format($total, 2);
showFooter($total);
echo "</table>\n";
$url = isset($_SESSION['user']) ? "true" : "false";
echo "<button onclick=\"checkout({$url})\">Checkout</button>\n";
$f = new FormLib();
?>
<p>Keep shopping</p>
<form action="products.php" method="post" id="categories">
<fieldset>
<legend>Select a category</legend>
<table>
<tr>
<td class="inputcell">
<?php
$list = array("All" => "", "On the Lawn" => "lawn", "Back at Camp" => "camping", "Jammin'" => "jam", "At the Lake" => "water", "Artists' CDs" => "cd");
echo $f->makeSelect('category', $list);
?>
</td>
</tr>
</table>
</fieldset>
<p><input type="submit" value="Submit" /></p>
</form>
<?php
}
