/** * Displays the page. * * @param $title The title of the page */ function showContent($title) { $db = new DB(); $category = trim($_REQUEST["category"]); $sql = "SELECT ID, image, name, price, description FROM products"; if ($category) { $sql .= " WHERE category = '{$category}'"; } $result = $db->query($sql); echo "<h1>{$title}</h1>\n"; echo "<table border=\"1\">\n"; showHeading(); while ($row = mysql_fetch_row($result)) { list($id, $image, $name, $price, $description) = $row; $price = "\$" . number_format($price, 2); showItem($id, $name, $description, $image, $price); } echo "</table>\n"; }
/** * Displays the main content of the page. * * @param $title The title of the page */ function showContent($title) { $db = new DB(); $cartID = getCartID(); $sql = "SELECT ID, name, products.price, quantity, date \n FROM shoppingcarts, products\n WHERE productID=ID AND CartID='{$cartID}'"; $result = $db->query($sql); echo "<h1>{$title}</h1>\n"; echo "<table>\n"; showHeading(); $user = isset($_SESSION['user']) ? $_SESSION['user'] : ""; while ($row = mysql_fetch_row($result)) { list($productId, $prodName, $price, $qty, $date) = $row; $total += $price * $qty; showItem($productId, $prodName, $price, $qty); $sql = "INSERT INTO orders(username, date, status)\n VALUES ('{$user}', '{$date}', 'ordered')"; $db->query($sql); $sql = "INSERT INTO orderItems(orderID, productID, quantity, status)\n VALUES ('LAST_INSERT_ID()', '{$productId}', '{$qty}', 'ordered')"; $db->query($sql); $sql = "DELETE FROM shoppingcarts WHERE CartID='{$cartID}'"; $db->query($sql); } $total = "\$" . number_format($total, 2); showFooter($total); echo "</table>\n"; $sql = "SELECT fname, lname, address, city, state, zip, country\n FROM customers, addresses \n WHERE customers.username=addresses.username \n AND customers.username='******'"; $result = $db->query($sql); $row = mysql_fetch_row($result); list($fname, $lname, $address, $city, $state, $zip, $country) = $row; echo "<p>This order will be shipped to</p>"; echo "<p>{$fname} {$lname}</p>"; echo "<p>{$address}</p>"; echo "<p>{$city}, {$state} {$zip}</p>"; echo "<p>{$country}</p>"; setcookie('cartID', '', time() - 86400, '/'); session_destroy(); }
/** * Displays the main content of the page. * * @param $title The title of the page * @param $db A DB object for secure database operations */ function showContent($title, $db) { $cartID = getCartId(); $sql = "SELECT ID, name, products.price, Quantity \n FROM shoppingcarts, products \n WHERE ID=ProductID AND CartID='{$cartID}'"; $result = $db->query($sql); echo "<h1>{$title}</h1>\n"; echo "<table>\n"; showHeading(); $total = 0; while ($row = mysql_fetch_row($result)) { list($id, $prodName, $price, $qty) = $row; $total += $price * $qty; showItem($id, $prodName, $price, $qty); } $total = "\$" . number_format($total, 2); showFooter($total); echo "</table>\n"; $url = isset($_SESSION['user']) ? "true" : "false"; echo "<button onclick=\"checkout({$url})\">Checkout</button>\n"; $f = new FormLib(); ?> <p>Keep shopping</p> <form action="products.php" method="post" id="categories"> <fieldset> <legend>Select a category</legend> <table> <tr> <td class="inputcell"> <?php $list = array("All" => "", "On the Lawn" => "lawn", "Back at Camp" => "camping", "Jammin'" => "jam", "At the Lake" => "water", "Artists' CDs" => "cd"); echo $f->makeSelect('category', $list); ?> </td> </tr> </table> </fieldset> <p><input type="submit" value="Submit" /></p> </form> <?php }