function funcDeleteItem($itemcode, $emailaddress) { //connect to server $link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error()); //change to correct database mysql_select_db("sfvault_store") or die("Could not select database"); //$qty = "1"; //$itemcode = funcSanitize($_POST['removeitem']); $strBool = 0; $counter = 0; $strUpdateStockQuery = "DELETE FROM tbl_PreOrder where stockID = '" . $itemcode . "' and emailaddress = '" . $emailaddress . "'"; mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error()); funcLogToDebug("RemovePreOrder.php: PreOrder for " . $itemcode . " by " . $emailaddress . "was removed."); //header('location: ' . $_SERVER['PHP_SELF']); //header('location: ' . $_POST['page']); //echo $_POST['page']; echo "<meta http-equiv='refresh' content='0;url=" . $_POST['page'] . "'>"; }
session_set_cookie_params($sessionExpire); //start new session session_start(); if (!isset($_SESSION['cart'])) { $_SESSION['cart'] = array(); } if ($_GET["key"] != "") { $strBin = hex2bin($_GET["key"]); $strDecrypted = funcDecrypt($strBin); $strUserID = substr($strDecrypted, 0, strpos($strDecrypted, "&")); $strNow = date('Y-m-j H:i:s'); $value = funcEncrypt($strUserID . "&" . $strNow); //$str = strpos(strDecrypted,"&"); funcLogToDebug("ChooseDelivery3.php: " . $strBin); funcLogToDebug("ChooseDelivery3.php: " . $strDecrypted); funcLogToDebug("ChooseDelivery3.php: " . $strUserID); } if ($_GET["strUserID"] != $strUserID) { setcookie("AUTH", "", time() - 600, "/", "shop.scifivault.com", 0); /* expire in 10 mins ago */ echo "denied. Give it 3 seconds"; echo "<meta http-equiv='refresh' content='3;url=/UserLogon.php'>"; } else { //echo "<!--\n<b>We have an Auth cookie</b>"; //echo "\n<br>Cookie(auth): " . $_COOKIE["AUTH"]; //now can we decrypt the cookie.... //echo "\n<br>Binary: " . hex2bin($_COOKIE["AUTH"]); setcookie("AUTH", $value, $strExpiry, "/", "shop.scifivault.com", 0); /* expire in 10 mins */ //echo $strUserID . "_" . $strExpiry ."<br>" ; //print_r ($_COOKIE["AUTH"]);
<BODY> <?php include 'includes/SharedFunctionsStrict.php'; //Write Debug information funcDebug("this is a test debug"); //connect to server funcDebug("Connecting to database"); $link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error()); funcDebug("Connected to database"); //change to correct database mysql_select_db("sfvault_store") or die("Could not select database"); //run query to see if result is returned $strNow = date('Y-m-j h:i:s'); $strStatus = funcSanitize($_POST["STATUS"]); $strOrder = funcSanitize($_POST["orderno"]); funcLogToDebug("updateOrder.php: Order (" . $strOrder . ") changed status to " . $strStatus); $strUpdateQuery = "UPDATE tbl_Orders SET Status = '" . $strStatus . "' WHERE OrderNo = '" . $strOrder . "'"; $strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error()); //query to get all baskets $strQuery = "SELECT * FROM tbl_Orders where OrderNo = '" . $strOrder . "'"; //execute query $strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error()); while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) { $strOrderNo = $line["OrderNo"]; $strOrderSubmitted = $line["DateTme"]; $strCookie = $line["Cookie"]; $strItems = $line["Items"]; $strShipping = $line["Shipping"]; $strCost = $line["Cost"]; $strAddress = $line["Address"]; $strEmailAddress = $line["emailaddress"];
<?php //connect to server include 'includes/Link.php'; include 'includes/SharedFunctions.php'; $ip = getenv("REMOTE_ADDR"); $httpref = getenv("HTTP_REFERER"); $httpagent = getenv("HTTP_USER_AGENT"); $strNow = date('Y-m-j G:i:s'); $strItem1 = funcSanitize($_POST["SPitem1"]); $strItem2 = funcSanitize($_POST["SPitem2"]); $strItem3 = funcSanitize($_POST["SPitem3"]); $strItem4 = funcSanitize($_POST["SPitem4"]); $strItem5 = funcSanitize($_POST["SPitem5"]); $strItem6 = funcSanitize($_POST["SPitem6"]); funcLogToDebug("submitSpecialItemsFP.php: " . $strItem1 . "," . $strItem2 . "," . $strItem3 . "," . $strItem4 . "," . $strItem5); //first thing is first, remove all special items (subcategory) tags for the posted category $strQuery = "UPDATE tblItem SET DisplayonFrontPage = '0' where DisplayonFrontPage = '1'"; //echo $strQuery; $strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error()); //run query to update 1st item $strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem1 . "'"; //echo "<br>" . $strQuery; $strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error()); //run query to update 2nd item $strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem2 . "'"; $strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error()); //run query to update 3rd item $strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem3 . "'"; $strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error()); //run query to update 4th item $strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem4 . "'";
$gblnDebug = false; ?> <?php include 'includes/SharedFunctionsStrict.php'; //Write Debug information funcDebug("this is a test debug"); //connect to server funcDebug("Connecting to database"); $link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error()); //change to correct database mysql_select_db("sfvault_store") or die("Could not select database"); //run query to see if result is returned $strStockID = $_POST["stockID"]; $strQuery = "SELECT * FROM tblItem where stockID = '" . $strStockID . "'"; funcLogToDebug("submitAdd.php: Adding Item " . $strStockID); $strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error()); $conNumberofRows = mysql_num_rows($strResult); funcDebug($conNumberofRows); //funcDebug (mysql_num_rows($strResult) . "<br>"); //if there are any rows in the table with the same ID, error if ($conNumberofRows != 0) { echo "<b>ERROR! stockID " . $strStockID . "Already exists<br></b>\n"; } else { $strDescription = $_POST["Description"]; $strSmallPicture = $_POST["smallPicture"]; $strBigPicture = $_POST["bigPicture"]; $strShortDescription = $_POST["shortDescription"]; $strName = $_POST["Name"]; $strCost = $_POST["Cost"]; $strRRP = $_POST["RRP"];
$strShippingNote = "Postage + Insurance"; $strShipping = $str1stClassCost + $strInsurance; //echo "*" . $strShipping; } //$strShipping = "0.00"; //squirt order into database $strUpdateOrder = "UPDATE tbl_Orders SET items = '" . $strOrder2 . "', cost = '" . $strTotal . "', Shipping = '" . $strShipping . "' where DateTme = '" . $strNow . "' and emailAddress = '" . $strEmailAddress . "'"; $strUpdateResult = mysql_query($strUpdateOrder) or die("Query Failed:" . mysql_error()); //log it. funcLogToDebug("submitPreOrder.php: New Order created - " . $strOrder2 . ", Shipping - " . $strShipping); //delete entries from pre-order table. foreach ($strOrder as $o) { $arrPreOrder = split("#", $o); $strDeletePreOrderQry = "DELETE FROM tbl_PreOrder where uid = '" . $arrPreOrder[3] . "'"; $strDeletePreOrderResult = mysql_query($strDeletePreOrderQry) or die("Query Failed:" . mysql_error()); funcLogToDebug("submitPreOrder.php: Deleted preOrder " . $arrPreOrder[3] . ", (" . $arrPreOrder[0] . "x" . $arrPreOrder[1] . ")"); } redirect("default.php?Action=OutstandingOrders", 0, ""); ?> <?php // Redirects to another Page using HTTP-META Tag function redirect($url, $delay = 0, $message = "") { /* redirects to a new URL using meta tags */ echo "<meta http-equiv='Refresh' content='" . $delay . "; url=" . $url . "'>"; die("<div style='font-family: Arial, Sans-serif; font-size: 12pt;' align=center> " . $message . " </div>"); }
$strUpdatedBasketValue = $line2["Qty"] + $qty; $strAddToBasket = "UPDATE tblBasket SET qty = '" . $strUpdatedBasketValue . "' where item = '" . $itemcode . "' and PHPSessionID = '" . session_id() . "'"; mysql_query($strAddToBasket) or die("Update Basket Query Failed:" . mysql_error()); funcLogToDebug("addToBasket2.php: Item " . $itemcode . " update to basket (" . session_id() . ")"); } elseif ($conNumberofRows == 0) { //need to insert a row into the table $strAddToBasket = "INSERT tblBasket Values ('" . session_id() . "', '" . $itemcode . "', '" . $qty . "')"; mysql_query($strAddToBasket) or die("Add to Basket Query Failed:" . mysql_error()); funcLogToDebug("addToBasket2.php: Item " . $itemcode . " added to basket (" . session_id() . ")"); } else { //catchall for invalid entries in basket. stops //before making any changes in the main tblItems. echo "Invalid number of rows in your basket, please contact us"; $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'"; mysql_query($strLockQuery) or die("Query Failed: " . mysql_error()); funcLogToDebug("addToBasket2.php: Problem updating Item " . $itemcode . " to basket (" . session_id() . ")"); exit; } //update tblItems with new stock value $strUpdatedStockValue = $line["NoOfItems"] - $qty; //funcDebug ("Updated stock value: " . $strUpdatedStockValue); $strUpdateStockQuery = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedStockValue . "' WHERE stockID = '" . $itemcode . "'"; mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error()); $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'"; mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error()); } else { //oh dear, no stock left echo "Not enough stock I'm afraid for that item"; $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'"; mysql_query($strLockQuery) or die("Query Failed: " . mysql_error()); exit;
$strStockResult = mysql_query($strStockQry) or die("Query Failed :" . mysql_error()); $conNumberofRows = mysql_num_rows($strStockResult); if ($conNumberofRows == "1") { //verify email is in our database $strEmailQry = "SELECT emailAddress from tbl_UserLogin where emailAddress = '" . $email . "'"; $strEmailResult = mysql_query($strEmailQry) or die("Query Failed :" . mysql_error()); $conNumberofRows2 = mysql_num_rows($strEmailResult); if ($conNumberofRows2 == "1") { //add entry to tbl_PreOrder $strInsertQry = "INSERT INTO tbl_PreOrder values ('" . $email . "', '" . $qty . "', '" . $comments . "', '" . $strNow . "','" . $itemcode . "','')"; $strInsert = mysql_query($strInsertQry) or die("Query Failed :" . mysql_error()); funcLogToDebug("UpdatePreOrder.php: Updated database"); } else { funcLogToDebug("UpdatePreOrder.php: email address does not exist in db - shouldn\\'t happen"); } } else { echo " Error! More than one piece of this stock in the right state!"; funcLogToDebug("UpdatePreOrder.php: More than one piece of stock in the right state"); } //header('location: ' . $_SERVER['PHP_SELF']); //header('location: ' . $_POST['page']); echo "<meta http-equiv='refresh' content='0;url=/thanks.htm'>"; exit; ?> <HTML> <br><a href="index3.php">index3.php</a> <br><a href="session.php">session.php</a> </HTML>
$strItemResult = mysql_query($strItemQuery) or die("Query Failed :" . mysql_error()); $strStockID = substr($item, 0, strpos($item, "(")); while ($lineItem = mysql_fetch_array($strItemResult, MYSQL_ASSOC)) { $strNamedItem = $lineItem["Name"]; $strPrice = substr($item, strpos($item, "(") + 1, strrpos($item, ")") - strpos($item, "(") - 1); $strQty = substr($item, strpos($item, "x") + 1); echo "<tr><td>" . $strQty . "</td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strStockID . "</a></td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strNamedItem . "</a></td><td align='right'>£" . $strPrice . "</td><td align='right'>£" . $strPrice * $strQty . "</td></tr><br />"; } } echo "<tr><td></td><td></td><td> </td><td></td><td></td></tr>"; echo "<tr><td></td><td></td><td><b>Shipping</b></td><td></td><td align='right'>£" . $strShipping . "</td></tr>"; echo "<tr><td></td><td></td><td><b>Total</b></td><td></td><td align='right'>£" . ($strShipping + $strCost) . "</td></tr>"; echo "</table>"; } else { echo "denied. Give it 3 seconds"; funcLogToDebug("Orderview.php: " . $_GET["strUserID"] . " just tried to look into order no " . $strOrderNo); echo "<meta http-equiv='refresh' content='0;url=/UserLogon.php'>"; } } ?> <p> </td> <td width="200" align="center" valign="top"> <table width="200" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#002A54"> <tr> <td bgcolor="#002A54"> <div align="center"><img src="images/buttons/LOGIN.gif" width="180" height="25"></div> </td> </tr>
} } else { //more than one user in our database with the same strUserID, log it and error //passwords don't match. Error gracefully. echo "<meta http-equiv='refresh' content='0;url=/UserPasswordChange.php?strUserID=" . $strUserID . "&PasswordError=3'>"; echo "</HEAD></HTML>"; funcLogToDebug("updatePassword.php failed: More than one userID in the database (" . $strUserID . ")"); exit; } //check passwords match if ($strPassword2 == $strPassword3) { //passwords match, lets carry on $strMD5 = md5($strPassword2); } else { //passwords don't match. Error gracefully. echo "<meta http-equiv='refresh' content='0;url=/UserPasswordChange.php?strUserID=" . $strUserID . "&PasswordError=1'>"; echo "</HEAD></HTML>"; funcLogToDebug("updatePassword.php:" . $strUserID . " couldn't match new passwords"); exit; } $strChPassQuery = "UPDATE tbl_UserLogin set Password = '******' where UserID = '" . $strUserID . "'"; $strResult = mysql_query($strChPassQuery) or die("Query Failed:" . mysql_error()); funcLogToDebug("updatePassword.php: Update " . $strUserID . " Password"); echo "<meta http-equiv='refresh' content='0;url=/passwordupdate.php?strUserID=" . $strUserID . "'>"; ?> </HEAD> </HTML> <?php }
for ($i = 0; $i < $length; $i++) { $rand_pos = rand(0, $rand_max); $rand_key[] = $key_chars[$rand_pos]; } $rand_pass = implode('', $rand_key); //set in database //change to correct database mysql_select_db("sfvault_store") or die("Could not select database"); $strChPassQuery = "UPDATE tbl_UserLogin set Password = '******' where UserID = '" . $strEmailAddress . "'"; $strResult = mysql_query($strChPassQuery) or die("Query Failed:" . mysql_error()); //display msg //echo "Password has been sent to your account"; //and send.... mail($strEmailAddress, "ScifiVault.com Password Retrieval", "\n\n Your Password is " . $rand_pass . ", Once logged in successfully, please change it as a security measure", "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion()); funcLogToDebug("passwordRetrieval.php: Password sent to " . $strEmailAddress); funcLogToDebug("passwordRetrieval.php: " . $rand_pass); } ?> <table border="0" cellspacing="0" cellpadding="5" width="900" align="center"> <tr> <td width="500"><a href="http://shop.scifivault.com/index3.php"><img src="images/scifi-small-best.jpg" width="403" height="62" border="0"></a> </td> <td align="right" valign="top" width="300"> <div align="right"> <script language=JavaScript> </td></tr> <tr><td>
$strVerifyCode = funcSanitize($_GET["VerifyKey"]); funcDebug($strUserName); funcDebug($strVerifyCode); //connect to server $link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error()); //change to correct database mysql_select_db("sfvault_store") or die("Could not select database"); $strUserQuery = "SELECT UserID FROM tbl_UserLogin where UserID = '" . $strUserName . "'"; $strUserResult = mysql_query($strUserQuery) or die("Query Failed:" . mysql_error()); //User Exists, so Error gracefully, then forward the user on $conNumberofRows = mysql_num_rows($strUserResult); if ($conNumberofRows == 1) { //here's our user $strNow = date('Y-m-j h:i:s'); //User Doesn't exist so carry on Adding $strAddUserQuery = "UPDATE tbl_UserLogin SET UserVerified='1' where UserID='" . $strUserName . "'"; $strAddUserResult = mysql_query($strAddUserQuery) or die("Query Failed:" . mysql_error()); echo "\r\n\r\n<table border='0' cellspacing='0' cellpadding='5' width='900' align='center'>\r\n <tr>\r\n <td width='500'><a href='http://shop.scifivault.com/index3.php'><img src='images/scifi-small-best.jpg' width='403' height='62' border='0'></a>\r\n\r\n </td>\r\n <td align='right' valign='top' width='300'>\r\n\r\n\r\n </td></tr>\r\n\r\n<tr><td>\r\n<br> <font face='verdana'>Thankyou! You've succesfully verified.\r\n\r\n<p>Feel free to sign on and shop. Click on the link below to hurry things along.\r\n<br><br><a href='index3.php'>Back to Shop</a></font></td><td></td></tr>\r\n\r\n</table>\r\n\r\n\r\n\t\t"; funcLogToDebug("VerifyUser.php: " . $strUserName . " verified successfully"); //echo "<meta http-equiv='refresh' content='10;url=/index3.php'>"; } else { //we've got more than 1 user with the same user ID in the db (Shouldn't be possible) //or no user with that user name echo "Error! Please contact scifivault.com with details of your UserId"; funcLogToDebug("VerifyUser.php: " . $strUserName . " errored."); echo "<A href='index3.php'>Back to shop</a>"; } ?> </HTML>
//expires cookies after 1/2 hour $sessionExpire = 60 * 30; session_set_cookie_params($sessionExpire); //start new session session_start(); if (!isset($_SESSION['cart'])) { $_SESSION['cart'] = array(); } if ($_GET["key"] != "") { $strBin = hex2bin($_GET["key"]); $strDecrypted = funcDecrypt($strBin); $strUserID = substr($strDecrypted, 0, strpos($strDecrypted, "&")); //$str = strpos(strDecrypted,"&"); funcLogToDebug("submitOrder2.php: " . $strBin); funcLogToDebug("submitOrder2.php: " . $strDecrypted); funcLogToDebug("submitOrder2.php: " . $strUserID); } if ($_GET["strUserID"] != $strUserID) { setcookie("AUTH", "", time() - 600, "/", "shop.scifivault.com", 0); /* expire in 10 mins ago */ echo "denied. Give it 3 seconds"; echo "<meta http-equiv='refresh' content='3;url=/UserLogon.php'>"; } else { //echo "<!--\n<b>We have an Auth cookie</b>"; //echo "\n<br>Cookie(auth): " . $_COOKIE["AUTH"]; //now can we decrypt the cookie.... //echo "\n<br>Binary: " . hex2bin($_COOKIE["AUTH"]); setcookie("AUTH", $value, $strExpiry, "/", "shop.scifivault.com", 0); /* expire in 10 mins */ //echo $strUserID . "_" . $strExpiry ."<br>" ; //print_r ($_COOKIE["AUTH"]);
function funcDeleteItem($strSessionID, $itemcode, $qty) { //connect to server $link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error()); //change to correct database mysql_select_db("sfvault_store") or die("Could not select database"); //$qty = "1"; //$itemcode = funcSanitize($_POST['removeitem']); $strBool = 0; $counter = 0; //additional check to make sure $qty is a numeric if (ereg("[0-9]+", $qty)) { funcDebug("Quantity string is numeric"); } else { echo "Invalid Input, stop trying to put non-numerics in the quantity field"; exit; } //is row locked? $strLockCheck = "SELECT ColumnLock FROM tblItem WHERE stockID = '" . $itemcode . "'"; $strLockResult = mysql_query($strLockCheck) or die("Query Failed: " . mysql_error()); while ($line = mysql_fetch_array($strLockResult, MYSQL_ASSOC)) { if ($line["ColumnLock"] == 'YES') { echo "Item being edited, please try again"; echo "<br><a href='index3.php'>Back to Shop</a>"; exit; //possible retry, or forward on back to original page?? } else { funcDebug("Free to carry on"); } } //set row lock on in tblItem $strLockQuery = "UPDATE tblItem SET ColumnLock = 'YES' WHERE stockID = '" . $itemcode . "'"; mysql_query($strLockQuery) or die("Query Failed: " . mysql_error()); //Lets see how much stock for this item there is $strStockQuery = "SELECT Qty FROM tblBasket where item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'"; $strStockResult = mysql_query($strStockQuery) or die("Query Failed:" . mysql_error()); while ($line = mysql_fetch_array($strStockResult, MYSQL_ASSOC)) { if ($line["Qty"] >= $qty) { //great we have some stock funcDebug($itemcode . " in basket: " . $line["Qty"]); //$qty = $line["Qty"] - $qty; funcDebug("Request to return " . $qty . " of " . $itemcode); //insert/update into tblBasket $strBasket = "SELECT * FROM tblItem where stockID = '" . $itemcode . "'"; $strBasketResult = mysql_query($strBasket) or die("Basket Query Failed:" . mysql_error()); $conNumberofRows = mysql_num_rows($strBasketResult); if ($conNumberofRows == 1) { //need to update the table $line2 = mysql_fetch_array($strBasketResult, MYSQL_ASSOC); funcDebug("Quantity of " . $itemcode . " in stock is " . $line2["NoOfItems"]); funcLogToDebug("removeFromBasket.php: Item " . $itemcode . " remove from basket (" . session_id() . ")"); $strUpdatedBasketValue = $line2["NoOfItems"] + $qty; $strAddToBasket = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedBasketValue . "' where stockID = '" . $itemcode . "'"; mysql_query($strAddToBasket) or die("Update Basket Query Failed:" . mysql_error()); } else { //catchall for invalid entries in basket. stops //before making any changes in the main tblItems. echo "Invalid number of rows in stock database, please contact us"; $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'"; mysql_query($strLockQuery) or die("Query Failed: " . mysql_error()); exit; } //update tblItems with new stock value $strUpdatedStockValue = $line["Qty"] - $qty; funcDebug("Updated stock value: " . $strUpdatedStockValue); if ($strUpdatedStockValue == 0) { $strUpdateStockQuery = "DELETE FROM tblBasket where item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'"; mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error()); } else { $strUpdateStockQuery = "UPDATE tblBasket SET qty = '" . $strUpdatedStockValue . "' WHERE item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'"; mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error()); } $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'"; mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error()); } else { //oh dear, no stock left echo "Not enough of that item in your basket"; $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'"; mysql_query($strLockQuery) or die("Query Failed: " . mysql_error()); } } //header('location: ' . $_SERVER['PHP_SELF']); //header('location: ' . $_POST['page']); //echo $_POST['page']; echo "<meta http-equiv='refresh' content='0;url=" . $_POST['page'] . "'>"; }
$strAvailability = funcSanitize($strAvailability); $strNoOfItems = funcSanitize($strNoOfItems); $strSubjectTag = funcSanitize($strSubjectTag); $strCategoryTag = funcSanitize($strCategoryTag); $strVersionTag = funcSanitize($strVersionTag); $strFrontPage = funcSanitize($strFrontPage); $strSubCatPage = funcSanitize($strSubCatPage); $strUpdateQuery = "UPDATE tblItem SET Subject = '" . $strSubject . "', Description = '" . $strDescription . "', Category = '" . $strCategory . "', smallPicture = '" . $strSmallPicture . "', bigPicture = '" . $strBigPicture . "', ShortDescription = '" . $strShortDescription . "', Name = '" . $strName . "', Cost = '" . $strCost . "', RRP = '" . $strRRP . "', SaleRRP = '" . $strSaleRRP . "', Weight = '" . $strWeight . "', Barcode = '" . $strBarcode . "', Features = '" . $strFeatures . "', Version = '" . $strVersion . "', Size = '" . $strSize . "', PercentDiscount = '" . $strPercentDiscount . "', WholesalePrice = '" . $strWholesalePrice . "', Supplier = '" . $strSupplier . "', Availability = '" . $strAvailability . "', NoOfItems = '" . $strNoOfItems . "', SubjectTag='" . $strSubjectTag . "', CategoryTag='" . $strCategoryTag . "', VersionTag='" . $strVersionTag . "', DisplayonFrontPage = '" . $strFrontPage . "', DisplayonSubCatPage='" . $strSubCatPage . "' WHERE stockID = '" . $strStockID . "'"; funcDebug("strUpdateQuery: " . $strUpdateQuery); $strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error()); $strNow = date('Y-m-j h:i:s'); $strEditedInsert = "UPDATE: \$\$" . $strStockID . "\$\$,\$\$" . $strSmallPicture . "\$\$,\$\$" . $strBigPicture . "\$\$,\$\$" . $strShortDescription . "\$\$,\$\$" . $strName . "\$\$,\$\$" . $strCost . "\$\$,\$\$" . $strRRP . "\$\$,\$\$" . $strSaleRRP . "\$\$,\$\$" . $strWeight . "\$\$,\$\$" . $strBarcode . "\$\$,\$\$" . $strFeatures . "\$\$,\$\$" . $strVersion . "\$\$,\$\$" . $strSize . "\$\$,\$\$" . $strPercentDiscount . "\$\$,\$\$" . $strWholesalePrice . "\$\$,\$\$" . $strSupplier . "\$\$,\$\$" . $strAvailability . "\$\$,\$\$" . $strNoOfItems . "\$\$,\$\$" . $strCategoryTag . "\$\$,\$\$" . $strSubjectTag . "\$\$,\$\$" . $strVersionTag . "\$\$,\$\$" . $strFrontPage . "\$\$,\$\$" . $strSubCatPage; $strLogInsert = "INSERT INTO tblLog Values ('" . $strNow . "','DEV','" . $strEditedInsert . "')"; funcDebug("strLogInsert: " . $strLogInsert); $strInsertLogEntry = mysql_query($strLogInsert) or die("Log Entry Failed"); funcLogToDebug("submitUpdate.php: " . $strStockID . " has been edited"); } //close connection to database funcDebug("Closing link to db"); mysql_close($link); redirect("/stock2/default.php?Action=ViewItem&stockID=" . $strStockID, 1, "<B>Redirecting...</B><br> <a href='default.php?Action=AmendItem&stockID=" . $strStockID . "'>Click here if redirect fails</a>"); ?> <?php