<?php //$_GET vars setting: //category: if (isset($_GET["category"]) and !empty($_GET["category"])) { if (!lib_letter_validate($_GET["category"])) { die("<h2>ERROR ON PAGE</h2>"); } //security checking. $category = $_GET["category"]; } else { $category = "all"; } //page: if (isset($_GET["page"]) and !empty($_GET["page"])) { if (!lib_number_validate($_GET["page"])) { die("<h2>ERROR ON PAGE</h2>"); } //security checking. $page = $_GET["page"]; } else { $page = 1; } ?> <div class="left_content"> <div class="crumb_nav"> <a href="index.php">home</a> >> <?php echo $category; ?> </div>
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) { setAlertMsg("You must log in in order to add any items to shopping cart!"); header("Location:../login.php"); exit; } if (isset($_GET["pid"]) and !empty($_GET["pid"]) and isset($_SESSION["id"])) { if (lib_number_validate($_GET["pid"])) { $pid = $_GET["pid"]; } else { die("<h2>ERROR ON PAGE</h2>"); } $query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'"; $result1 = mysql_query($query1); if (mysql_num_rows($result1) == 0) { $query2 = "INSERT INTO `carts` ( `cid` , `id` , `pid` , `quantity` )\n\t\t\t\t\tVALUES (NULL ,'{$_SESSION['id']}','{$pid}','1')"; mysql_query($query2); } else { if (mysql_num_rows($result1) == 1) { $query2 = "UPDATE `carts`\n\t\t\t\t\tSET quantity=quantity+1 \n\t\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'"; mysql_query($query2); } } } else { die("<h2>ERROR ON PAGE</h2>"); } setAlertMsg("Item has been added to shopping cart!"); header("Location:../detail.php?pid={$pid}");
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) { echo "請登入"; exit; } if (isset($_POST["pid"]) and !empty($_POST["pid"]) and isset($_SESSION["id"]) and isset($_POST["quantity"]) and !empty($_POST["quantity"])) { if (lib_number_validate($_POST["quantity"])) { $QTY = $_POST["quantity"]; } else { die("不能打数字以外的字符!"); } if (lib_psw_filter($_POST["pid"])) { $pid = $_POST["pid"]; } else { die("不正確的字符!"); } $query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'"; $result1 = mysql_query($query1); if (mysql_num_rows($result1) == 0) { $QTY = checkQTY($pid, $QTY); if ($QTY == 0) { echo "對不起本書暫時缺貨,如要预订,请联系我们!"; } else { if ($_POST["quantity"] != $QTY) { echo "抱歉, 庫存量限制我們給了最大數量, 如要预订,请联系我们!"; } else { echo "成功添加到購物車"; }
die("ERROR"); } /// $name = trim($_POST["pass"]); if (cn_name_input_validate($name) and strlen($name) >= 4) { $query = "\n\t\t\tUPDATE membership_ipn\n\t\t\tSET real_name = '{$name}'\n\t\t\tWHERE user_id = {$id}\n\t\t"; $result = mysql_query($query); } /// } else { if ($action == "editPhone") { if (!isset($_POST["pass"])) { die("ERROR"); } $phone = trim($_POST["pass"]); if (lib_number_validate($phone) and strlen($phone) >= 9 and strlen($phone) <= 11) { $query = "\n\t\t\tUPDATE membership_ipn\n\t\t\tSET phone = '{$phone}'\n\t\t\tWHERE user_id = {$id}\n\t\t"; $result = mysql_query($query); } /// } } //end else $query = "\n\tSELECT * \n\tFROM membership_ipn\n\tWHERE user_id = {$id}\n\t"; $result = mysql_query($query); $row = mysql_fetch_assoc($result); if ($action == "editName") { echo $row["real_name"]; } else { if ($action == "editPhone") { echo $row["phone"];
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"]) or !isset($_GET["cid"]) or !lib_number_validate($_GET["cid"])) { die("ERROR ON PAGE"); } $id = $_SESSION["id"]; $cid = $_GET["cid"]; //secret code: cid=0 means delete the whole cart: if ($cid == 0) { $query = "DELETE FROM carts WHERE id = {$id}"; $result = mysql_query($query); setAlertMsg("購物車已清空!"); } else { $query = "DELETE FROM carts WHERE id = {$id} AND cid = {$cid}"; $result = mysql_query($query); setAlertMsg("項目已被刪除!"); } header("Location:../cart.php"); exit;