$area = "onlinestore"; include("../includes/header.php"); $action = mysqlquerycleaner($_REQUEST["action"]); $itemID = mysqlquerycleaner($_REQUEST["itemID"]); $orderID = mysqlquerycleaner($_REQUEST["orderID"]); $orderitemID = mysqlquerycleaner($_REQUEST["orderitemID"]); $cookieID = mysqlquerycleaner($_COOKIE["cookieID"]); //************************************************************************ // CustomerID // Check to see if there is an existing customer. If not - start a new entry with the cookieID //************************************************************************ $sql = "SELECT ID FROM orders_customer WHERE cookieID = '$cookieID'"; $customer = mysql_query($sql); if(mysql_num_rows($customer) > 0) { $row = mysql_fetch_array($customer); $customerID = $row["ID"]; } else { // I only want to add a new customer if they actually have added an item if($action == "Add Item") { $sql = "INSERT INTO orders_customer (cookieID) VALUES ('$cookieID')"; mysql_query($sql); $customerID = mysql_insert_id($link); } else { $customerID = 0; } } mysql_free_result($customer); //************************************************************************ // OrderID // Check to see if there is an existing order. If not - start a new order with the customerID //************************************************************************ $sql = "SELECT ID FROM orders_data WHERE customerID = '$customerID' AND completed is NULL"; $order = mysql_query($sql); if(mysql_num_rows($order) > 0) { $row = mysql_fetch_array($order); $orderID = $row["ID"]; } else { // I only want to start a new order if they actually have added an item if($action == "Add Item") { $sql = "INSERT INTO orders_data (customerID) VALUES ('$customerID')"; mysql_query($sql); $orderID = mysql_insert_id($link); } } mysql_free_result($order); //************************************************************************ // ADD ITEMS TO ORDER //************************************************************************ if($action == "Add Item") { $num_prices = mysqlquerycleaner($_REQUEST["num_prices"]); $title = mysqlquerycleaner($_REQUEST["title"]); // Insert the item data into the order items table for($i=1;$i<=$num_prices;$i++) { $optionID = mysqlquerycleaner($_REQUEST["optionID_".$i]); $text = mysqlquerycleaner($_REQUEST["text_".$i]); $qty = mysqlquerycleaner($_REQUEST["qty_".$i]); $price = mysqlquerycleaner($_REQUEST["price_".$i]); $uom = mysqlquerycleaner($_REQUEST["uom_".$i]); $weight = mysqlquerycleaner($_REQUEST["weight_".$i]); if($qty != "") { // See if there is an existing price option in the cart already - if so update the new quantity $sql = "SELECT ID, qty FROM orders_items WHERE customerID = '$customerID' AND orderID = '$orderID' AND itemID = '$itemID' AND optionID = '$optionID'"; $existing = mysql_query($sql); if(mysql_num_rows($existing) > 0) { $row = mysql_fetch_array($existing); $existingID = $row["ID"]; $newqty = $row["qty"] + $qty; $sql = "UPDATE orders_items SET qty = '$newqty' WHERE ID = '$existingID'"; mysql_query($sql); } else { $sql = "INSERT INTO orders_items (customerID, orderID, itemID, optionID, title, text, qty, price, uom, weight) VALUES ('$customerID', '$orderID', '$itemID', '$optionID', '$title', '$text', '$qty', '$price', '$uom', '$weight')"; mysql_query($sql); } mysql_free_result($existing); } } } //************************************************************************ // UPDATE ITEMS IN ORDER //************************************************************************ elseif($action == "Update") { $qty = mysqlquerycleaner($_REQUEST["qty"]); $sql = "UPDATE orders_items SET qty = '$qty' WHERE ID = '$orderitemID'"; mysql_query($sql); } elseif($action == "Delete") { $sql = "DELETE FROM orders_items WHERE ID = '$orderitemID'"; mysql_query($sql); } elseif($action == "DeleteOrder") { $sql = "DELETE FROM orders_items WHERE orderID = '$orderID'"; mysql_query($sql); $sql = "UPDATE orders_data SET price = NULL, weight = NULL WHERE ID = '$orderID'"; mysql_query($sql); } ?>