Subversion Repositories cheapmusic

Rev

Rev 79 | Rev 86 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 79 Rev 81
Line 13... Line 13...
13 
    $modified = $created;
 13 
    $modified = $created;
14 
 
 14 
 
15 
    $uid = mysqli_real_escape_string($conn, $uid);
 15 
    $uid = mysqli_real_escape_string($conn, $uid);
16 
    $mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";
 16 
    $mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";
17 
    $rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";
 17 
    $rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";
- 
 
 18 
    $asin = isset($wlArr->{'asin'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'asin'}) . "'" : "NULL";
18 
    $barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");
 19 
    $barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");
19 
    $title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";
 20 
    $title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";
20 
    $artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";
 21 
    $artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";
21 
    $cond = 'Any';
 22 
    $cond = 'Any';
22 
    $format = 'Any';
 23 
    $format = 'Any';
Line 25... Line 26...
25 
    $url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";
 26 
    $url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";
26 
    $thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";
 27 
    $thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";
27 
 
 28 
 
28 
    $sql = "INSERT
 29 
    $sql = "INSERT
29 
            INTO wishlist
 30 
            INTO wishlist
30 
            (id, created, modified, uid, mid, rid, barcode, title, artist, cond, format, currency, price, url, thumbnail)
 31 
            (id, created, modified, uid, mid, rid, asin, barcode, title, artist, cond, format, currency, price, url, thumbnail)
31 
            VALUES (NULL, '$created', '$modified', '$uid', '$mid', '$rid', " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";
 32 
            VALUES (NULL, '$created', '$modified', '$uid', '$mid', '$rid', " . $asin . ";, " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";
32 
 
 33 
 
33 
    if ($result = mysqli_query($conn, $sql)) {
 34 
    if ($result = mysqli_query($conn, $sql)) {
34 
        return 0;
 35 
        return 0;
35 
    }
 36 
    }
36 
    else {
 37 
    else {
Line 48... Line 49...
48 
    return -1;
 49 
    return -1;
49 
}
 50 
}
50 
 
 51 
 
51 
function checkWishlist($type, $id) {
 52 
function checkWishlist($type, $id) {
52 
    $conn = MySessionHandler::getDBSessionId();
 53 
    $conn = MySessionHandler::getDBSessionId();
- 
 
 54 
    if ($type == "master") {
- 
 
 55 
        $colName = "mid";
- 
 
 56 
    } else if ($type == "release") {
- 
 
 57 
        $colName = "rid";
- 
 
 58 
    } else if ($type == "asin") {
- 
 
 59 
        $colName = "asin";
- 
 
 60 
    }
53 
 
 61 
 
54 
    $uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);
 62 
    $uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);
55 
 
 63 
 
56 
    $sql = "SELECT id
 64 
    $sql = "SELECT id
57 
            FROM wishlist
 65 
            FROM wishlist
58 
            WHERE uid = '$uid' and " . ($type == "master" ? "mid" : "rid") . " = '$id'";
 66 
            WHERE uid = '$uid' and $colName = '$id'";
59 
 
 67 
 
60 
    if ($result = mysqli_query($conn, $sql)) {
 68 
    if ($result = mysqli_query($conn, $sql)) {
61 
        if (mysqli_num_rows($result) > 0) {
 69 
        if (mysqli_num_rows($result) > 0) {
62 
            return true;
 70 
            return true;
63 
        }
 71 
        }
Line 97... Line 105...
97 
            $str .= "<form method=\"post\" action=\"/index.php\">";
 105 
            $str .= "<form method=\"post\" action=\"/index.php\">";
98 
            $str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\">";
 106 
            $str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\">";
99 
            $str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\">";
 107 
            $str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\">";
100 
            $str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\">";
 108 
            $str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\">";
101 
            $str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\">";
 109 
            $str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\">";
102 
            $str .= "<div class=\"table-responsive\">";
 110 
            $str .= "<div class=\"table\">";
103 
            $str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";
 111 
            $str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";
104 
            $str .= "<thead class=\"thead-dark sticky-top\">";
 112 
            $str .= "<thead class=\"thead-dark table-header-sticky\">";
105 
            $str .= "<tr><th></th>";
 113 
            $str .= "<tr><th></th>";
106 
            $str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 1, 'text')\"><span class=\"nowrap\">Artist <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";
 114 
            $str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 1, 'text')\"><span class=\"nowrap\">Artist <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";
107 
            $str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 2, 'text')\"><span class=\"text-nowrap\">Title <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";
 115 
            $str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 2, 'text')\"><span class=\"text-nowrap\">Title <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";
108 
            $str .= "<th class=\"d-none\"></th>";
 116 
            $str .= "<th class=\"d-none\"></th>";
109 
            $str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 4, 'text')\"><span class=\"text-nowrap\">Barcode <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";
 117 
            $str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 4, 'text')\"><span class=\"text-nowrap\">Barcode <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";