-
Notifications
You must be signed in to change notification settings - Fork 0
/
products.php
90 lines (88 loc) · 2.45 KB
/
products.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
require_once "create.php";
if(!$dbh=setupProductConnection()) die;
dropTableByName("ingredient");
dropTableByName("comment");
dropTableByName("images");
createTableIngredient();
createTableImage();
createTableComment();
loadProductsIntoEmptyDatabase();
if(isset($_GET['action'])){
$action = $_GET['action'];
if($action=='view'){
actionView();
}
elseif ($action=='review'){
actionReview();
}
elseif($action=='list'){
actionList();
}
}
else{
actionList();
}
function actionView(){
if(isset($_GET['id'])){
include 'product_page.php';
}
else{
die("Error: No ID specified.");
}
}
function actionList(){
include 'products_listing.php';
}
function checkProductID(){
$productID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
$options = array("options"=>array("min_range"=>0));
if(filter_var($productID,FILTER_VALIDATE_INT)===0 or !filter_var($productID,FILTER_VALIDATE_INT, $options) === false){
return $productID;
}
else{
die("Invalid product ID");
}
}
function actionReview(){
if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_GET['id'])){
global $dbh;
$id = checkProductID();
$ingredient = $dbh->getIngredientByID($id);
$ratingOkay=$submissionOkay=true;
$options = FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_LOW | FILTER_FLAG_ENCODE_AMP;
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING, $options);
// Filter and validate rating
$rating = filter_var($_POST['rating'], FILTER_SANITIZE_NUMBER_INT);
if(!filter_var($rating, FILTER_VALIDATE_INT, array("options" => array("min_range"=>1, "max_range"=>5))) === false) {
}
else {
// bad rating value
$submissionOkay = false;
$ratingOkay = false;
}
// Filter comments
$options = FILTER_FLAG_ENCODE_AMP | FILTER_FLAG_ENCODE_HIGH | FILTER_FLAG_ENCODE_LOW;
$words = filter_var($_POST['words'], FILTER_SANITIZE_STRING, $options);
if($submissionOkay===true){
$reviewArray = new Comment();
$reviewArray->name = $name;
$reviewArray->rating=$rating;
$reviewArray->words=$words;
$reviewArray->id=$dbh->lastInsertID()+1;
$reviewArray->ingredient=$ingredient->name;
$dbh->insertComment($reviewArray);
addCommentToTable($reviewArray);
}
include 'product_page.php';
}
else {
die("Error: No ID specified.");
}
}
else {
die("Error: No post data submitted.");
}
}
?>