Commit e2362ff0 authored by Malcolm Blaney's avatar Malcolm Blaney

Add default Cart templates. Verify user inputs before inserting

into database.
parent 0a1cbbb7
......@@ -287,6 +287,14 @@ class Cart extends Base {
}
$mysqli->close();
$templates('"cart-price-text","","Price:"',
'"cart-quantity-text,"","Quantity:"',
'"cart-title","","Shopping Cart"',
'"cart-checkout","","Your order will be sent to:<br>'.
'!first !last<br>!address<br>!postcode<br>!city<br>'.
'!state<br>!country<br>"');
$this->AddTemplate($template);
$site_style = array('"","#customer-detail-email","margin-left","2.4em"',
'"","#customer-detail-address","margin-left","1.2em"',
'"","#customer-detail-postcode","margin-left","0.7em"',
......@@ -680,13 +688,16 @@ class Cart extends Base {
$image = $mysqli->escape_string($_POST["image"]);
$short = $mysqli->escape_string($_POST["short"]);
$full = $mysqli->escape_string($_POST["full"]);
$weight = $mysqli->escape_string($_POST["weight"]);
$price = $mysqli->escape_string($_POST["price"]);
$variable = $mysqli->escape_string($_POST["variable"]);
$minimum = $mysqli->escape_string($_POST["minimum"]);
$weight = (float)$mysqli->escape_string($_POST["weight"]);
$weight = number_format($weight, 2, ".", "");
$price = (float)$mysqli->escape_string($_POST["price"]);
$price = number_format($price, 2, ".", "");
$variable = (int)$mysqli->escape_string($_POST["variable"]);
$minimum = (float)$mysqli->escape_string($_POST["minimum"]);
$minimum = number_format($minimum, 2, ".", "");
$download = $mysqli->escape_string($_POST["download"]);
$item_order = $mysqli->escape_string($_POST["itemOrder"]);
$available = $mysqli->escape_string($_POST["available"]);
$item_order = (int)$mysqli->escape_string($_POST["itemOrder"]);
$available = (int)$mysqli->escape_string($_POST["available"]);
$query = 'INSERT INTO cart_items VALUES ("'.$this->owner.'", "'.$name.'", '.
'"'.$image.'", "'.$short.'", "'.$full.'", '.$weight.', '.$price.', '.
$variable.', '.$minimum.', "'.$download.'", '.$item_order.', '.
......@@ -706,8 +717,8 @@ class Cart extends Base {
$mysqli = connect_db();
$email = $mysqli->escape_string($_POST["email"]);
$currency = $mysqli->escape_string($_POST["currency"]);
$credit = $mysqli->escape_string($_POST["credit"]);
$paypal = $mysqli->escape_string($_POST["paypal"]);
$credit = (int)$mysqli->escape_string($_POST["credit"]);
$paypal = (int)$mysqli->escape_string($_POST["paypal"]);
$key = $mysqli->escape_string($_POST["gatewayApiKey"]);
$password = $mysqli->escape_string($_POST["gatewayPassword"]);
$query = 'INSERT INTO cart_checkout VALUES ("'.$this->owner.'", '.
......@@ -737,12 +748,15 @@ class Cart extends Base {
private function SaveShipping() {
$mysqli = connect_db();
$type = $mysqli->escape_string($_POST["type"]);
$id = $mysqli->escape_string($_POST["id"]);
$id = (int)$mysqli->escape_string($_POST["id"]);
$destination_name = $mysqli->escape_string($_POST["destinationName"]);
$destination_code = $mysqli->escape_string($_POST["destinationCode"]);
$amount = $mysqli->escape_string($_POST["amount"]);
$minimum = $mysqli->escape_string($_POST["minimum"]);
$maximum = $mysqli->escape_string($_POST["maximum"]);
$amount = (float)$mysqli->escape_string($_POST["amount"]);
$amount = number_format($amount, 2, ".", "");
$minimum = (float)$mysqli->escape_string($_POST["minimum"]);
$minimum = number_format($minimum, 2, ".", "");
$maximum = (float)$mysqli->escape_string($_POST["maximum"]);
$maximum = number_format($maximum, 2, ".", "");
$rule = $mysqli->escape_string($_POST["rule"]);
$query = 'INSERT INTO cart_shipping VALUES ("'.$this->owner.'", '.$id.', '.
'"'.$type.'", "'.$destination_name.'", "'.$destination_code.'", '.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment