<?php
// This is the registration page for the site.
// Set the page title and include the HTML header.
$page_title = 'Books';
include('includes/header_customer.html');
if (isset($_POST['submit'])) { // Handle the form.
// Register the user in the database.
require_once ('./mysql_connect.php'); // Connect to the db.
// Create a function for escaping the data.
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
} // End of function.
$message = NULL; // Create an empty new variable.
// Check for a category id.
if (empty($_POST['category_id'])) {
$ci = FALSE;
$message .= '<p>You forgot to enter category id!</p>';
} else {
$ci = escape_data($_POST['category_id']);
}
// Check for a product id.
if (empty($_POST['product_id'])) {
$pi = FALSE;
$message .= '<p>You forgot to enter product id!</p>';
} else {
$pi = escape_data($_POST['product_id']);
}
// Check for a price.
if (empty($_POST['price'])) {
$p = FALSE;
$message .= '<p>You forgot to enter price!</p>';
} else {
$p = escape_data($_POST['price']);
}
// Check for a description.
if (empty($_POST['description'])) {
$desc = FALSE;
$message .= '<p>You forgot to enter product description!</p>';
} else {
$desc = escape_data($_POST['description']);
}
// Check for a image.
if (empty($_POST['image'])) {
$img = FALSE;
$message .= '<p>You forgot to enter image!</p>';
} else {
$img = escape_data($_POST['image]);
}
// Check for a title.
//error here --> if (empty($POST['btitle'])) {
$te = FALSE;
$message .= '<p>You forgot to enter title!</p>';
} else {
$te = escape_data($POST['btitle']);
}
// Check for a author's first name.
if (empty($_POST['author_first'])) {
$af = FALSE;
$message .= '<p>You forgot to enter author first name!</p>';
} else {
$af = escape_data($_POST['author_first']);
}
// Check for the author's last name.
if (empty($_POST['author_last'])) {
$al = FALSE;
$message .= '<p>You forgot to enter last name!</p>';
} else {
$al = escape_data($_POST['author_last']);
}
if ( $ci && $pi && $p && $desc && $img && $te && $af && $al ) { // If everything's OK.
// Add the book.
$query = "INSERT INTO product (category_id, product_id, price, description, image, title author_first, author_middle, author_last) VALUES ('$ci, $pi, $p, $desc, $img, $te, $af, $al, NOW() )";
$result = @mysql_query ($query); // Run the query.
mysql_close(); // Close the database connection.
} else { // If it did not run OK.
$message = '<p>Please try again.</p>';
}
} // End of the main Submit conditional.
// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>"method="post">
<fieldset><legend>Enter book information in the form below:</legend>
<table>
<tr><td align= left>
<p><b>Category ID:</b></td> <td align= left> <input type="integer" name="category_id" size="10" maxlength="4" value="<?php if (isset($POST['category_id'])) echo $POST['category_id']; ?>" /></p>
</td></tr>
<tr><td align= left>
<p><b>Product ID:</b></td> <td align= left> <input type="integer" name="product_id" size="10" maxlength="3" value="<?php if (isset($POST['product_id'])) echo $POST['product_id']; ?>" /></p>
</td></tr>
<tr><td align= left>
<p><b>Price:</b></td> <td align= left> <input type="decimal" name="price" size="10" maxlength="8" value="<?php if (isset($POST['price'])) echo $POST['price']; ?>" /></p>
</td></tr>
<tr><td align= left>
<p><b>Description:</b></td> <td align= left> <input type="text" name="description" size="10" maxlength="255" value="<?php if (isset($POST['description'])) echo $POST['description']; ?>" /></p>
</td></tr>
<tr><td align= left>
<p><b>Image:</b></td> <td align= left> <input type="blob" name="image" size="10" maxlength="10" value="<?php if (isset($POST['image'])) echo $POST['image']; ?>" /></p>
</td></tr>
<tr><td align= left>
<p><b>Title:</b></td> <td align= left> <input type="text" name="btitle" size="10" maxlength="10" value="<?php if (isset($POST['btitle'])) echo $POST['btitle']; ?>" /></p>
</td></tr>
<tr><td>
<p><b>Author's First Name:</b></td> <td align= left> <input type="text" name="author_first" size="10" maxlength="10" value="<?php if (isset($POST['author_first'])) echo $POST['author_first']; ?>" /></p>
</td>
<td>
<p><b>Author's Last Name:</b></td> <td align= left> <input type="text" name="author_last" size="10" maxlength="10" value="<?php if (isset($POST['author_last'])) echo $POST['author_last']; ?>" /></p>
</td></td></table>
</fieldset>
<div align="center"><input type="submit" name="submit" value="SUBMIT" /></div>
</form><!-- End of Form -->
<?php
include ('includes/footer_home.html');
?>
