Example 10-3. The customer.3 customer receipt page
<?php // This script shows the user a receipt for their customer // UPDATE or INSERT. // It carries out no database actions and can be // bookmarked. The user must be logged in to view it. include 'include.inc'; set_error_handler("errorHandler"); // Show the user a customer INSERT or UPDATE receipt function show_HTML_receipt($custID, $connection) { $query = "SELECT * FROM customer WHERE cust_id = $custID"; if (!($result = @ mysql_query ($query, $connection))) showerror( ); // There is only one matching row $row = @ mysql_fetch_array($result); echo "\n<h1>Account details for " . "<font color=\"red\">" . $row["email"] . "</font></h1>\n"; echo "<p><i>Please record your password " . "somewhere safe for future use</i>\n"; echo "<p>Your shipping and billing details are " . "as follows:\n<br><b> " . $row["title"] . " " . $row["firstname"] . " " . $row["initial"] . " " . $row["surname"] . "\n<br>" . $row["addressline1"] . "\n"; if ($row["addressline2"] != "") echo "\n<br>" . $row["addressline2"]; if ($row["addressline3"] != "") echo "\n<br>" . $row["addressline3"]; echo "\n<br>" . $row["city"] . " " . $row["state"] . " " . $row["zipcode"] . "\n<br>" . $row["country"] . "</b><br>\n"; if ($row["phone"] != "") echo "\n<br><b>Telephone: " . $row["phone"] . "</b>"; if ($row["fax"] != "") echo "\n<br><b>Fax: " . $row["fax"] . "</b>"; $row["dob"] = substr($row["birth_date"], 8, 2) . "/" . substr($row["birth_date"], 5, 2) . "/" . substr($row["birth_date"], 0, 4); echo "\n<br><b>Date of Birth: " . $row["dob"] . "</b>\n<br>"; } // Main ---------- // Re-establish the existing session session_start( ); // Check if the user is logged in - this should never // fail unless the script is run incorrectly if (!session_is_registered("loginUsername")) { session_register("message"); $message = "You must login to view your " . "customer receipt."; header("Location: example.cart.1.php"); exit; } // Check the correct parameters have been passed if (!isset($custID)) { session_register("message"); $message = "Incorrect parameters to " . "example.customer.3.php"; // Redirect the browser back to the calling page, // using the HTTP response header "Location:" // and the PHP environment variable $HTTP_REFERER header("Location: $HTTP_REFERER"); exit; } // Check this customer matches the custID if ($custID != getCustomerID($loginUsername, NULL)) { session_register("message"); $message = "You can only view your own " . "customer receipt!"; $custID = getCustomerID($loginUsername, NULL); } // Open a connection to the DBMS if (!($connection = @ mysql_pconnect($hostName, $username, $password))) showerror( ); if (!mysql_select_db($databaseName, $connection)) showerror( ); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd"> <html> <head> <title>Alexa and Dave's Online Wines</title> </head> <body bgcolor="white"> <?php // Show the user login status showLogin( ); // Show the user any messages showMessage( ); // Show the customer confirmation show_HTML_receipt($custID, $connection); // Show buttons echo "<form action=\"example.cart.5.php\"" . " method=\"GET\">"; echo "<table>"; echo "<td><input type=\"submit\" name=\"home\"" . " value=\"Home\"></td>"; ?> </table> </form> <br><a href="http://validator.w3.org/check/referer"><img src="http://www.w3.org/Icons/valid-html401" height="31" width="88" align="right" border="0" alt="Valid HTML 4.01!"></a> </body> </html>
by
updated