ItemID Item Name Owner Quantity Reoccuring Purchased Action '; // run the query, we're putting the things that aren't purchased at the top $query = mysql_query("select * from thelist order by purchased asc"); // loop all the records while($row = mysql_fetch_assoc($query)){ $output .= ''; $output .= '' . $row['itemid'] .''; $output .= '' . $row['name'] . ''; $output .= ''; // if this field is empty, its not for anyone specific if(empty($row['owner'])){ $output .= "Everyone"; }else{ $output .= $row['owner']; } $output .= ''; $output .= '' . $row['quantity'] .''; $output .= ''; if($row['reoccuring'] == 1){ $output .= "yes"; }else{ $output .= "no"; } $output .= ''; $output .= ''; if($row['purchased'] == 1){ $output .= "yes"; }else{ $output .= "no"; } $output .= ''; $output .= 'Edit - '; // need to add slashes as we're dealing with javascript here $output .= 'Delete'; $output .= ''; } $output .= ''; return $output; } function DeleteItem(){ // in the query we convert it to an integer to prevent any injection if(mysql_query("delete from thelist where itemid='".(int)$_GET['itemid']."'")){ $output = 'Item deleted successfully!

'; }else{ $output = 'An Error Occurred: ' . mysql_error() . '

'; } // show the list $output .= ShowList(); return $output; } function ManageItem(){ if(isset($_GET['itemid'])){ // if we're editing we need to grab the stuff from the database // convert to integer (if its not a number it'll become zero $itemid= (int)$_GET['itemid']; $query = mysql_query("select * from thelist where itemid='" . $itemid . "' limit 1"); $row = mysql_fetch_assoc($query); }else{ // set up blank array $row['itemid'] = ''; $row['name'] = ''; $row['purchased'] = ''; $row['owner'] = ''; $row['reoccuring'] = ''; $row['quantity'] = ''; } // we have lots of HTML here, so we're breaking out of PHP, but we need to stop it outputting // so we'll use output buffering and capture the result ob_start(); ?> Item updated successfully!

'; }else{ $output = 'An Error Occurred: ' . mysql_error() . '

'; } }else{ // we are adding // we are updating // using our custom db escape function $query = "insert into `thelist` (`name`,`owner`,`quantity`,`reoccuring`,`purchased`) values "; $query .= "('".db_escape($_POST['name'])."','".db_escape($_POST['owner'])."','".(int)$_POST['quantity']."'"; if($_POST['reoccuring'] == 'yes'){ $query .= "'1', "; }else{ $query .= "'0', "; } if($_POST['purchased'] == 'yes'){ $query .= "'1' "; }else{ $query .= "'0' "; } $query .= " limit 1"; if(mysql_query($query)){ $output = 'Item added successfully!

'; }else{ $output = 'An Error Occurred: ' . mysql_error() . '

'; } } // show the list $output .= ShowList(); return $output; } function PrintList(){ // this is a printer version, so we cna just echo it straight out $q = mysql_query("select * from thelist where purchased=0 order by owner asc"); echo ""; while($row = mysql_fetch_assoc($q)){ echo ""; echo ""; } echo "

"; echo $row['quantity'] . " x"; echo "

"; echo $row['name']; if(!empty($row['owner'])){ echo " for ".$row['owner']; } echo "

"; die(); } function db_escape($string){ if(function_exists('mysql_real_escape_string')){ return mysql_real_escape_string($string); }else{ return mysql_escape_string($string); } } ?> The Interspire Shopping List

The Shopping List -

List Home | Add Item | Printer Version

Item Name:
For someone specific? (leave blank if not)
Quantity:
Reoccuring?	>
Purchased already?	>