/
new-book.php
40 lines (37 loc) · 1.2 KB
/
new-book.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
require "session_expire.php";
require "scripts/database.php";
$json_string = json_decode(file_get_contents('php://input'), true);
if ($json_string) {
$db = getDBConnection();
// Check to see if user already owns this book
$checkQuery = sprintf("
SELECT * FROM books WHERE `owner-id`='%s' AND isbn='%s'
",
$_SESSION['id'],
mysqli_real_escape_string($db, $json_string['ISBN']));
// $checkResult = mysqli_fetch_assoc(makeQuery($db, $checkQuery));
$checkResult = mysqli_fetch_assoc(makeQuery($db, $checkQuery));
// If result isn't empty, abort script and send response
if (!is_null($checkResult)) {
exit('owned');
}
$db = getDBConnection();
$query = sprintf("
INSERT INTO books (isbn, `owner-id`, name, author, picture) VALUES ('%s', '%s', '%s', '%s', '%s')
",
mysqli_real_escape_string($db, $json_string['ISBN']),
mysqli_real_escape_string($db, $_SESSION['id']),
mysqli_real_escape_string($db, $json_string['name']),
mysqli_real_escape_string($db, $json_string['authors']),
mysqli_real_escape_string($db, $json_string['picture']));
if (makeQuery($db, $query)) {
exit('true');
}
else {
exit(mysqli_error($db));
}
}
else {
exit('false');
}