/
order.cgi
executable file
·109 lines (89 loc) · 2.54 KB
/
order.cgi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/opt/csw/bin/perl
use CGI::Carp qw(fatalsToBrowser);
use warnings;
#use CGI ':standard';
use strict;
use CGI qw/:standard :html3/;
use DBI;
#use POSIX qw(strftime);
#use Class::Struct;
print "Content-type: text/html\n\n";
#definition of variables needed
my($paytype,$cardnum,$isbn,$quan,$custid);
my $dbh;
my $db="sulliv49";
my $user="sulliv49";
my $password="redcreed2";
my $host="localhost";
my $socket="/tmp/mysql-51.sock";
my $obj = new CGI;
$paytype= $obj->param("payType");
$cardnum= $obj->param("cardNum");
$isbn= $obj->param("ISBN");
$custid= $obj->param("custID");
$quan= $obj->param("quan");
#connect to the MySQL database
$dbh = DBI->connect
("DBI:mysql:database=$db:host=$host:mysql_socket=$socket",
$user,
$password)
or die "Can't connect to
database:$DBI::errstr\n";
#check that the isbn is valid
my $sql = "SELECT isbn from book where isbn = '$isbn'";
my $sth= $dbh->prepare($sql);
my $rows= $sth->execute();
if($rows < 1)
{
print "ISBN not found.\n"
}
else
{
#check to make sure there is enough of a given book left in the
#database
my $sql = "SELECT stock from book where ISBN = '$isbn'";
my $sth= $dbh->prepare($sql);
my $rows= $sth->execute();
my @stock = $sth->fetchrow();
if($stock[0] >= $quan)
{
#get today's date
#get the localtime for the date
my($sec,$min,$hour,$mday,$mon,$year,$wday,$wday,$yday,$isdst) = localtime;
my $curYear= $year + 1900;
my $yearString= "";
$yearString .= $curYear .= "-";
$mon = $mon + 1;
if($mon < 9)
{
$yearString .= "0";
}
$yearString .= $mon .= "-";
if($mday < 10)
{
$yearString .= "0";
}
$yearString .= $mday;
$sql = "INSERT INTO orders VALUES(default,'$paytype','$cardnum', '$yearString','Placed','$custid')";
my $sth = $dbh->prepare($sql);
$sth->execute();
$sql = "SELECT MAX(OID) from orders";
$sth = $dbh->prepare($sql);
$sth->execute();
my @result = $sth->fetchrow_array();
$sql = "INSERT INTO contain VALUES($result[0],'$isbn','$quan')";
$sth = $dbh->prepare($sql);
$sth->execute();
#update the amount of stock left in the book
my $newStock = $stock[0] - $quan;
$sql = "Update book SET stock = '$newStock' where ISBN = '$isbn';";
$sth = $dbh->prepare($sql);
$sth->execute();
print "Your order has been successfully placed.\n";
}
else
{
print "Sorry, we don't have enough books left in stock\n";
}
}
$sth->finish();