shop/pro.php at master · 88Group/shop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
$con=mysqli_connect("us-cdbr-iron-east-04.cleardb.net","b966a2a16a969f","01d02abd","heroku_0b7502a16e114a3");

// Check connection
if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error(); }
	else
	{
	if(isset($_POST['sub']) && isset($_POST['pro']) && isset($_POST['br']))
		{
		$type = mysqli_real_escape_string($con,$_POST['pro']);
		$sDate = mysqli_real_escape_string($con,$_POST['sDate']);
		$eDate = mysqli_real_escape_string($con,$_POST['eDate']);
		if(isset($_POST['per']))
			{
			$per = mysqli_real_escape_string($con,$_POST['per']);
			$pri = 0;
			}
		else if(isset($_POST['pri']))
			{
			$per = 0;
			$pri = mysqli_real_escape_string($con,$_POST['pri']);
			}
		else
			{
				$per = 0;
				$pri = 0;
			}
		$brandCleaned = [];
		foreach( $_POST['br'] as $val )
	    $brandCleaned[] = mysqli_real_escape_string( $con, $val );
		for ($i=0; $i < count($brandCleaned); $i++)
			{
			$brnd = $brandCleaned[$i];
			$sql = "INSERT INTO promotion (proID,percent,value,sDate,eDate,brand) VALUES ('$type','$per','$pri','$sDate','$eDate','$brnd')";
			$res = mysqli_query($con,$sql);
		if (!$res)
			{
			die('Error: ' . mysqli_error($con));
	 		}
			}
		}
	else
	{
		?><script>
			alert("Please complete the form");
			history.go(-1);
		</script>"
		<?php
	}


	}

mysqli_close($con);
 ?>