BookStore/book.php at master · deedlehof/BookStore · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<?php
include_once 'header.php';
include_once 'includes/dbh-inc.php';

//the bid of the selected book is passed as a variable in the url
//get the book corresponding to that bid

if(isset($_GET['bid'])){
    $id = (int)mysqli_real_escape_string($connection, $_GET['bid']);

    $query = "SELECT * FROM books WHERE books.id = '$id'";
    $result = mysqli_query($connection, $query);
    $resultCheck = mysqli_num_rows($result);

    if($resultCheck > 0) {
        $book = mysqli_fetch_assoc($result);
    } else {
        header("Location: index.php?bid=error");
        exit();
    }

    //get the average rating for the book
    $ratingQuery = "SELECT AVG(rating) AS avgRating FROM user_reviews WHERE bid = '$id'";
    $ratingResult = mysqli_query($connection, $ratingQuery);
    $ratingCheck = mysqli_num_rows($ratingResult);
    if($ratingCheck > 0){
        $avgRating = mysqli_fetch_assoc($ratingResult);
    }

    //get all the reviews for this book
    $reviewsQuery = "SELECT uid, rating, comments FROM user_reviews WHERE bid = '$id'";
    $reviewsResult = mysqli_query($connection, $reviewsQuery);
    $reviewsCheck = mysqli_num_rows($reviewsResult);

} else {
    header("Location: index.php?bid=error");
    exit();
}

//add comment
//if the user is logged in then add comment
if (isset($_POST['review']) && isset($_SESSION['email'])){

    $subRating = (int)mysqli_real_escape_string($connection, $_POST['rating']);
    $subComment = mysqli_real_escape_string($connection, $_POST['comments']);

    //check that rating is within range
    if(!(0 < $subRating && $subRating <= 5)){
        header("Location: index.php?rating=error");
        exit();
    }

    //get the user
    $email = $_SESSION['email'];
    $sql = "SELECT * FROM user WHERE email='$email'";
    $result = mysqli_query($connection, $sql);
    $resultCheck = mysqli_num_rows($result);

    //if no results then exit
    if($resultCheck < 1){
        header("Location: book.php?user=error");
        exit();
    }
    $user = mysqli_fetch_assoc($result);
    $userID = $user['id'];

    $insertComment = "INSERT INTO user_reviews (uid, bid, rating, comments)
                      VALUES ('$userID', '$id', '$subRating', '$subComment')";

    mysqli_query($connection, $insertComment);

    header("Location: book.php?bid=" . $id);
    exit();
}

//add to cart
if (isset($_POST['order']) && isset($_SESSION['email'])){
    $orderAmt = (int)mysqli_real_escape_string($connection, $_POST['bAmount']);

    //force order amount into bounds
    if($orderAmt < 1){
        $orderAmt = 1;
    } else if ($orderAmt > $book['quantity']){
        $orderAmt = $book['quantity'];
    }

    //store the order amount into the books array
    $book['orderAmt'] = $orderAmt;
    //store the book that was ordered into session under order tag
    $_SESSION['order'][] = $book;
}
?>

<section class="books-container">
    <div class="books-wrapper">
        <?php
        echo '  <h1>' . $book['name'] . '</h1>
                <p>by ' . $book['author'] . '</p>
                <p>' . $book['price'] . '</p>
                <p>' . $book['quantity'] . '</p>
                <p>' . $book['ISBN'] . '</p>
                <p>' . $book['language'] . '</p>
                <p>' . $book['published'] . '</p>
                <p>' . $book['publisher'] . '</p>
                <p>' . $book['subject'] . '</p>
                <p>' . $book['summary'] . '</p>
                <p>Average Rating: ' . round($avgRating['avgRating'], 1) . '/5</p>
        '
        ?>
        <form class="add-cart-form" action="book.php?bid=<?php echo $id?>" method="post">
            <input type="number" name="bAmount" value="1">
            <button type="submit" name="order">Add to Cart</button>
        </form>
    </div>

    <hr>

    <div class="comment-wrapper">
        <h3>Reviews</h3>
        <form class="review-form" action="book.php?bid=<?php echo $id?>" method="post">
            <input type="number" min="1" max="5" name="rating">
            <label for="rating">/5</label> <br>
            <textarea name="comments" placeholder="Comments" maxlength="256" rows="4" cols="50"></textarea> <br>
            <button type="submit" name="review">Submit</button>
        </form>
    </div>

    <hr>

    <div class="reviews-wrapper">
        <ul>
            <?php
                if($reviewsCheck > 0){
                    while ($review = mysqli_fetch_assoc($reviewsResult)){

                        //get reviewers name
                        $reviewerID = $review['uid'];
                        $userNameQuery = "SELECT fname, lname FROM user WHERE id = '$reviewerID'";
                        $userNameResult = mysqli_query($connection, $userNameQuery);

                        if(mysqli_num_rows($userNameResult) > 0) {

                            $userName = mysqli_fetch_assoc($userNameResult);

                            echo
                                '<li>
                                    <p>' . $userName['fname'] . ' ' . $userName['lname'] .'</p>
                                    <p>' . $review['rating'] . '/5</p>
                                    <p>' . $review['comments'] . '</p> <br>
                                </li>';
                        }
                    }
                }
            ?>
        </ul>
    </div>
</section>


<?php
include_once 'footer.php';
?>