-
+
+
-
+
-
-
-
-
-
+
+
+
+
+
-
-
-
-
-
\ No newline at end of file
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/home.php b/home.php
index 27f9550..1faed47 100644
--- a/home.php
+++ b/home.php
@@ -17,7 +17,9 @@ include_once('parameters.php');
');
include_once('form.php');
+ echo('');
?>
@@ -34,22 +36,18 @@ include_once('parameters.php');
$productCategory = $_POST['category'];
$minProductPrice = $_POST['minPrice'];
$maxProductPrice = $_POST['maxPrice'];
-
- // echo ($productName . $productInfo . $productCategory . $minProductPrice . $maxProductPrice);
+ $productOrder = $_POST['order'];
$sqlString = "SELECT bp_product_id, bp_product_name, bp_product_price, bp_product_img_01 FROM bp_products WHERE 22=22";
- if (!empty($_POST['search'])) $sqlString .= " AND (bp_product_name LIKE '$productName' OR bp_product_info LIKE '$productInfo')";
+ if (!empty($_POST['search'])) $sqlString .= " AND (bp_product_name LIKE '%$productName%' OR bp_product_info LIKE '%$productInfo%')";
if ($productCategory != "empty") $sqlString .= " AND bp_product_category = $productCategory";
if ($minProductPrice != "empty") $sqlString .= " AND bp_product_price >= $minProductPrice";
if ($maxProductPrice != "empty") $sqlString .= " AND bp_product_price <= $maxProductPrice";
-
- echo $sqlString;
+ if ($productOrder != "asc") $sqlString .= " ORDER BY bp_product_name DESC";
$sql = $con->prepare($sqlString);
- // $sql->bind_param("ssidd", $productName, $productInfo, $productCategory, $minProductPrice, $maxProductPrice);
-
} else {
$sql = $con->prepare("SELECT bp_product_id, bp_product_name, bp_product_price, bp_product_img_01 FROM bp_products");
diff --git a/my-products.php b/my-products.php
index 1f7bb14..8703597 100644
--- a/my-products.php
+++ b/my-products.php
@@ -36,7 +36,9 @@ $username = $_SESSION['username'];
');
include_once('form.php');
+ echo('');
?>
@@ -48,28 +50,23 @@ $username = $_SESSION['username'];
if (!empty($_POST)) {
- $productName = isset($_POST['search']) ? "%" . $_POST['search'] . "%" : "%%";
- $productInfo = isset($_POST['search']) ? "%" . $_POST['search'] . "%" : "%%";
- $productCategory = ($_POST['category'] != "empty") ? $_POST['category'] : "%";
- $minProductPrice = ($_POST['minPrice'] != "empty") ? $_POST['minPrice'] : 0;
- $maxProductPrice = ($_POST['maxPrice'] != "empty") ? $_POST['maxPrice'] : 999999999999999999;
+ $productName = $_POST['search'];
+ $productInfo = $_POST['search'];
+ $productCategory = $_POST['category'];
+ $minProductPrice = $_POST['minPrice'];
+ $maxProductPrice = $_POST['maxPrice'];
- echo ($productName . $productInfo . $productCategory . $minProductPrice . $maxProductPrice);
-
-
- $sqlString = "SELECT bp_product_id, bp_product_name, bp_product_price, bp_product_img_01 FROM bp_products";
- $sqlString .= " WHERE (bp_product_name LIKE ? OR bp_product_info LIKE ?)";
- $sqlString .= " AND bp_product_category = ?";
- $sqlString .= " AND (bp_product_price >= ? AND bp_product_price <= ?);";
-
- $sql = $con->prepare($sqlString);
- $sql->bind_param("ssidd", $productName, $productInfo, $productCategory, $minProductPrice, $maxProductPrice);
+ $sqlString = "SELECT bp_product_id, bp_product_name, bp_product_price, bp_product_img_01 FROM bp_products WHERE bp_product_owner = $userid";
+ if (!empty($_POST['search'])) $sqlString .= " AND (bp_product_name LIKE '%$productName%' OR bp_product_info LIKE '%$productInfo%')";
+ if ($productCategory != "empty") $sqlString .= " AND bp_product_category = $productCategory";
+ if ($minProductPrice != "empty") $sqlString .= " AND bp_product_price >= $minProductPrice";
+ if ($maxProductPrice != "empty") $sqlString .= " AND bp_product_price <= $maxProductPrice";
+ $sql = $con->prepare($sqlString);
} else {
- $sqlString = "SELECT bp_product_id, bp_product_name, bp_product_price, bp_product_img_01 FROM bp_products WHERE bp_product_owner = ?";
- $sql = $con->prepare($sqlString);
- $sql->bind_param("i", $userid);
+ $sqlString = "SELECT bp_product_id, bp_product_name, bp_product_price, bp_product_img_01 FROM bp_products WHERE bp_product_owner = $userid";
+ $sql = $con->prepare($sqlString);
}
$sql->execute();