>> REQUEST_URI = " . $_SERVER['REQUEST_URI'], 0); tpcw_error("Error: \"" . $query . "\": " . $err); } pg_freeresult($res); } /* ---- * db_exec_select() * * Execute a SELECT statement, check for errors and return the result. * ---- */ function db_exec_select($query) { global $DB; if (!$DB) db_connect(); $res = @ db_tx_query($query); if (!$res) { $err = @ pg_errormessage($DB); @ pg_close($DB); error_log("Error: \"" . $query . "\": " . $err, 0); error_log(">>> REQUEST_URI = " . $_SERVER['REQUEST_URI'], 0); tpcw_error("Error: \"" . $query . "\": " . $err); } return ($res); } /* ---- * db_numrows() * * Return the number of result rows in a DB query result * ---- */ function db_numrows($res) { return (pg_numrows($res)); } /* ---- * db_fetch_row() * * Fetch the next result row from a DB query result * ---- */ function db_fetch_row($res) { return (pg_fetch_row($res)); } /* ---- * db_freeresult() * * Free all resources of a DB query result * ---- */ function db_freeresult($res) { return (pg_freeresult($res)); } /* ---- * db_promotional() * * Function to generate the HTML for the promotional thumbnail images * at the top of several TPC-W pages. The output is returned as string. * ---- */ function db_promotional($i_id) { $query = "select I2.i_id, I2.i_thumbnail " . "from tpcw_item I, tpcw_item I2 " . "where I.i_id = '$i_id' " . "and (I.i_related1 = I2.i_id " . " or I.i_related2 = I2.i_id " . " or I.i_related3 = I2.i_id " . " or I.i_related4 = I2.i_id " . " or I.i_related5 = I2.i_id)"; $res = db_exec_select($query); if (db_numrows($res) != 5) { tpcw_error("Query \"$query\" did not return 5 result rows"); } return($res); } /* ---- * db_home_customer_info() * * Function to lookup the customer first- and lastname for the * Home web interaction. * ---- */ function db_home_customer_info($c_id) { $query = "select c_fname, c_lname from tpcw_customer " . "where c_id = '" . addslashes($c_id) . "'; "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_get_uname() * * Function to lookup a customers C_UNAME in order_inquiry.php * ---- */ function db_get_uname($c_id) { $query = "select c_uname from tpcw_customer " . "where c_id = '" . addslashes($c_id) . "'; "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_get_passwd() * * Function to lookup a customers C_PASSWD in order_display.php * ---- */ function db_get_passwd($c_uname) { $query = "select c_passwd from tpcw_customer " . "where c_uname = '" . addslashes($c_uname) . "'; "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_search_result() * * Selection of the SearchResult item list according 2.11 * ---- */ function db_search_result($search_type, $search_string) { if (strcmp($search_type, "Author") == 0) { $query = "select i_id, i_title, a_fname, a_lname " . "from tpcw_item, tpcw_author " . "where i_a_id = a_id " . "and a_lname like '" . addslashes($search_string) . "%' " . "order by i_title limit 50; "; } elseif (strcmp($search_type, "Title") == 0) { $query = "select i_id, i_title, a_fname, a_lname " . "from tpcw_item, tpcw_author " . "where i_a_id = a_id " . "and (i_title like '" . addslashes($search_string) . "%' " . " or i_title like '% " . addslashes($search_string) . "%') " . "order by i_title limit 50; "; } elseif (strcmp($search_type, "Subject") == 0) { $query ="select i_id, i_title, a_fname, a_lname " . "from tpcw_item, tpcw_author " . "where i_a_id = a_id " . "and i_subject = '" . addslashes($search_string) . "' " . "order by i_title limit 50; "; } else { db_rollback_transaction(); db_disconnect(); tpcw_error("Unsupported search type " . $search_type); } return(db_exec_select($query)); } /* ---- * db_new_products() * * Selection of the NewProduct item list according 2.12 * ---- */ function db_new_products($subject) { $query = "select i_id, i_title, a_fname, a_lname, i_pub_date " . "from tpcw_item, tpcw_author " . "where i_a_id = a_id " . "and i_subject = '" . addslashes($subject) . "' " . "order by i_pub_date desc, i_title asc limit 50; "; return (db_exec_select($query)); } /* ---- * db_best_sellers() * * Selection of the BestSellers item list according 2.13 * ---- */ function db_best_sellers($subject) { /* * The real work is done in the stored procedure */ // $query = "select * from tpcw_bestsellers('" . // addslashes($subject) . // "') as (i_id bigint, i_title varchar, a_fname varchar, a_lname varchar);"; // Skip the stored procedure for now because TxCache has // trouble computing validity intervals for stored procedures // that return setof(record). $query = "select i_id, i_title, a_fname, a_lname from tpcw_order_line join tpcw_item on ol_i_id = i_id join tpcw_author on i_a_id = a_id where ol_o_id in (select o_id from tpcw_orders order by o_date desc limit 3333) and i_subject = '" . addslashes($subject) . "' group by i_id, i_title, a_fname, a_lname order by sum(ol_qty) desc limit 50"; return (db_exec_select($query)); } /* ---- * db_product_detail() * * Select the item information for the Product Detail page * ---- */ function db_product_detail($i_id) { $query = "select i_title, a_fname, a_lname, " . " i_pub_date, i_publisher, i_subject, i_desc, " . " i_image, i_cost, i_srp, i_avail, i_isbn, " . " i_page, i_backing, i_dimension, " . " i_srp - i_cost as you_save " . "from tpcw_item join tpcw_author on i_a_id = a_id " . "where i_id = '" . addslashes($i_id) . "';"; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_admin_request() * * Select the item information for the Admin Request page * ---- */ function db_admin_request($i_id) { $query = "select i_srp, i_cost, i_title, i_image, i_thumbnail, " . " a_fname, a_lname " . "from tpcw_item join tpcw_author on i_a_id = a_id " . "where i_id = '" . addslashes($i_id) . "';"; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_update_item() * * Implementation of TPC-W 2.16.3.3, Admin Confirm Web Interaction * ---- */ function db_update_item ($i_id, $new_cost, $new_image, $new_thumb) { /* * On PostgreSQL, all the legwork is done in a stored procedure. */ $query = "select * from tpcw_update_item(" . $i_id . ", " . $new_cost . ", " . $new_image . ", " . $new_thumb . ");"; db_exec_command($query); /* * Select the data required to display the result page */ $query = "select i_title, a_fname, a_lname, " . " i_pub_date, i_publisher, i_desc, i_image, " . " i_thumbnail, i_cost, i_srp, i_avail, i_isbn, " . " i_page, i_backing, i_dimension, " . " i_srp - i_cost as you_save " . "from tpcw_item join tpcw_author on i_a_id = a_id " . "where i_id = '" . addslashes($i_id) . "';"; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return $row; } /* ---- * db_order_display_hdr() * * Select the order head information for the Order Display page * ---- */ function db_order_display_hdr($c_uname) { $query = "select o_id, c_fname, c_lname, c_phone, c_email, " . " o_date, o_sub_total, o_tax, o_total, " . " o_ship_type, o_ship_date, o_status, " . " cx_type, cx_auth_id, " . " A1.addr_street1, A1.addr_street2, A1.addr_city, " . " A1.addr_state, A1.addr_zip, C1.co_name, " . " A2.addr_street1, A2.addr_street2, A2.addr_city, " . " A2.addr_state, A2.addr_zip, C2.co_name " . "from tpcw_customer, " . " (select * from tpcw_orders " . " where o_c_id = (select c_id from tpcw_customer where c_uname = '" . addslashes($c_uname) . "') " . " order by o_c_id desc, o_date desc, o_id desc " . " limit 1 " . " ) as O " . " left join tpcw_cc_xacts on o_id = cx_o_id " . " left join tpcw_address as A1 on o_bill_addr_id = A1.addr_id " . " left join tpcw_country as C1 on A1.addr_co_id = C1.co_id " . " left join tpcw_address as A2 on o_ship_addr_id = A2.addr_id " . " left join tpcw_country as C2 on A2.addr_co_id = C2.co_id " . "where c_id = o_c_id;"; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_order_display_lines() * * Select the order lines for the Order Display page * ---- */ function db_order_display_lines($o_id) { $query = "select ol_i_id, i_title, i_publisher, " . " i_cost, ol_qty, ol_discount, ol_comments " . "from tpcw_order_line join tpcw_item on ol_i_id = i_id " . "where ol_o_id = '" . $o_id . "' " . "order by ol_id;"; return(db_exec_select($query)); } /* ---- * db_shop_cart_get_customer() * * Get customer information for the Shopping Cart page * ---- */ function db_shop_cart_get_customer($c_id) { $query = "select c_fname, c_lname, c_discount from tpcw_customer " . "where c_id = '" . addslashes($c_id) . "'; "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_shop_cart_get_item() * * Get item information for the Shopping Cart page * ---- */ function db_shop_cart_get_item($i_id) { $query = "select i_cost, i_srp, i_title, i_backing from tpcw_item " . "where i_id = '" . addslashes($i_id) . "'; "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_shop_cart_get_promitem() * * Get promotional item information for the Shopping Cart page * ---- */ function db_shop_cart_get_promitem($i_id) { $query = "select IR.i_id, IR.i_cost, IR.i_srp, IR.i_title, IR.i_backing " . "from tpcw_item I, tpcw_item IR " . "where I.i_id = '" . addslashes($i_id) . "' " . "and I.i_related1 = IR.i_id; "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return($row); } /* ---- * db_store_address() * * Retrieve an address record, or store a new one if not found. * ---- */ function db_store_address ($street1, $street2, $city, $state, $zip, $country) { $query = "select * from tpcw_store_address (" . "'" . addslashes($street1) . "', " . "'" . addslashes($street2) . "', " . "'" . addslashes($city) . "', " . "'" . addslashes($state) . "', " . "'" . addslashes($zip) . "', " . "'" . addslashes($country) . "') " . "as (addr_id bigint, co_id integer); "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return ($row); } /* ---- * db_buy_get_customer() * * Select customer information for the BuyRequest page * ---- */ function db_buy_get_customer ($uname) { $query = "select c_id, c_passwd, " . "c_fname, c_lname, c_addr_id, " . "addr_street1, addr_street2, addr_city, " . "addr_state, addr_zip, co_id, co_name, " . "c_phone, c_email, c_birthdate, " . "c_discount, c_data " . "from tpcw_customer " . " join tpcw_address on addr_id = c_addr_id " . " join tpcw_country on addr_co_id = co_id " . "where c_uname = '" . addslashes($uname) . "' " . "for update of tpcw_customer; "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); if (!$row) { db_rollback_transaction(); db_disconnect(); tpcw_error("Invalid username or password!"); } $c_id = $row[0]; // XXX Since these are the only two fields in tpcw_customer that // change, we should divide the customer table into two tables to make // the immutable columns more cachable. $query = "update tpcw_customer " . "set c_login = CURRENT_TIMESTAMP, " . " c_expiration = CURRENT_TIMESTAMP + cast('2 hours' as interval) " . "where c_id = '" . $c_id . "'; "; db_exec_command($query); return ($row); } /* ---- * db_buy_new_customer() * * Create a new customer for the BuyRequest page * ---- */ function db_buy_new_customer () { global $vars, $c_id, $c_uname, $c_passwd, $c_fname, $c_lname, $c_addr_id, $addr_street1, $addr_street2, $addr_city, $addr_state, $addr_zip, $co_id, $co_name, $c_phone, $c_email, $c_birthdate, $c_discount, $c_data; $query = "select nextval('tpcw_c_id_seq'); "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); $c_id = $row[0]; $c_uname = tpcw_DigSyl($c_id, 0); $c_passwd = strtolower($c_uname); $c_fname = $vars['FNAME']; $c_lname = $vars['LNAME']; $c_fname = $vars['FNAME']; $addr_street1 = $vars['STREET1']; $addr_street2 = $vars['STREET2']; $addr_city = $vars['CITY']; $addr_state = $vars['STATE']; $addr_zip = $vars['ZIP']; $co_name = $vars['COUNTRY']; $c_phone = $vars['PHONE']; $c_email = $vars['EMAIL']; $c_birthdate = date("Y-m-d"); $c_discount = sprintf("%.2f", ((double)tpcw_rand(0, 50)) / 100.0); $c_data = $vars['DATA']; $query = "select * from tpcw_new_customer(" . "'" . $c_id . "', " . "'" . addslashes($c_uname) . "', " . "'" . addslashes($c_passwd) . "', " . "'" . addslashes($c_fname) . "', " . "'" . addslashes($c_lname) . "', " . "'" . addslashes($addr_street1) . "', " . "'" . addslashes($addr_street2) . "', " . "'" . addslashes($addr_city) . "', " . "'" . addslashes($addr_state) . "', " . "'" . addslashes($addr_zip) . "', " . "'" . addslashes($co_name) . "', " . "'" . addslashes($c_phone) . "', " . "'" . addslashes($c_email) . "', " . "'" . addslashes($c_discount) . "', " . "'" . addslashes($c_birthdate) . "', " . "'" . addslashes($c_data) . "') " . "as (addr_id bigint, co_id integer); "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); $c_addr_id = $row[0]; $co_id = $row[1]; } /* ---- * db_new_order() * * Create a new ORDER * ---- */ function db_new_order($o_c_id, $o_sub_total, $o_tax, $o_total, $o_ship_type, $o_ship_date, $o_bill_addr_id, $o_ship_addr_id) { $query = "insert into tpcw_orders (" . " o_id, o_c_id, o_date, o_sub_total, " . " o_tax, o_total, o_ship_type, o_ship_date, " . " o_bill_addr_id, o_ship_addr_id, o_status " . ") values (" . "nextval('tpcw_o_id_seq'), " . "'" . addslashes($o_c_id) . "', " . "CURRENT_DATE, " . "'" . addslashes($o_sub_total) . "', " . "'" . addslashes($o_tax) . "', " . "'" . addslashes($o_total) . "', " . "'" . addslashes($o_ship_type) . "', " . "'" . addslashes($o_ship_date) . "', " . "'" . addslashes($o_bill_addr_id) . "', " . "'" . addslashes($o_ship_addr_id) . "', " . "'PENDING'); " . "select currval('tpcw_o_id_seq'); "; $res = db_exec_select($query); $row = db_fetch_row($res); db_freeresult($res); return ($row[0]); } /* ---- * db_store_order_line() * * Add an order line to the order. This includes adjusting * I_STOCK in the ordered item. * ---- */ function db_store_order_line($ol_id, $ol_o_id, $ol_i_id, $ol_qty, $ol_discount, $ol_comments) { $query = "select tpcw_store_order_line(" . "'" . addslashes($ol_id) . "', " . "'" . addslashes($ol_o_id) . "', " . "'" . addslashes($ol_i_id) . "', " . "'" . addslashes($ol_qty) . "', " . "'" . addslashes($ol_discount) . "', " . "'" . addslashes($ol_comments) . "'); "; db_exec_command($query); } /* ---- * db_store_cc_xact() * * Store Credit Card Authorization information * ---- */ function db_store_cc_xact($cx_o_id, $cx_type, $cx_cc_num, $cx_cc_name, $cx_expiration, $cx_auth_id, $cx_xact_amt, $cx_xact_date, $cx_co_id) { $query = "insert into tpcw_cc_xacts (" . " cx_o_id, cx_type, cx_cc_num, cx_cc_name, " . " cx_expiry, cx_auth_id, cx_xact_amt, cx_xact_date, " . " cx_co_id" . ") values (" . "'" . addslashes($cx_o_id) . "', " . "'" . addslashes($cx_type) . "', " . "'" . addslashes($cx_cc_num) . "', " . "'" . addslashes($cx_cc_name) . "', " . "'" . addslashes($cx_expiration) . "', " . "'" . addslashes($cx_auth_id) . "', " . "'" . addslashes($cx_xact_amt) . "', " . "'" . addslashes($cx_xact_date) . "', " . "'" . addslashes($cx_co_id) . "'); "; db_exec_command($query); } if (TXCACHE) { function wrap() { global $TX; $args = func_get_args(); array_unshift($args, $TX); return call_user_func_array('txcache_wrap', $args); } } else { function wrap() { $args = func_get_args(); return call_user_func_array('call_user_func', $args); } } ?>