} upon success add/delete * - { "warning" : } if qty is passed as value greater than that * in the user's cart for a delete request. * * Error responses: * 400 error if missing required POST parameters, or if something goes wrong with the * database during request processing. */ include("common.php"); if (isset($_POST["mode"]) && isset($_POST["pid"]) && isset($_POST["qty"])) { $mode = strtolower($_POST["mode"]); if ($mode === "add" || $mode === "delete") { update_cart($_POST["pid"], $_POST["qty"], $_POST["mode"]); } else { handle_error("Mode parameter must be passed as 'add' or 'delete'"); } } else { handle_error("Missing required 'mode', 'pid', and 'qty' POST parameters."); } /** * Updates the product with the given $pid and requested $qty based on $mode. * Outputs JSON response depending on successful request, or 400 plain text error * if something went wrong during add/delete request. * * @param $pid {string} - product id * @param $qty {string} - qty of product to add to cart * @param $mode {string} - mode for adding/deleting qty of product from MyCart */ function update_cart($pid, $qty, $mode) { try { $db = get_PDO(); # careful with unnecessary queries - here we need two since we first check # if the pid exists in Inventory, and then to get data for the pid in MyCart $name = get_product_name($db, $pid); if ($mode === "add") { $result = add_product_to_cart($db, $pid, $qty, $name); } else { # $mode === "delete" $result = delete_product_from_cart($db, $pid, $qty, $name); } header("Content-type: application/json"); echo json_encode($result); } catch (PDOException $ex) { handle_error("Error adding product into database. Please try again later."); } } /** * Adds $qty of product in MyCart having given $pid to MyCart. * @param $db {PDO} - PDO object connected to bmstore db * @param $pid {string} - product id * @param $qty {string} - qty of product to add to cart * @param $name {string} - product name for success message * @returns {Array} with { "success" : } upon success. */ function add_product_to_cart($db, $pid, $qty, $name) { $cart_row = get_cart_row($db, $pid); $cart_qty = $qty; if ($cart_row) { $cart_qty += $cart_row["qty"]; $qry = "UPDATE MyCart SET qty=:qty, lastupdated=NOW() WHERE pid=:pid"; } else { # No product found with the given $pid $qry = "INSERT INTO MyCart (pid, qty, lastupdated) VALUES(:pid, :qty, NOW())"; } $stmt = $db->prepare($qry); $params = array("qty" => $cart_qty, "pid" => $pid); $stmt->execute($params); return array("success" => "{$qty} of {$name} added to your shopping cart!"); } /** * Deletes $qty of product in MyCart having given $pid, if found in MyCart. * If $qty >= current qty of product in MyCart, removes the product from cart. * If $pid not found in MyCart, outputs 400 plain text error message. * * @param $db {PDO} - PDO object connected to bmstore db * @param $pid {string} - product id * @param $qty {string} - qty of product to remove from cart * @param $name {string} - product name for result message * @returns {Array} with: * - { "success" : } if $qty <= current qty * - { "warning" : } if $qty > current qty */ function delete_product_from_cart($db, $pid, $qty, $name) { $cart_row = get_cart_row($db, $pid); if ($cart_row) { $cart_qty = $cart_row["qty"]; $cart_qty -= $qty; if ($cart_qty <= 0) { $qry = "DELETE FROM MyCart WHERE pid=:pid"; $params = array("pid" => $pid); if ($cart_qty < 0) { $result = array("warning" => "Quantity was passed as a value greater than what was found in your cart. Removed all {$name} from your cart."); } else { $result = array("success" => "Removed all {$name} from your cart."); } } else { $qry = "UPDATE MyCart SET qty=:qty, lastupdated=NOW() WHERE pid=:pid"; $params = array("qty" => $cart_qty, "pid" => $pid); $result = array("success" => "You now have {$cart_qty} of {$name} in your shopping cart!"); } $stmt = $db->prepare($qry); $stmt->execute($params); return $result; } else { handle_error("Product not found in your cart."); } } /** * Helper function to get MyCart row data for the provided product id. * If no item exists in the Inventory table having the given $pid, returns null. * If given $pid does not exist in the Inventory table, outputs a 400 error. * * @param $db {PDO} - PDO object connected to bmstore db * @param $pid {string} - product id to get corresponding MyCart row. * @returns Array - row containing MyCart data for $pid, if it exists (else null). */ function get_cart_row($db, $pid) { $qry = "SELECT qty FROM MyCart WHERE pid=:pid"; $stmt = $db->prepare($qry); $params = array("pid" => $pid); $stmt->execute($params); return $stmt->fetch(); # remember to call fetch after execute! } /** * Returns name of product having $pid product id in Inventory table. * Exits with 400 plain text error message if no product with $pid found. * * @param $db {PDO} - PDO object connected to bmstore db * @param $pid {string} - product id to get corresponding product name. * @returns {string} name of product with $pid product id. */ function get_product_name($db, $pid) { $qry = "SELECT name FROM Inventory WHERE id=:pid"; $stmt = $db->prepare($qry); $params = array("pid" => $pid); $stmt->execute($params); $row = $stmt->fetch(); if ($row) { return $row["name"]; } else { handle_error("Product not found in our inventory"); } } ?>