Quick Search:

Mode

Context

Displaying 3 lines of context. None | Less | More | Full

Other Diffs

Ignore

Blank Lines Whitespace:

Diff

5
  
19
  
19
  
shopping_cart.php
_> 11 <?php
  22 /*
<> 3 -  $Id: shopping_cart.php 5 2005-01-31 01:40:15Z hpdl $
   3+  $Id: shopping_cart.php 19 2005-02-25 02:57:18Z hpdl $
44 
  55   osCommerce, Open Source E-Commerce Solutions
  66   http://www.oscommerce.com
  77 
<> 8 -  Copyright (c) 2003 osCommerce
   8+  Copyright (c) 2005 osCommerce
99 
  1010   Released under the GNU General Public License
  1111 */
      
 !
1818     }
  1919 
  2020     function restore_contents() {
<> 21 -      global $osC_Customer;
   21+      global $osC_Database, $osC_Customer;
2222 
  2323       if ($osC_Customer->isLoggedOn() == false) return false;
  2424 
      
 !
2727         reset($this->contents);
  2828         while (list($products_id, ) = each($this->contents)) {
  2929           $qty = $this->contents[$products_id]['qty'];
<> 30 -          $product_query = tep_db_query("select products_id from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($products_id) . "'");
  31 -          if (!tep_db_num_rows($product_query)) {
  32 -            tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$osC_Customer->id . "', '" . tep_db_input($products_id) . "', '" . $qty . "', '" . date('Ymd') . "')");
   30+
   31+          $Qproduct = $osC_Database->query('select products_id from :table_customers_basket where customers_id = :customers_id and products_id = :products_id');
   32+          $Qproduct->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   33+          $Qproduct->bindInt(':customers_id', $osC_Customer->id);
   34+          $Qproduct->bindValue(':products_id', $products_id);
   35+          $Qproduct->execute();
   36+
   37+          if ($Qproduct->numberOfRows() < 1) {
   38+            $Qnew = $osC_Database->query('insert into :table_customers_basket (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values (:customers_id, :products_id, :customers_basket_quantity, :customers_basket_date_added)');
   39+            $Qnew->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   40+            $Qnew->bindInt(':customers_id', $osC_Customer->id);
   41+            $Qnew->bindValue(':products_id', $products_id);
   42+            $Qnew->bindInt(':customers_basket_quantity', $qty);
   43+            $Qnew->bindValue(':customers_basket_date_added', date('Ymd'));
   44+            $Qnew->execute();
   45+
3346             if (isset($this->contents[$products_id]['attributes'])) {
  3447               reset($this->contents[$products_id]['attributes']);
  3548               while (list($option, $value) = each($this->contents[$products_id]['attributes'])) {
<> 36 -                tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " (customers_id, products_id, products_options_id, products_options_value_id) values ('" . (int)$osC_Customer->id . "', '" . tep_db_input($products_id) . "', '" . (int)$option . "', '" . (int)$value . "')");
   49+                $Qnew = $osC_Database->query('insert into :table_customers_basket_attributes (customers_id, products_id, products_options_id, products_options_value_id) values (:customers_id, :products_id, :products_options_id, :products_options_value_id)');
   50+                $Qnew->bindTable(':table_customers_basket_attributes', TABLE_CUSTOMERS_BASKET_ATTRIBUTES);
   51+                $Qnew->bindInt(':customers_id', $osC_Customer->id);
   52+                $Qnew->bindValue(':products_id', $products_id);
   53+                $Qnew->bindInt(':products_options_id', $option);
   54+                $Qnew->bindInt(':products_options_value_id', $value);
   55+                $Qnew->execute();
3756               }
  3857             }
  3958           } else {
<> 40 -            tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . $qty . "' where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($products_id) . "'");
   59+            $Qupdate = $osC_Database->query('update :table_customers_basket set customers_basket_quantity = :customers_basket_quantity where customers_id = :customers_id and products_id = :products_id');
   60+            $Qupdate->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   61+            $Qupdate->bindInt(':customers_basket_quantity', $qty);
   62+            $Qupdate->bindInt(':customers_id', $osC_Customer->id);
   63+            $Qupdate->bindValue(':products_id', $products_id);
   64+            $Qupdate->execute();
4165           }
  4266         }
  4367       }
  4468 
  4569 // reset per-session cart contents, but not the database contents
  4670       $this->reset(false);
  4771 
<> 48 -      $products_query = tep_db_query("select products_id, customers_basket_quantity from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$osC_Customer->id . "'");
  49 -      while ($products = tep_db_fetch_array($products_query)) {
  50 -        $this->contents[$products['products_id']] = array('qty' => $products['customers_basket_quantity']);
   72+      $Qproducts = $osC_Database->query('select products_id, customers_basket_quantity from :table_customers_basket where customers_id = :customers_id');
   73+      $Qproducts->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   74+      $Qproducts->bindInt(':customers_id', $osC_Customer->id);
   75+      $Qproducts->execute();
   76+
   77+      while ($Qproducts->next()) {
   78+        $this->contents[$Qproducts->value('products_id')] = array('qty' => $Qproducts->valueInt('customers_basket_quantity'));
5179 // attributes
<> 52 -        $attributes_query = tep_db_query("select products_options_id, products_options_value_id from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($products['products_id']) . "'");
  53 -        while ($attributes = tep_db_fetch_array($attributes_query)) {
  54 -          $this->contents[$products['products_id']]['attributes'][$attributes['products_options_id']] = $attributes['products_options_value_id'];
   80+        $Qattributes = $osC_Database->query('select products_options_id, products_options_value_id from :table_customers_basket_attributes where customers_id = :customers_id and products_id = :products_id');
   81+        $Qattributes->bindTable(':table_customers_basket_attributes', TABLE_CUSTOMERS_BASKET_ATTRIBUTES);
   82+        $Qattributes->bindInt(':customers_id', $osC_Customer->id);
   83+        $Qattributes->bindValue(':products_id', $Qproducts->value('products_id'));
   84+        $Qattributes->execute();
   85+
   86+        while ($Qattributes->next()) {
   87+          $this->contents[$Qproducts->value('products_id')]['attributes'][$Qattributes->valueInt('products_options_id')] = $Qattributes->valueInt('products_options_value_id');
5588         }
  5689       }
  5790 
  5891       $this->cleanup();
  5992     }
  6093 
  6194     function reset($reset_database = false) {
<> 62 -      global $osC_Session, $osC_Customer;
   95+      global $osC_Database, $osC_Session, $osC_Customer;
6396 
  6497       $this->contents = array();
  6598       $this->total = 0;
  6699       $this->weight = 0;
  67100       $this->content_type = false;
  68101 
  69102       if (($reset_database == true) && $osC_Customer->isLoggedOn()) {
<> 70 -        tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$osC_Customer->id . "'");
  71 -        tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . (int)$osC_Customer->id . "'");
   103+        $Qdelete = $osC_Database->query('delete from :table_customers_basket where customers_id = :customers_id');
   104+        $Qdelete->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   105+        $Qdelete->bindInt(':customers_id', $osC_Customer->id);
   106+        $Qdelete->execute();
   107+
   108+        $Qdelete = $osC_Database->query('delete from :table_customers_basket_attributes where customers_id = :customers_id');
   109+        $Qdelete->bindTable(':table_customers_basket_attributes', TABLE_CUSTOMERS_BASKET_ATTRIBUTES);
   110+        $Qdelete->bindInt(':customers_id', $osC_Customer->id);
   111+        $Qdelete->execute();
72112       }
  73113 
  74114       unset($this->cartID);
  75115       $osC_Session->remove('cartID');
  76116     }
  77117 
  78118     function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {
<> 79 -      global $osC_Session, $osC_Customer;
   119+      global $osC_Database, $osC_Session, $osC_Customer;
80120 
  81121       $products_id_string = tep_get_uprid($products_id, $attributes);
  82122       $products_id = tep_get_prid($products_id_string);
  83123 
  84124       if (is_numeric($products_id) && is_numeric($qty)) {
<> 85 -        $check_product_query = tep_db_query("select products_status from " . TABLE_PRODUCTS . " where products_id = '" . (int)$products_id . "'");
  86 -        $check_product = tep_db_fetch_array($check_product_query);
   125+        $Qcheck = $osC_Database->query('select products_status from :table_products where products_id = :products_id');
   126+        $Qcheck->bindTable(':table_products', TABLE_PRODUCTS);
   127+        $Qcheck->bindInt(':products_id', $products_id);
   128+        $Qcheck->execute();
87129 
<> 88 -        if (($check_product !== false) && ($check_product['products_status'] == '1')) {
   130+        if (($check_product !== false) && ($Qcheck->valueInt('products_status') == '1')) {
89131           if ($notify == true) {
  90132             $osC_Session->set('new_products_id_in_cart', $products_id_string);
  91133           }
      
 !
95137           } else {
  96138             $this->contents[$products_id_string] = array('qty' => $qty);
  97139 // insert into database
<> 98 -            if ($osC_Customer->isLoggedOn()) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$osC_Customer->id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$qty . "', '" . date('Ymd') . "')");
   140+            if ($osC_Customer->isLoggedOn()) {
   141+              $Qnew = $osC_Database->query('insert into :table_customers_basket (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values (:customers_id, :products_id, :customers_basket_quantity, :customers_basket_date_added)');
   142+              $Qnew->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   143+              $Qnew->bindInt(':customers_id', $osC_Customer->id);
   144+              $Qnew->bindValue(':products_id', $products_id_string);
   145+              $Qnew->bindInt(':customers_basket_quantity', $qty);
   146+              $Qnew->bindValue(':customers_basket_date_added', date('Ymd'));
   147+              $Qnew->execute();
   148+            }
99149 
  100150             if (is_array($attributes)) {
  101151               reset($attributes);
  102152               while (list($option, $value) = each($attributes)) {
  103153                 $this->contents[$products_id_string]['attributes'][$option] = $value;
  104154 // insert into database
<> 105 -                if ($osC_Customer->isLoggedOn()) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " (customers_id, products_id, products_options_id, products_options_value_id) values ('" . (int)$osC_Customer->id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$option . "', '" . (int)$value . "')");
   155+                if ($osC_Customer->isLoggedOn()) {
   156+                  $Qnew = $osC_Database->query('insert into :table_customers_basket_attributes (customers_id, products_id, products_options_id, products_options_value_id) values (:customers_id, :products_id, :products_options_id, :products_options_value_id)');
   157+                  $Qnew->bindTable(':table_customers_basket_attributes', TABLE_CUSTOMERS_BASKET_ATTRIBUTES);
   158+                  $Qnew->bindInt(':customers_id', $osC_Customer->id);
   159+                  $Qnew->bindValue(':products_id', $products_id_string);
   160+                  $Qnew->bindInt(':products_options_id', $option);
   161+                  $Qnew->bindInt(':products_options_value_id', $value);
   162+                  $Qnew->execute();
   163+                }
106164               }
  107165             }
  108166           }
      
 !
116174     }
  117175 
  118176     function update_quantity($products_id, $quantity = '', $attributes = '') {
<> 119 -      global $osC_Customer;
   177+      global $osC_Database, $osC_Customer;
120178 
  121179       $products_id_string = tep_get_uprid($products_id, $attributes);
  122180       $products_id = tep_get_prid($products_id_string);
  123181 
  124182       if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity)) {
  125183         $this->contents[$products_id_string] = array('qty' => $quantity);
  126184 // update database
<> 127 -        if ($osC_Customer->isLoggedOn()) tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . (int)$quantity . "' where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($products_id_string) . "'");
   185+        if ($osC_Customer->isLoggedOn()) {
   186+          $Qupdate = $osC_Database->query('update :table_customers_basket set customers_basket_quantity = :customers_basket_quantity where customers_id = :customers_id and products_id = :products_id');
   187+          $Qupdate->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   188+          $Qupdate->bindInt(':customers_basket_quantity', $quantity);
   189+          $Qupdate->bindInt(':customers_id', $osC_Customer->id);
   190+          $Qupdate->bindValue(':products_id', $products_id_string);
   191+          $Qupdate->execute();
   192+        }
128193 
  129194         if (is_array($attributes)) {
  130195           reset($attributes);
  131196           while (list($option, $value) = each($attributes)) {
  132197             $this->contents[$products_id_string]['attributes'][$option] = $value;
  133198 // update database
<> 134 -            if ($osC_Customer->isLoggedOn()) tep_db_query("update " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " set products_options_value_id = '" . (int)$value . "' where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($products_id_string) . "' and products_options_id = '" . (int)$option . "'");
   199+            if ($osC_Customer->isLoggedOn()) {
   200+              $Qupdate = $osC_Database->query('update :table_customers_basket_attributes set products_options_value_id = :products_options_value_id where customers_id = :customers_id and products_id = :products_id and products_options_id = :products_options_id');
   201+              $Qupdate->bindTable(':table_customers_basket_attributes', TABLE_CUSTOMERS_BASKET_ATTRIBUTES);
   202+              $Qupdate->bindInt(':products_options_value_id', $value);
   203+              $Qupdate->bindInt(':customers_id', $osC_Customer->id);
   204+              $Qupdate->bindValue(':products_id', $products_id_string);
   205+              $Qupdate->bindInt(':products_options_id', $option);
   206+              $Qupdate->execute();
   207+            }
135208           }
  136209         }
  137210       }
  138211     }
  139212 
  140213     function cleanup() {
<> 141 -      global $osC_Customer;
   214+      global $osC_Database, $osC_Customer;
142215 
  143216       reset($this->contents);
  144217       while (list($key,) = each($this->contents)) {
  145218         if ($this->contents[$key]['qty'] < 1) {
  146219           unset($this->contents[$key]);
  147220 // remove from database
  148221           if ($osC_Customer->isLoggedOn()) {
<> 149 -            tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($key) . "'");
  150 -            tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($key) . "'");
   222+            $Qdelete = $osC_Database->query('delete from :table_customers_basket where customers_id = :customers_id and products_id = :products_id');
   223+            $Qdelete->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   224+            $Qdelete->bindInt(':customers_id', $osC_Customer->id);
   225+            $Qdelete->bindValue(':products_id', $key);
   226+            $Qdelete->execute();
   227+
   228+            $Qdelete = $osC_Database->query('delete from :table_customers_basket_attributes where customers_id = :customers_id and products_id = :products_id');
   229+            $Qdelete->bindTable(':table_customers_basket_attributes', TABLE_CUSTOMERS_BASKET_ATTRIBUTES);
   230+            $Qdelete->bindInt(':customers_id', $osC_Customer->id);
   231+            $Qdelete->bindValue(':products_id', $key);
   232+            $Qdelete->execute();
151233           }
  152234         }
  153235       }
      
 !
182264     }
  183265 
  184266     function remove($products_id) {
<> 185 -      global $osC_Customer;
   267+      global $osC_Database, $osC_Customer;
186268 
  187269       unset($this->contents[$products_id]);
  188270 // remove from database
  189271       if ($osC_Customer->isLoggedOn()) {
<> 190 -        tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($products_id) . "'");
  191 -        tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . (int)$osC_Customer->id . "' and products_id = '" . tep_db_input($products_id) . "'");
   272+        $Qdelete = $osC_Database->query('delete from :table_customers_basket where customers_id = :customers_id and products_id = :products_id');
   273+        $Qdelete->bindTable(':table_customers_basket', TABLE_CUSTOMERS_BASKET);
   274+        $Qdelete->bindInt(':customers_id', $osC_Customer->id);
   275+        $Qdelete->bindValue(':products_id', $products_id);
   276+        $Qdelete->execute();
   277+
   278+        $Qdelete = $osC_Database->query('delete from :table_customers_basket_attributes where customers_id = :customers_id and products_id = :products_id');
   279+        $Qdelete->bindTable(':table_customers_basket_attributes', TABLE_CUSTOMERS_BASKET_ATTRIBUTES);
   280+        $Qdelete->bindInt(':customers_id', $osC_Customer->id);
   281+        $Qdelete->bindValue(':products_id', $products_id);
   282+        $Qdelete->execute();
192283       }
  193284 
  194285 // assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure
      
 !
212303     }
  213304 
  214305     function calculate() {
<> 215 -      global $osC_Tax, $osC_Weight;
   306+      global $osC_Database, $osC_Tax, $osC_Weight;
216307 
  217308       $this->total = 0;
  218309       $this->weight = 0;
      
 !
223314         $qty = $this->contents[$products_id]['qty'];
  224315 
  225316 // products price
<> 226 -        $product_query = tep_db_query("select products_id, products_price, products_tax_class_id, products_weight, products_weight_class from " . TABLE_PRODUCTS . " where products_id = '" . (int)$products_id . "'");
  227 -        if ($product = tep_db_fetch_array($product_query)) {
  228 -          $prid = $product['products_id'];
  229 -          $products_tax = $osC_Tax->getTaxRate($product['products_tax_class_id']);
  230 -          $products_price = $product['products_price'];
   317+        $Qproduct = $osC_Database->query('select products_id, products_price, products_tax_class_id, products_weight, products_weight_class from :table_products where products_id = :products_id');
   318+        $Qproduct->bindTable(':table_products', TABLE_PRODUCTS);
   319+        $Qproduct->bindInt(':products_id', $products_id);
   320+        $Qproduct->execute();
231321 
<> 232 -          $products_weight = $osC_Weight->convert($product['products_weight'], $product['products_weight_class'], SHIPPING_WEIGHT_UNIT);
   322+        if ($Qproduct->numberOfRows()) {
   323+          $prid = $Qproduct->valueInt('products_id');
   324+          $products_tax = $osC_Tax->getTaxRate($Qproduct->valueInt('products_tax_class_id'));
   325+          $products_price = $Qproduct->value('products_price');
233326 
<> 234 -          $specials_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$prid . "' and status = '1'");
  235 -          if (tep_db_num_rows ($specials_query)) {
  236 -            $specials = tep_db_fetch_array($specials_query);
  237 -            $products_price = $specials['specials_new_products_price'];
   327+          $products_weight = $osC_Weight->convert($Qproduct->value('products_weight'), $Qproduct->valueInt('products_weight_class'), SHIPPING_WEIGHT_UNIT);
   328+
   329+          $Qspecials = $osC_Database->query('select specials_new_products_price from :table_specials where products_id = :products_id and status = :status');
   330+          $Qspecials->bindTable(':table_specials', TABLE_SPECIALS);
   331+          $Qspecials->bindInt(':products_id', $prid);
   332+          $Qspecials->bindInt(':status', 1);
   333+          $Qspecials->execute();
   334+
   335+          if ($Qspecials->numberOfRows()) {
   336+            $products_price = $Qspecials->value('specials_new_products_price');
238337           }
  239338 
  240339           $this->total += tep_add_tax($products_price, $products_tax) * $qty;
      
 !
245344         if (isset($this->contents[$products_id]['attributes'])) {
  246345           reset($this->contents[$products_id]['attributes']);
  247346           while (list($option, $value) = each($this->contents[$products_id]['attributes'])) {
<> 248 -            $attribute_price_query = tep_db_query("select options_values_price, price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$prid . "' and options_id = '" . (int)$option . "' and options_values_id = '" . (int)$value . "'");
  249 -            $attribute_price = tep_db_fetch_array($attribute_price_query);
  250 -            if ($attribute_price['price_prefix'] == '+') {
  251 -              $this->total += $qty * tep_add_tax($attribute_price['options_values_price'], $products_tax);
   347+            $Qattributes = $osC_Database->query('select options_values_price, price_prefix from :table_products_attributes where products_id = :products_id and options_id = :options_id and options_values_id = :options_values_id');
   348+            $Qattributes->bindTable(':table_products_attributes', TABLE_PRODUCTS_ATTRIBUTES);
   349+            $Qattributes->bindInt(':products_id', $prid);
   350+            $Qattributes->bindInt(':options_id', $option);
   351+            $Qattributes->bindInt(':options_values_id', $value);
   352+            $Qattributes->execute();
   353+
   354+            if ($Qattributes->value('price_prefix') == '+') {
   355+              $this->total += $qty * tep_add_tax($Qattributes->value('options_values_price'), $products_tax);
252356             } else {
<> 253 -              $this->total -= $qty * tep_add_tax($attribute_price['options_values_price'], $products_tax);
   357+              $this->total -= $qty * tep_add_tax($Qattributes->value('options_values_price'), $products_tax);
254358             }
  255359           }
  256360         }
  257361       }
  258362     }
  259363 
  260364     function attributes_price($products_id) {
<>  365+      global $osC_Database;
   366+
261367       $attributes_price = 0;
  262368 
  263369       if (isset($this->contents[$products_id]['attributes'])) {
  264370         reset($this->contents[$products_id]['attributes']);
  265371         while (list($option, $value) = each($this->contents[$products_id]['attributes'])) {
<> 266 -          $attribute_price_query = tep_db_query("select options_values_price, price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$products_id . "' and options_id = '" . (int)$option . "' and options_values_id = '" . (int)$value . "'");
  267 -          $attribute_price = tep_db_fetch_array($attribute_price_query);
  268 -          if ($attribute_price['price_prefix'] == '+') {
  269 -            $attributes_price += $attribute_price['options_values_price'];
   372+          $Qattributes = $osC_Database->query('select options_values_price, price_prefix from :table_products_attributes where products_id = :products_id and options_id = :options_id and options_values_id = :options_values_id');
   373+          $Qattributes->bindTable(':table_products_attributes', TABLE_PRODUCTS_ATTRIBUTES);
   374+          $Qattributes->bindInt(':products_id', $products_id);
   375+          $Qattributes->bindInt(':options_id', $option);
   376+          $Qattributes->bindInt(':options_values_id', $value);
   377+          $Qattributes->execute();
   378+
   379+          if ($Qattributes->value('price_prefix') == '+') {
   380+            $attributes_price += $Qattributes->value('options_values_price');
270381           } else {
<> 271 -            $attributes_price -= $attribute_price['options_values_price'];
   382+            $attributes_price -= $Qattributes->value('options_values_price');
272383           }
  273384         }
  274385       }
      
 !
277388     }
  278389 
  279390     function get_products() {
<> 280 -      global $osC_Session;
   391+      global $osC_Database, $osC_Session;
281392 
  282393       if (!is_array($this->contents)) return false;
  283394 
  284395       $products_array = array();
  285396       reset($this->contents);
  286397       while (list($products_id, ) = each($this->contents)) {
<> 287 -        $products_query = tep_db_query("select p.products_id, pd.products_name, p.products_model, p.products_image, p.products_price, p.products_weight, p.products_tax_class_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$products_id . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$osC_Session->value('languages_id') . "'");
  288 -        if ($products = tep_db_fetch_array($products_query)) {
  289 -          $prid = $products['products_id'];
  290 -          $products_price = $products['products_price'];
   398+        $Qproducts = $osC_Database->query('select p.products_id, pd.products_name, p.products_model, p.products_image, p.products_price, p.products_weight, p.products_tax_class_id from :table_products p, :table_products_description pd where p.products_id = :products_id and pd.products_id = p.products_id and pd.language_id = :language_id');
   399+        $Qproducts->bindTable(':table_products', TABLE_PRODUCTS);
   400+        $Qproducts->bindTable(':table_products_description', TABLE_PRODUCTS_DESCRIPTION);
   401+        $Qproducts->bindInt(':products_id', $products_id);
   402+        $Qproducts->bindInt(':language_id', $osC_Session->value('languages_id'));
   403+        $Qproducts->execute();
291404 
<> 292 -          $specials_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$prid . "' and status = '1'");
  293 -          if (tep_db_num_rows($specials_query)) {
  294 -            $specials = tep_db_fetch_array($specials_query);
  295 -            $products_price = $specials['specials_new_products_price'];
   405+        if ($Qproducts->numberOfRows()) {
   406+          $prid = $Qproducts->valueInt('products_id');
   407+          $products_price = $Qproducts->value('products_price');
   408+
   409+          $Qspecials = $osC_Database->query('select specials_new_products_price from :table_specials where products_id = :products_id and status = :status');
   410+          $Qspecials->bindTable(':table_specials', TABLE_SPECIALS);
   411+          $Qspecials->bindInt(':products_id', $prid);
   412+          $Qspecials->bindInt(':status', 1);
   413+          $Qspecials->execute();
   414+
   415+          if ($Qspecials->numberOfRows()) {
   416+            $products_price = $Qspecials->value('specials_new_products_price');
296417           }
  297418 
  298419           $products_array[] = array('id' => $products_id,
<> 299 -                                    'name' => $products['products_name'],
  300 -                                    'model' => $products['products_model'],
  301 -                                    'image' => $products['products_image'],
   420+                                    'name' => $Qproducts->value('products_name'),
   421+                                    'model' => $Qproducts->value('products_model'),
   422+                                    'image' => $Qproducts->value('products_image'),
302423                                     'price' => $products_price,
  303424                                     'quantity' => $this->contents[$products_id]['qty'],
<> 304 -                                    'weight' => $products['products_weight'],
   425+                                    'weight' => $Qproducts->value('products_weight'),
305426                                     'final_price' => ($products_price + $this->attributes_price($products_id)),
<> 306 -                                    'tax_class_id' => $products['products_tax_class_id'],
   427+                                    'tax_class_id' => $Qproducts->valueInt('products_tax_class_id'),
307428                                     'attributes' => (isset($this->contents[$products_id]['attributes']) ? $this->contents[$products_id]['attributes'] : ''));
  308429         }
  309430       }
      
 !
328449     }
  329450 
  330451     function get_content_type() {
<>  452+      global $osC_Database;
   453+
331454       $this->content_type = false;
  332455 
  333456       if ( (DOWNLOAD_ENABLED == 'true') && ($this->count_contents() > 0) ) {
      
 !
336459           if (isset($this->contents[$products_id]['attributes'])) {
  337460             reset($this->contents[$products_id]['attributes']);
  338461             while (list(, $value) = each($this->contents[$products_id]['attributes'])) {
<> 339 -              $virtual_check_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_ATTRIBUTES . " pa, " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad where pa.products_id = '" . (int)$products_id . "' and pa.options_values_id = '" . (int)$value . "' and pa.products_attributes_id = pad.products_attributes_id");
  340 -              $virtual_check = tep_db_fetch_array($virtual_check_query);
   462+              $Qcheck = $osC_Database->query('select count(*) as total from :table_products_attributes pa, :table_products_attributes_download pad where pa.products_id = :products_id and pa.options_values_id = :options_values_id and pa.products_attributes_id = pad.products_attributes_id');
   463+              $Qcheck->bindTable(':table_products_attributes', TABLE_PRODUCTS_ATTRIBUTES);
   464+              $Qcheck->bindTable(':table_products_attributes_download', TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD);
   465+              $Qcheck->bindInt(':products_id', $products_id);
   466+              $Qcheck->bindInt(':options_values_id', $value);
   467+              $Qcheck->execute();
341468 
<> 342 -              if ($virtual_check['total'] > 0) {
   469+              if ($Qcheck->valueInt('total') > 0) {
<_ 343470                 switch ($this->content_type) {
  344471                   case 'physical':
  345472                     $this->content_type = 'mixed';