buy.cgi

#!/usr/bin/perl

use DBI;
use strict;
use CGI qw(:standard);

my $dbdatabase = "aacaffeine";
my $dbserver = "localhost";
my $dbuser = "root";
my $dbpassword = "";
my $username = cookie('username');
my $dbh = DBI->connect("DBI:mysql:$dbdatabase:$dbserver", $dbuser, $dbpassword);
my $id = CGI::param('id');
my $query = "SELECT * FROM products WHERE productid = $id";
my $sth = $dbh->prepare($query);
$sth->execute();

print "Content-type: text/html\n\n";

print "<html><body bgcolor=white text=black><center><img src='img/tcc.jpg'><br>\n";

my ($productname, $productdesc, $productprice, $productid);
$sth->bind_columns(undef, \$productname, \$productdesc, \$productprice, \$productid); 
while ($sth->fetch()) {
    print "You are ordering: <font color=red>$productname</font> for <font color=red>$productprice</font><br>";
}

print "<form action='confirm.cgi' method=post><table>";
print "<tr><td>Name:</td><td><input type=text name=username value='$username'></td></tr>\n";
print "<tr><td>Password:</td><td><input type=password name=userpassword></td></tr>\n";
print "<tr><td>Street:</td><td><input type=text name=userstreet></td></tr>";
print "<tr><td>City:</td><td><input type=text name=usercity></td></tr>";
print "<tr><td>State:</td><td><input type=text name=userstate></td></tr>";
print "<tr><td>Zip:</td><td><input type=text name=userzip></td></tr>";
print "<tr><td>Phone:</td><td><input type=text name=userphone></td></tr>";
print "<tr><td>Email:</td><td><input type=text name=useremail></td></tr>";
print "<tr><td>Payment method:</td><td><input type=radio value=Visa name=usercctype>Visa</td>\n";
print "<td><input type=radio value=MasterCard name=usercctype>MasterCard</td></tr>\n";
print "<tr><td>Card Number:</td><td><input type=text name=userccnum></td></tr>\n";
#print "<tr><td>Expiration Date:</td><td>Mo:<input type=text name=userccexpmo></td><td>Yr:<input type=text name=userccexpyr></td></tr>\n";
print "<tr><td>Exp. Month:</td><td><SELECT NAME=userccexpmo SIZE=4>
<OPTION VALUE=01>January (01)
<OPTION VALUE=02>February (02)
<OPTION VALUE=03>March (03)
<OPTION VALUE=04>April (04)
<OPTION VALUE=05>May (05)
<OPTION VALUE=06>June (06)
<OPTION VALUE=07>July (07)
<OPTION VALUE=08>August (08)
<OPTION VALUE=09>September (09)
<OPTION VALUE=10>October (10)
<OPTION VALUE=11>November (11)
<OPTION VALUE=12>December (12)
</SELECT></td></tr><tr><td>Exp. Year</td><td><SELECT NAME=userccexpyr SIZE=4>
<OPTION VALUE=2000>2000
<OPTION VALUE=2001>2001
<OPTION VALUE=2002>2002
<OPTION VALUE=2003>2003
<OPTION VALUE=2004>2004
<OPTION VALUE=2005>2005
<OPTION VALUE=2006>2006
<OPTION VALUE=2007>2007
<OPTION VALUE=2008>2008
<OPTION VALUE=2009>2009
<OPTION VALUE=2010>2010
</SELECT></td></tr>";
print "<tr><td><input type=submit></td></tr>\n";
print "</form></body></html>";