Example SQLs

Admin login page

$sql = "SELECT * FROM admin WHERE username = '$_POST[username]' AND pword =
md5('$_POST[password]')";

Add customer
$sql = "INSERT INTO user(userid, username, firstname, lastname, email,
pword)
VALUES($_POST[userid],'$_POST[username]','$_POST[firstname]','$_POST[lastna
me]','$_POST[email]',md5('$_POST[password1]'))";

Update customer
$sql = "UPDATE user SET username = '$_POST[username]', firstname =
'$_POST[firstname]', lastname = '$_POST[lastname]', email =
'$_POST[email]', pword = md5('$_POST[password1]') WHERE userid =
$_POST[userid]";

Commission report
$sql = "SELECT userid, username, firstname, lastname, email, SUM(max_price)
AS total FROM item JOIN user ON seller = username WHERE status = 'SOLD' AND
end_date >= '$lastweek' GROUP BY userid, username, firstname, lastname,
email ORDER BY userid";

Sales summary report

$sql = "SELECT * FROM item WHERE status = 'SOLD' AND end_date >=
'$lastweek' ORDER BY category, itemid";

List of auctions
$sql = "SELECT * FROM item WHERE status = 'ON AUCTION' ORDER BY itemid";

Terminate auction
$sql = "UPDATE item SET status = 'SOLD' WHERE itemid = $itemid";

User login page

$sql = "SELECT * FROM user WHERE username = '$_POST[username]' AND pword =
md5('$_POST[password]')";

Update profile
$sql = "UPDATE user SET username = '$_POST[username]', firstname =
'$_POST[firstname]', lastname = '$_POST[lastname]', email =
'$_POST[email]', phone = '$_POST[phone]', card_number =
'$_POST[card_number]', card_type = '$_POST[card_type]', card_expr_date =
'$_POST[year]-$_POST[month]-00', pword = md5('$_POST[password1]') WHERE
userid = $_SESSION[userid] AND pword=md5('$_POST[password]')";

Selling list
$sql = "SELECT * FROM item WHERE seller = '$_SESSION[username]' ORDER BY
itemid";

Item info
$sql = "SELECT * FROM item WHERE itemid = $itemid"

Insert new item

$sql = "INSERT INTO item(itemid, name, category, start_price, description,
start_date, end_date, seller)
VALUES($_POST[itemid],'$_POST[name]','$_POST[category]','$_POST[start_price
]','$_POST[description]','$sy-$sm-$sd','$ey-$em-
$ed','$_SESSION[username]')";
Bidder list
$sql = "SELECT * FROM bid WHERE itemid = '$_GET[itemid]' ORDER BY
bid_time";
Rate buyer
$sql = "UPDATE item SET buyer_rating = '$_POST[buyer_rating]',
payment_rating = '$_POST[payment_rating]', explanation =
'$_POST[explanation]' WHERE itemid = $_GET[itemid]";

Search items
$sql = "SELECT * FROM item WHERE $where ORDER BY itemid";

Bid on item
$sql = "INSERT INTO bid
VALUES('$_SESSION[username]',NOW(),'$_POST[bid_price]',
'$_POST[bid_limit]','$_POST[itemid]')";

List of items bid on

$sql = "SELECT * FROM item WHERE itemid IN (SELECT itemid FROM bid WHERE
username = '$_SESSION[username]') ORDER BY itemid";

List of items sold

$sql = "SELECT * FROM item JOIN user ON winner = username WHERE seller =
'$_SESSION[username]' AND status = 'SOLD' ORDER BY itemid";

List of items bought

$sql = "SELECT * FROM item JOIN user ON seller = username WHERE winner =
'$_SESSION[username]' AND status = 'SOLD' ORDER BY itemid";

Rate seller
$sql = "UPDATE item SET seller_rating = '$_POST[seller_rating]',
quality_rating = '$_POST[quality_rating]', delivery_rating =
'$_POST[delivery_rating]', comments = '$_POST[comments]' WHERE itemid =
$_GET[itemid]";