Connect("$dbname"); // Set the get and post stuff if (isset($_GET['showCat'])){ $showCat = _GET('showCat'); //FIXME we need some protection from sql injections here! } else $showCat = null; echo "
Categories:
"; echo "
"; $sql->Query("select * from $tblname"); for ($i = 0 ; $i < $sql->rows; $i++) { $sql->Fetch($i); $catname = str_replace(" ", " ", $sql->data['Name']); $catid = $sql->data['ID']; echo("$catname "); } echo "
"; echo "
"; echo "
"; $currentorder->showCart('vertcart'); echo "
"; if ($showCat) { $catname = $sql->QueryItem("select Name from $tblname where ID=$showCat"); echo("

$catname:

Below are products in the $catname category.
There are more products available if you click another category above.

"); $sql->Query("select products.* from products,catprodmap where products.ID=catprodmap.pID and catprodmap.cID=$showCat"); } else { $sql->Query("select distinct products.* from products, catprodmap where products.ID = catprodmap.pid and catprodmap.cid != 20 ORDER BY products.ID"); echo("

All Products:

"); } //walk the database for ($i = 0 ; $i < $sql->rows ; $i++) { $sql->Fetch($i); product_show($sql); } ?>