package WeChat;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;

// 检查该用户的订单
@WebServlet(name = "CheckOrders", urlPatterns = {"/CheckOrders.do"}, loadOnStartup = 2)
public class CheckOrders extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        if(Authentication.islegal(request)){
            String UserID = request.getParameter("UserID");
            String Statuetype = request.getParameter("status");
            // 防止sql注入
            if(UserID != null && sqlfilter.islegal(UserID)) {
                String sql = "select MessageID,Book.BookID,UserName,BookName,'tel-phone',Address from User join Ordered on User.UserID = Ordered.UserID join Address on " +
                        "Address.UserId = Ordered.UserID and Address.MessageID = Ordered.MessageID join Book on Ordered.BookID = Book.BookID where User.UserID = " +
                        UserID;
                if(Statuetype !=null && sqlfilter.isright(Statuetype)) sql += " and Status like '" + Statuetype + "%'";
                HashMap<String,String> names = new HashMap<>();
                names.put("UserName","UserName");
                names.put("BookName","BookName");
                names.put("tel-phone","tel-phone");
                names.put("Address","Address");
                names.put("BookID","BookID");
                names.put("MessageID","MessageID");
                GetJson.Getinfo(request,response,sql,names);
            }
        }
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        doPost(request, response);
    }
}