#Hello user!
#What is your favorite base flavor of ice cream or done: chocolate
#Which of the following chocolate-based recipes would you like to order?
#1. NYSFC
#2. Chocolate Brownie Delight
#3. Chocolate Chocolate Chocolate
#4. Fudgy
# 2 
# How many cartons of Chocolate Brownie Delight would you like to order?


#"SQL injection"
#
#
#"select name from recipe where flavorName='{favorite_ice_cream}'"
#
#Suppose the user types: chocolate
#
#    "select name from recipe where flavorName='chocolate'"
#
#Suppose the user types: vanilla
#
#    "select name from recipe where flavorName='vanilla'"
#
#Suppose the user types: ';drop all tables;
#
#    "select name from recipe where flavorName='';drop all tables;



from sqlite3 import *

conn = connect("/home/stephen/teaching/350/bj.db")

print("Hello user!")
favorite_ice_cream = input("What is your favorite base flavor of ice cream (or 'done')? ")
while favorite_ice_cream != "done":

    print("Which of the following {}-based recipes would you like to order?".
        format(favorite_ice_cream))


    # UNBELIEVABLY BAD AND DANGEROUS!!! vvvvv
    cursor = conn.execute(
        f"select name from recipe where flavorName='{favorite_ice_cream}'")
    # UNBELIEVABLY BAD AND DANGEROUS!!! ^^^^^


    # The happy and healthy way: vvvvvv
    cursor = conn.execute(
        "select name from recipe where flavorName=?",
        (favorite_ice_cream,) )
    # The happy and healthy way: ^^^^^^


    rows = cursor.fetchall()
    number = 1
    for row in rows:
        print(f"#{number}. {row[0]}")
        number += 1
    choice = int(input("Choice: "))
    recipe_name = rows[choice-1][0]

    cartons_ordered = int(input(f"How many cartons of {recipe_name} would "
        "you like to order?"))


    # UNBELIEVABLY BAD AND DANGEROUS!!!! vvvvv
    conn.execute(
        f"UPDATE recipe set cartonsOrdered=cartonsOrdered+{cartons_ordered} "
        f"WHERE name='{recipe_name}'")
    # UNBELIEVABLY BAD AND DANGEROUS!!! ^^^^^


    # The happy and healthy way: vvvvvv
    conn.execute("UPDATE recipe set cartonsOrdered=cartonsOrdered+? "
        "WHERE name=?", (cartons_ordered, recipe_name) )
    # The happy and healthy way: ^^^^^^


    conn.commit()

    favorite_ice_cream = input("What is your favorite base flavor of ice cream (or 'done')? ")

print("Have a nice day!")