<?
if (isset($_GET['awsid'])) {
    
// some secret checking here to make sure nobody is deeplinking this script for themselves
    // if you're being bad { punish } else {
        
$xmldoc "";
        
$awsid $_GET['awsid'];
        
$awsid substr(strip_tags(stripslashes($awsid)), 03);

        
// include calls to my error handling class
        // include calls to my global DB connector

        
$result mysql_query("select asin, title, author_artist, rating, review from amazon where aid = " $awsid
            or 
trigger_error('mysql_query(): ' mysql_error(), E_USER_NOTICE);
        
$row mysql_fetch_array($result);

        
$xmldoc .= "<item>\n";
        
$xmldoc .= "\t<URL>http://ec1.images-amazon.com/images/P/" $row['asin'] . ".01._SCMZZZZZZZ_.jpg</URL>\n";
        
$xmldoc .= "\t<Title>" $row['title'] . "</Title>\n";
        
$xmldoc .= "\t<AuthorArtist>" $row['author_artist'] . "</AuthorArtist>\n";
        
$xmldoc .= "\t<MyRating>" $row['rating'] . "</MyRating>\n";
        
$xmldoc .= "\t<MyReview>" $row['review'] . "</MyReview>\n";
        
$xmldoc .= "</item>\n";

        
mysql_free_result($result);

        
// include calls to my global DB disconnector

        
header("Content-type: text/xml");
        echo 
$xmldoc;
    
// }
}
?>