</p> <p> <label for="message">Message:</label> <input autocomplete="off" id="message" tabindex="2" type="text" value=""> </p> <div> <input type="submit" value="Send"> </div> </form> <script src="/static/js/jquery-1.2.6.min.js" type="text/javascript"></script> <script src="/static/js/chat.js?v<?php echo Chat::VERSION; ?> " type="text/javascript"></script> <script type="text/javascript"> <!--// Chat.init({ roomName : '<?php echo Database::clean($this->room['name']); ?> ', lastMessageId : <?php echo (int) Chat::$last_message_id; ?> }); //--> </script>
<?php require_once '../api_builder_includes/class.Database.inc.php'; Database::init_connection("localhost", "organization", "users", "username", "secret_password"); // Array containing the row to change. The only required values are the id and the column being changed. // All other key => value pairs are ignored but are present here because often rows are updated in batch // after being returned in 2D array fashion from Database::get_all_results(); $user = array("id" => 2, "first_name" => "Salvester", "last_name" => "Rinehart", "email" => "*****@*****.**", "phone_number" => "8042557684", "city" => "Richmond", "state" => "VA", "bio" => "Total badass."); //sanitize user input $user_cleaned = Database::clean($user); //the 3rd parameter specifies this is an update statement by selecting which column from in the row to update if (Database::execute_from_assoc($user_cleaned, Database::$table, "phone_number")) { echo $user['first_name'] . "'s phone number was changed to " . $user['phone_number']; }
$user = new User(); //print_r($_POST); // test $userName = $_POST["username"]; $passWord = $_POST["password"]; $adminCheck = $mydb->first("SELECT `gmlevel` FROM `account` WHERE `username`='{$userName}' AND `sha_pass_hash`='" . SHA1(strtoupper($username . ':' . $password)) . "';"); if ($adminCheck === "3") { $isadmin = 1; } elseif (!$adminCheck || $adminCheck == "") { $isadmin = 0; } else { $isadmin = 0; } //echo $adminCheck; if (isset($_POST["assignto"]) && $isadmin == 1) { $assignto = $mydb->clean($_POST["assignto"], '', ''); $assignedname = $mydb->first("SELECT username FROM account WHERE id='{$assignto}'"); $tickid = $mydb->clean($_POST["tickid"], '', ''); $mydb->query_update('list', array('assigned' => $assignto), "id='{$tickid}'"); // echo $isadmin; echo $assignedname; } if (isset($_POST["titlechange"]) && $isadmin == 1) { $tickid = $mydb->clean($_POST["tickid"], '', ''); $mydb->query_update("list", array('title' => $_POST["titlechange"]), "id='{$tickid}'"); echo "Title changed."; } if (isset($_POST["closeticket"]) && $isadmin == 1) { $closeticket = $mydb->clean($_POST["tickid"], '', ''); $mydb->query_update('list', array('status' => 0, 'finished' => time()), "id='{$closeticket}'"); echo "Ok";
public static function updateUserInRoom($room_id, $name, $status) { if (!$name) { return; } // Set up the data $ip = $_SERVER['REMOTE_ADDR']; $name = Database::clean($name); $status = (int) $status; // Check if this user has been in this room before $room_user = null; $users = self::getUsersByRoomId($room_id); foreach ($users as $user) { if ($user['name'] == $name) { $room_user = $user; break; } } if ($room_user) { // Update the user $pairs = array('hostname' => $ip, 'name' => $name, 'status' => $status); $where = "(name = '{$name}')"; /* $where = "((hostname = '$ip') || (name = '$name'))"; $where .= "AND (room_id = $room_id)"; */ $GLOBALS['MHP']->updateRows('rooms_users', $pairs, $where); } else { // "user has entered the room" #self::putMessages($room_id, $name, array(self::TEXT_ENTER)); // Insert the user $GLOBALS['MHP']->insertRow('rooms_users', array('hostname' => $ip, 'name' => $name, 'room_id' => $room_id, 'status' => $status, 'timestamp' => time())); } }
<?php //include the API Builder mini lib require_once "api_builder_includes/class.API.inc.php"; //set page to output JSON header("Content-Type: application/json; charset=utf-8"); //If API parameters were included in the http request via $_GET... if (isset($_GET) && !empty($_GET)) { //specify the columns that will be output by the api as a comma-delimited list $columns = "column_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tcolumn_name,\n\t \t\t\t\tetc..."; //setup the API $api = new API("your_host", "your_database_name", "your_table_name", "your_database_username", "your_database_password"); $api->setup($columns); $api->set_default_order("column_name"); $api->set_searchable("column_name, column_name, etc..."); $api->set_default_search_order("column_name"); $api->set_pretty_print(true); //sanitize the contents of $_GET to insure that //malicious strings cannot disrupt your database $get_array = Database::clean($_GET); //output the results of the http request echo $api->get_json_from_assoc($get_array); }
// include the API Builder Database class require_once '../api_builder_includes/class.Database.inc.php'; var_dump($_POST); //if POST is present... if (isset($_POST) && !empty($_POST)) { // Do any neccissary validation here. You can use something like https://github.com/ASoares/PHP-Form-Validation // if you are not going to validate input, which you absolutely should if users are submitting it, then at least // make sure the correct values are present if (isset($_POST['first_name']) && !empty($_POST['first_name']) && isset($_POST['last_name']) && !empty($_POST['last_name']) && isset($_POST['email']) && !empty($_POST['email']) && isset($_POST['phone_number']) && !empty($_POST['phone_number']) && isset($_POST['city']) && !empty($_POST['city']) && isset($_POST['state']) && !empty($_POST['state']) && isset($_POST['bio']) && !empty($_POST['bio'])) { // Open the database connection. This is what happens inside of the API class constructor // but if this page is simply for submitting data to the database you can just call this method Database::init_connection("localhost", "organization", "users", "username", "secret_password"); // Sanitize the array so that it can be safely inserted into the database. // This method uses MySQLi real escape string and htmlspecialchars encoding. $post_array = Database::clean($_POST); //submit the data to your table. if (Database::execute_from_assoc($post_array, Database::$table)) { echo "The data was submitted to the database"; } else { echo "There was an error submitting the data to the database"; } } else { echo "One or more of the required values is missing from the POST"; } } else { echo "Nothing was added to the database because the http request has no POST values"; } ?> <form method="post" action="">
<?php //Load Database Class require '/classes/database.php'; //Instantiate db class $db = new Database(); //Recieve Data $what = $db->clean($_POST['your_thing']); $achievable = $db->clean($_POST['your_promo_goal']); $username = $db->clean($_POST['your_email']); $password = $db->clean(md5($_POST['your_password'])); //Check to see if the user account exists $value = $db->check($username, $password); //Check against db to see if user exists. $user_info = "SELECT username FROM company_information WHERE username = '******'"; $username_db = mysql_query($user_info); if ($value == true) { //Log user in $sql = "UPDATE company_information SET logged_in = 1 WHERE username = '******' AND password = '******'"; mysql_query($sql); //Put data into database and then redirect user to the payment page (dash). } elseif ($username != $username_db && $value == false) { //Redirect to 'do you want to create a new account page.' header("Location: do_it.php?what={$what}&achievable={$achievable}&email={$username}&enc={$password}"); } else { echo "I think you type in the wrong password. <a href='/a_query_post.php/'>Click here to go back and correct it</a>"; }