Beispiel #1
0
$rs = "";
$category = 0;
$category = $_POST["flag2"];
$constraint = $_POST["flag3"];
include "db.php";
$temp = explode(" ", $query);
$altdata = "kd";
function checkintruder($query)
{
    if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $query) || $query == "") {
        return false;
    } else {
        return true;
    }
}
if (checkintruder($query)) {
    $count = 0;
    foreach ($temp as $word) {
        // like product name
        if ($category != 0) {
            //make product search inside this category space.
        } else {
            //search product irrespective of categories.
        }
        //make query to ignore first ten items, or pass constraint as ascending timestamps of products.
        $rs .= '<div class="col-xs-6 col-sm-6 col-md-4 col-lg-3 BLOCK">
				<a href="index.php?pagetype=product&productid=pid">
				<div class="product">
					<img alt="' . $altdata . '" src="images/searchpic.png" />
					<div class="desc"><span>data about image</span></div>
				</div>
Beispiel #2
0
$commenttext = $_POST["flag2"];
include "db.php";
function checkintruder($query)
{
    if (preg_match('/[\'}{@#~?><>/', $query)) {
        return false;
    } else {
        return true;
    }
}
$timestamp = time();
$username = $_SESSION['username'];
$commentid = $reviewid . "_comments_" . $timestamp;
$count = 0;
$query = "select reviewid from reviewdb where ( reviewid = '{$reviewid}') ";
$results = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($results)) {
    $count++;
}
if (checkintruder($commenttext) && $commenttext != "") {
    $query = "insert into commentdb values ('{$commentid}', '{$reviewid}', '{$username}', '{$commenttext}', '{$timestamp}') ";
    $results = mysqli_query($con, $query);
}
/*
header('content-type: application/json');
echo json_encode($rs);
*/
?>


Beispiel #3
0
        return false;
    } else {
        return true;
    }
}
$timestamp = time();
$username = $_SESSION['username'];
$reviewid = $productid . '_review_' . $timestamp;
$count = 0;
$query = "select reviewid from reviewdb where ( productid = '{$productid}' and username = '******') ";
$results = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($results)) {
    $count++;
    $reviewid = $row['reviewid'];
}
if (checkintruder($reviewtext)) {
    if ($count == 0) {
        $query = "insert into reviewdb values ('{$reviewid}', '{$productid}', '{$username}', '{$rating}' , '{$reviewtext}', '{$timestamp}') ";
        $results = mysqli_query($con, $query);
    } else {
        if ($reviewtext != "") {
            $query = "update reviewdb set rating = '{$rating}' , reviewtext = '{$reviewtext}', timestamp = '{$timestamp}' where reviewid = '{$reviewid}' ";
        } else {
            $query = "update reviewdb set rating = '{$rating}' , timestamp = '{$timestamp}' where reviewid = '{$reviewid}' ";
        }
        $results = mysqli_query($con, $query);
    }
} else {
    //not allowed on sql
}
/*