$rs = ""; $category = 0; $category = $_POST["flag2"]; $constraint = $_POST["flag3"]; include "db.php"; $temp = explode(" ", $query); $altdata = "kd"; function checkintruder($query) { if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $query) || $query == "") { return false; } else { return true; } } if (checkintruder($query)) { $count = 0; foreach ($temp as $word) { // like product name if ($category != 0) { //make product search inside this category space. } else { //search product irrespective of categories. } //make query to ignore first ten items, or pass constraint as ascending timestamps of products. $rs .= '<div class="col-xs-6 col-sm-6 col-md-4 col-lg-3 BLOCK"> <a href="index.php?pagetype=product&productid=pid"> <div class="product"> <img alt="' . $altdata . '" src="images/searchpic.png" /> <div class="desc"><span>data about image</span></div> </div>
$commenttext = $_POST["flag2"]; include "db.php"; function checkintruder($query) { if (preg_match('/[\'}{@#~?><>/', $query)) { return false; } else { return true; } } $timestamp = time(); $username = $_SESSION['username']; $commentid = $reviewid . "_comments_" . $timestamp; $count = 0; $query = "select reviewid from reviewdb where ( reviewid = '{$reviewid}') "; $results = mysqli_query($con, $query); while ($row = mysqli_fetch_array($results)) { $count++; } if (checkintruder($commenttext) && $commenttext != "") { $query = "insert into commentdb values ('{$commentid}', '{$reviewid}', '{$username}', '{$commenttext}', '{$timestamp}') "; $results = mysqli_query($con, $query); } /* header('content-type: application/json'); echo json_encode($rs); */ ?>
return false; } else { return true; } } $timestamp = time(); $username = $_SESSION['username']; $reviewid = $productid . '_review_' . $timestamp; $count = 0; $query = "select reviewid from reviewdb where ( productid = '{$productid}' and username = '******') "; $results = mysqli_query($con, $query); while ($row = mysqli_fetch_array($results)) { $count++; $reviewid = $row['reviewid']; } if (checkintruder($reviewtext)) { if ($count == 0) { $query = "insert into reviewdb values ('{$reviewid}', '{$productid}', '{$username}', '{$rating}' , '{$reviewtext}', '{$timestamp}') "; $results = mysqli_query($con, $query); } else { if ($reviewtext != "") { $query = "update reviewdb set rating = '{$rating}' , reviewtext = '{$reviewtext}', timestamp = '{$timestamp}' where reviewid = '{$reviewid}' "; } else { $query = "update reviewdb set rating = '{$rating}' , timestamp = '{$timestamp}' where reviewid = '{$reviewid}' "; } $results = mysqli_query($con, $query); } } else { //not allowed on sql } /*