function userHasRole($role) { include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php'; try { $sql = 'SELECT COUNT(*) FROM author INNER JOIN authorrole ON author.id = authorid INNER JOIN role ON roleid = role.id WHERE email = :email AND role.id = :roleid'; $s = $pdo->prepare($sql); $s->bindValue(':email', $_SESSION['email']); $s->bindValue(':roleid', $role); $s->execute(); } catch (PDOException $e) { errorText('Error with check the permission', $e); } $row = $s->fetch(); if ($row[0] > 0) { return true; } else { return false; } }
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/helpers.inc.php'; include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php'; try { $sql = 'SELECT id, joketext FROM joke ORDER BY jokedate DESC LIMIT 3'; $result = $pdo->query($sql); } catch (PDOException $e) { errorText('Unable to select jokes: ', $e); } foreach ($result as $row) { $jokes[] = array('text' => $row['joketext']); } include 'jokes.html.php';
include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php'; try { $sql = 'DELETE FROM jokecategory WHERE jokeid = :id'; $s = $pdo->prepare($sql); $s->bindValue(':id', $_POST['id']); $s->execute(); } catch (PDOException $e) { errorText('Error with deleting the joke from DB', $e); } try { $sql = 'DELETE FROM joke WHERE id = :id'; $s = $pdo->prepare($sql); $s->bindValue(':id', $_POST['id']); $s->execute(); } catch (PDOException $e) { errorText('Error with deleting the joke from DB', $e); } header('Location: .'); exit; } if (isset($_GET['action']) && $_GET['action'] == 'search') { include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php'; //базовое выражение SELECT $select = 'SELECT id, joketext'; $from = ' FROM joke'; $where = ' WHERE TRUE'; $placeholders = array(); if ($_GET['author'] != '') { $where .= ' AND authorid = :authorid'; $placeholders[':authorid'] = $_GET['author']; }
$s = $pdo->prepare($sql); $s->bindValue(':id', $_POST['id']); $s->execute(); } catch (PDOException $e) { errorText('Unable to delete role from database', $e); } if (isset($_POST['roles'])) { foreach ($_POST['roles'] as $role) { try { $sql = 'INSERT INTO authorrole SET authorid = :authorid, roleid = :roleid'; $s = $pdo->prepare($sql); $s->bindValue(':authorid', $_POST['id']); $s->bindValue(':roleid', $role); $s->execute(); } catch (PDOException $e) { errorText('Unable to insert author role', $e); } } } header('Location: .'); exit; } include $_SERVER['DOCUMENT_ROOT'] . '/inc/db.inc.php'; try { $result = $pdo->query('SELECT id, name FROM author'); } catch (PDOException $e) { $error = 'Unable to select authors: ' . '<br>' . $e->getMessage(); include $_SERVER['DOCUMENT_ROOT'] . 'inc/error.html.php'; exit; } //вывод авторов через массив
//Заголовок Content-type должен идти перед Content-disposition для работоспособности в старых браузерах header('Content-length: ' . strlen($fileData)); header("Content-type: {$mimeType}"); header("Content-disposition: {$disposition}; filename = {$fileName}"); echo $fileData; exit; } if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id'])) { include $_SERVER['DOCUMENT_ROOT'] . '/chapter12/inc/db.inc.php'; try { $sql = 'DELETE FROM filestore WHERE id = :id'; $s = $pdo->prepare($sql); $s->bindValue(':id', $_POST['id']); $s->execute(); } catch (PDOException $e) { errorText('Unable to delete file: ', $e); } header('Location: .'); exit; } include $_SERVER['DOCUMENT_ROOT'] . '/chapter12/inc/db.inc.php'; try { $result = $pdo->query('SELECT id, filename, mimetype, description FROM filestore'); } catch (PDOException $e) { errorText('Unable to select files: ', $e); } $files = array(); foreach ($result as $row) { $files[] = array('id' => $row['id'], 'filename' => $row['filename'], 'mimetype' => $row['mimetype'], 'description' => $row['description']); } include 'filestore.html.php';