function performDelete()
{
validateUser();
withStatement("DELETE FROM DATA WHERE id=?", function ($statement) {
$id = getParameter(PARAMETER_ID, PARAMETER_REQUIRED);
$statement->bind_param("s", $id);
executeStatement($statement);
});
}
function newLogin()
{
withStatement("INSERT INTO SESSION (SESSION_ID,CREATED) VALUES (?,NOW())", function ($statement) {
$sessionId = generateSessionId();
$statement->bind_param("s", $sessionId);
executeStatement($statement);
$baseUrl = getBaseUrl();
$loginEmail = emailPrefixToAddress(LOGIN_EMAIL_PREFIX);
sendEmail(emailPrefixToAddress(LOGIN_EMAIL_PREFIX), "Innlogging", "\n\nLogg inn via denne linken:\n{$baseUrl}/php/login.php?sessionId={$sessionId}");
echo "{\"email\":\"{$loginEmail}\"}";
});
}
<?php
include './database.php';
//gets the username for the logged in user
$username = $_GET['username'];
//sql statement to retrieve all of the logged in user's contacts
$statement = "SELECT contact FROM Contacts WHERE username='******'";
//returns all of the logged in user's contacts
$results = executeStatement($statement);
//get elemtns returned from sql and turn into array
$contactArray = array();
foreach ($results as $row) {
array_push($contactArray, $row["contact"]);
}
//convert results into json to be returned to calling ajax
$ret = array('contacts' => $contactArray);
$json = json_encode($ret);
//echo json in order to return it
echo $json;
return $_FILES['file']['type'];
}
function getName()
{
return $_FILES['file']['name'];
}
$performPost = function () {
validateUser();
$id = getParameter(PARAMETER_ID, PARAMETER_REQUIRED);
$dataType = getParameter(PARAMETER_DATA_TYPE, PARAMETER_REQUIRED);
$contentType = getContentType();
$data = getData();
$name = getName();
$insert = withStatement("SELECT id FROM DATA WHERE id=?", function ($statement) use($id) {
$statement->bind_param("s", $id);
return countRows($statement) == 0;
});
if ($insert) {
withStatement("INSERT INTO DATA(id,dataType,contentType,data, name) VALUES(?,?,?,?,?)", function ($statement) use($id, $dataType, $contentType, $data, $name) {
$statement->bind_param("sssss", $id, $dataType, $contentType, $data, $name);
executeStatement($statement);
});
} else {
withStatement("UPDATE DATA SET data=?,dataType=?,contentType=?,name=? WHERE id=?", function ($statement) use($id, $dataType, $contentType, $data, $name) {
$statement->bind_param("sssss", $data, $dataType, $contentType, $name, $id);
executeStatement($statement);
});
}
};
validateUser();
handleRequest(array("POST" => $performPost));
<?php
include './database.php';
$status = $_GET["status"];
$user = $_COOKIE["username"];
$sqlStatement = "UPDATE Users SET status='" . $status . "' WHERE username='******'";
executeStatement($sqlStatement);
header('Location: ./profile.php?userVar=' . $user);
/**
* Inserts a song queue time record into the database. The default timestamp of
* 0 is used for the last time requested, and the user reference is set to NULL.
*
* @param $id The ID of the song to insert a queue time record for.
*/
function addSongRequestTime($id)
{
executeStatement('addSongRequestTime', array($id));
}
<?php
include './database.php';
$sender = $_GET['username'];
$receiver = $_GET['recpUser'];
if (!($receiver == "")) {
$sqlStatement = "SELECT * FROM Blocked WHERE (username='******' AND blocked='" . $receiver . "') OR (username='******' AND blocked='" . $sender . "')";
$results = executeStatement($sqlStatement);
$sqlStatement = "SELECT * FROM Users WHERE username='******'";
$realUser = executeStatement($sqlStatement);
if (count($results) <= 0 && count($realUser) > 0) {
$newTimeStamp = $_GET['time'];
$message = $_GET['message'];
$toInsert = "INSERT INTO Messages VALUE ('" . $sender . "','" . $receiver . "','" . $newTimeStamp . "','" . $message . "')";
executeStatement($toInsert);
$ret = array('status' => "");
echo json_encode($ret);
} else {
if (count($results) > 0) {
$ret = array('status' => "Communications are blocked.");
echo json_encode($ret);
} else {
$ret = array('status' => "This user does not exist.");
echo json_encode($ret);
}
}
}
<?php
include "./database.php";
session_start();
$user = "";
if (isset($_COOKIE['username'])) {
$user = $_COOKIE['username'];
} else {
header('Location: index.php');
}
$sql = "SELECT * FROM Users WHERE username = '******'";
$results = executeStatement($sql);
$username = $results[0][0];
echo $username;
?>
<html>
<body>
hello
</body>
</html>
$id = getEmployeIdPrefix() . $nid;
$check = checkrandom($id);
while ($check == false) {
$nid = randomPrefix(3);
$id = getEmployeIdPrefix() . $nid;
$check = checkrandom($id);
}
//echo $id;
$query = "insert into emp_login (user_pwd, disp_name, user_name) values ('" . encrypt_decrypt('encrypt', $pwd) . "', '{$name}', '{$id}')";
$result = executeStatement($query);
echo mysql_error();
$query2 = "insert into emp_details (emp_id, desig_code, dept_code, dob, doj, telephone, mobile, email_id, addr) values ('{$id}', '{$desg}', '{$dept}', '{$dob}', '{$doj}', '{$hphone}', '{$mobile}', '{$mail}', '{$addr}')";
$result2 = executeStatement($query2);
echo mysql_error();
$query4 = "insert into emp_comp_details (emp_id, pf_no, esi_no, bank_name, bank_acc_no, bank_branch) values ('{$id}', '{$pf_no}', '{$esi_no}', '{$bname}', '{$bacc}', '{$bbranch}')";
$result4 = executeStatement($query4);
echo mysql_error();
$index++;
}
}
}
$msg = 'Data Updated Successfully';
//header("location:".$_GET['url']);
}
?>
<script type="text/javascript">
////alert('Record Inserted successfully');
//location.href='<?php
//echo $_GET['url'];
?>
';
function countRows($statement)
{
executeStatement($statement);
$result = $statement->get_result();
return mysqli_num_rows($result);
}
<?php
include "./database.php";
session_start();
$userVar = "";
if (isset($_COOKIE['username'])) {
$userVar = $_COOKIE['username'];
} else {
header('Location: index.php');
}
$sql = "DELETE FROM Users WHERE username='******'";
//following lines extracts all of current users info
executeStatement($sql);
$sql = "DELETE FROM Messages WHERE sender='" . $userVar . "' OR receiver='" . $userVar . "'";
executeStatement($sql);
$sql = "DELETE FROM Contacts WHERE username='******' OR contact='" . $userVar . "'";
executeStatement($sql);
$sql = "DELETE FROM Blocked WHERE username='******' OR blocked='" . $userVar . "'";
executeStatement($sql);
// deletes the cookies for the logged in user when the user presses 'logout'
setcookie('username', '', time() - 3600);
// deletes the user session
session_unset();
session_destroy();
header('Location: index.php');
function executeStatementAndCheckRowsAffected($stmt)
{
if (!executeStatement($stmt)) {
return false;
}
if (mysqli_stmt_affected_rows($stmt) === 0) {
logError('no rows affected');
return false;
}
return true;
}
