function performDelete() { validateUser(); withStatement("DELETE FROM DATA WHERE id=?", function ($statement) { $id = getParameter(PARAMETER_ID, PARAMETER_REQUIRED); $statement->bind_param("s", $id); executeStatement($statement); }); }
function newLogin() { withStatement("INSERT INTO SESSION (SESSION_ID,CREATED) VALUES (?,NOW())", function ($statement) { $sessionId = generateSessionId(); $statement->bind_param("s", $sessionId); executeStatement($statement); $baseUrl = getBaseUrl(); $loginEmail = emailPrefixToAddress(LOGIN_EMAIL_PREFIX); sendEmail(emailPrefixToAddress(LOGIN_EMAIL_PREFIX), "Innlogging", "\n\nLogg inn via denne linken:\n{$baseUrl}/php/login.php?sessionId={$sessionId}"); echo "{\"email\":\"{$loginEmail}\"}"; }); }
<?php include './database.php'; //gets the username for the logged in user $username = $_GET['username']; //sql statement to retrieve all of the logged in user's contacts $statement = "SELECT contact FROM Contacts WHERE username='******'"; //returns all of the logged in user's contacts $results = executeStatement($statement); //get elemtns returned from sql and turn into array $contactArray = array(); foreach ($results as $row) { array_push($contactArray, $row["contact"]); } //convert results into json to be returned to calling ajax $ret = array('contacts' => $contactArray); $json = json_encode($ret); //echo json in order to return it echo $json;
return $_FILES['file']['type']; } function getName() { return $_FILES['file']['name']; } $performPost = function () { validateUser(); $id = getParameter(PARAMETER_ID, PARAMETER_REQUIRED); $dataType = getParameter(PARAMETER_DATA_TYPE, PARAMETER_REQUIRED); $contentType = getContentType(); $data = getData(); $name = getName(); $insert = withStatement("SELECT id FROM DATA WHERE id=?", function ($statement) use($id) { $statement->bind_param("s", $id); return countRows($statement) == 0; }); if ($insert) { withStatement("INSERT INTO DATA(id,dataType,contentType,data, name) VALUES(?,?,?,?,?)", function ($statement) use($id, $dataType, $contentType, $data, $name) { $statement->bind_param("sssss", $id, $dataType, $contentType, $data, $name); executeStatement($statement); }); } else { withStatement("UPDATE DATA SET data=?,dataType=?,contentType=?,name=? WHERE id=?", function ($statement) use($id, $dataType, $contentType, $data, $name) { $statement->bind_param("sssss", $data, $dataType, $contentType, $name, $id); executeStatement($statement); }); } }; validateUser(); handleRequest(array("POST" => $performPost));
<?php include './database.php'; $status = $_GET["status"]; $user = $_COOKIE["username"]; $sqlStatement = "UPDATE Users SET status='" . $status . "' WHERE username='******'"; executeStatement($sqlStatement); header('Location: ./profile.php?userVar=' . $user);
/** * Inserts a song queue time record into the database. The default timestamp of * 0 is used for the last time requested, and the user reference is set to NULL. * * @param $id The ID of the song to insert a queue time record for. */ function addSongRequestTime($id) { executeStatement('addSongRequestTime', array($id)); }
<?php include './database.php'; $sender = $_GET['username']; $receiver = $_GET['recpUser']; if (!($receiver == "")) { $sqlStatement = "SELECT * FROM Blocked WHERE (username='******' AND blocked='" . $receiver . "') OR (username='******' AND blocked='" . $sender . "')"; $results = executeStatement($sqlStatement); $sqlStatement = "SELECT * FROM Users WHERE username='******'"; $realUser = executeStatement($sqlStatement); if (count($results) <= 0 && count($realUser) > 0) { $newTimeStamp = $_GET['time']; $message = $_GET['message']; $toInsert = "INSERT INTO Messages VALUE ('" . $sender . "','" . $receiver . "','" . $newTimeStamp . "','" . $message . "')"; executeStatement($toInsert); $ret = array('status' => ""); echo json_encode($ret); } else { if (count($results) > 0) { $ret = array('status' => "Communications are blocked."); echo json_encode($ret); } else { $ret = array('status' => "This user does not exist."); echo json_encode($ret); } } }
<?php include "./database.php"; session_start(); $user = ""; if (isset($_COOKIE['username'])) { $user = $_COOKIE['username']; } else { header('Location: index.php'); } $sql = "SELECT * FROM Users WHERE username = '******'"; $results = executeStatement($sql); $username = $results[0][0]; echo $username; ?> <html> <body> hello </body> </html>
$id = getEmployeIdPrefix() . $nid; $check = checkrandom($id); while ($check == false) { $nid = randomPrefix(3); $id = getEmployeIdPrefix() . $nid; $check = checkrandom($id); } //echo $id; $query = "insert into emp_login (user_pwd, disp_name, user_name) values ('" . encrypt_decrypt('encrypt', $pwd) . "', '{$name}', '{$id}')"; $result = executeStatement($query); echo mysql_error(); $query2 = "insert into emp_details (emp_id, desig_code, dept_code, dob, doj, telephone, mobile, email_id, addr) values ('{$id}', '{$desg}', '{$dept}', '{$dob}', '{$doj}', '{$hphone}', '{$mobile}', '{$mail}', '{$addr}')"; $result2 = executeStatement($query2); echo mysql_error(); $query4 = "insert into emp_comp_details (emp_id, pf_no, esi_no, bank_name, bank_acc_no, bank_branch) values ('{$id}', '{$pf_no}', '{$esi_no}', '{$bname}', '{$bacc}', '{$bbranch}')"; $result4 = executeStatement($query4); echo mysql_error(); $index++; } } } $msg = 'Data Updated Successfully'; //header("location:".$_GET['url']); } ?> <script type="text/javascript"> ////alert('Record Inserted successfully'); //location.href='<?php //echo $_GET['url']; ?> ';
function countRows($statement) { executeStatement($statement); $result = $statement->get_result(); return mysqli_num_rows($result); }
<?php include "./database.php"; session_start(); $userVar = ""; if (isset($_COOKIE['username'])) { $userVar = $_COOKIE['username']; } else { header('Location: index.php'); } $sql = "DELETE FROM Users WHERE username='******'"; //following lines extracts all of current users info executeStatement($sql); $sql = "DELETE FROM Messages WHERE sender='" . $userVar . "' OR receiver='" . $userVar . "'"; executeStatement($sql); $sql = "DELETE FROM Contacts WHERE username='******' OR contact='" . $userVar . "'"; executeStatement($sql); $sql = "DELETE FROM Blocked WHERE username='******' OR blocked='" . $userVar . "'"; executeStatement($sql); // deletes the cookies for the logged in user when the user presses 'logout' setcookie('username', '', time() - 3600); // deletes the user session session_unset(); session_destroy(); header('Location: index.php');
function executeStatementAndCheckRowsAffected($stmt) { if (!executeStatement($stmt)) { return false; } if (mysqli_stmt_affected_rows($stmt) === 0) { logError('no rows affected'); return false; } return true; }