<?php /** * Created by IntelliJ IDEA. * User: aljordan * Date: 10/26/15 * Time: 8:44 PM */ function validateDate($date) { $d = DateTime::createFromFormat('Y-m-d', $date); return $d && $d->format('Y-m-d') == $date; } $iniArray = parse_ini_file("../nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { case 'loadSurveyResults': $surveyId = $_POST['surveyId']; $pageId = $_POST['pageId']; $beginDate = $_POST['beginDate']; $endDate = $_POST['endDate']; $questionsFilter = $_POST['questionsFilter']; $pageFilter = ""; $beginDateFilter = ""; $endDateFilter = ""; if ($pageId !== "all") { $pageFilter = " and question.pageId = {$pageId}"; } if (validateDate($beginDate)) { $beginDateFilter = " and response.datetime >= '{$beginDate}'";
<?php $db = new MySqli('localhost', 'root', '', 'pbas_db'); ?> <?php $action = !empty($_POST['action']) ? $_POST['action'] : ''; //action to be used(insert, delete, update, fetch) $lstparray = !empty($_POST['lstparray']) ? $_POST['lstparray'] : ''; //an array of the student details //check if the student is not an empty string //and assigns a value to $name and $age if its not empty if (!empty($lstparray)) { $course = $lstparray['course']; $level = $lstparray['level']; $mot = $lstparray['mot']; $noc = $lstparray['noc']; $practicals = $lstparray['practicals']; $ctdr = $lstparray['ctdr']; $ctapi = $lstparray['ctapi']; $tlapi = $lstparray['tlapi']; } switch ($action) { default: //only select student records which aren't deleted $students = $db->query("SELECT * FROM teach_lstp"); $students_r = array(); while ($row = $students->fetch_array()) { //default student data $course = $row['Teach_LSTP_Course']; $level = $row['Teach_LSTP_Level'];
<?php $db = new MySqli('localhost', 'root', '', 'tutorials'); $action = !empty($_POST['action']) ? $_POST['action'] : ''; $student = !empty($_POST['student']) ? $_POST['student'] : ''; if (!empty($student)) { $name = $student['name']; $age = $student['age']; } switch ($action) { case 'insert': $db->query("INSERT INTO students SET name = '{$name}', age = '{$age}'"); echo $db->insert_id; //last insert id break; case 'update': $id = $student['id']; $db->query("UPDATE students SET name = '{$name}', age = '{$age}' WHERE id = '{$id}'"); break; case 'delete': $id = $_POST['student_id']; $db->query("UPDATE students SET status = 0 WHERE id = '{$id}'"); break; default: $students = $db->query("SELECT * FROM students WHERE status = 1"); $students_r = array(); while ($row = $students->fetch_array()) { $id = $row['id']; $name = $row['name']; $age = $row['age']; $name_update = false;
<?php $iniArray = parse_ini_file("../nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { case 'insertAnswerTemplate': $dbAnswerTemplate = !empty($_POST['dbAnswerTemplate']) ? $_POST['dbAnswerTemplate'] : ''; if (!empty($dbAnswerTemplate)) { //note - use of $mysqli->real_escape_string() is to prevent SQL Injection attacks. $answerTemplateName = $db->real_escape_string($dbAnswerTemplate); $db->query("INSERT INTO answertemplate (answerTemplateName, locked) VALUES ('{$answerTemplateName}',0)"); echo $db->insert_id; //last insert id } break; case 'saveAnswers': $answersArray = !empty($_POST['dbAnswersArray']) ? $_POST['dbAnswersArray'] : ''; foreach ($answersArray as $answer) { $answerId = $answer['answerId']; $answerOrder = $answer['answerOrder']; $answerText = $db->real_escape_string($answer['answerText']); $answerTemplateId = $db->real_escape_string($answer['answerTemplateId']); $test = $db->query("SELECT COUNT(*) as x, answerId FROM answer WHERE answerId = '{$answerId}' and answerTemplateId = '{$answerTemplateId}'"); $result = $test->fetch_array(); if ($result[0] == 0) { $db->query("INSERT INTO answer (answerId, answerText, answerOrder, answerTemplateId) VALUES ('{$answerId}', '{$answerText}', '{$answerOrder}', '{$answerTemplateId}')"); } else { $db->query("UPDATE answer SET answerOrder = '{$answerOrder}', answerText = '{$answerText}' WHERE answerId = '{$answerId}' and answerTemplateId = '{$answerTemplateId}'"); } }
<?php $iniArray = parse_ini_file("nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { default: $surveys = $db->query("select surveyid, surveyname, surveydescription from survey where archived = 0 and published = 1 order by surveyname"); $surveysReturned = array(); while ($row = $surveys->fetch_array()) { $surveyId = $row['surveyid']; $surveyName = $row['surveyname']; $surveyDescription = $row['surveydescription']; $surveysReturned[] = array('surveyId' => $surveyId, 'surveyName' => $surveyName, 'surveyDescription' => $surveyDescription); } echo json_encode($surveysReturned); break; }
<?php $iniArray = parse_ini_file("nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { case 'saveResponses': $dbUserId = !empty($_POST['dbUserId']) ? $_POST['dbUserId'] : ''; $dbSurveyId = !empty($_POST['dbSurveyId']) ? $_POST['dbSurveyId'] : ''; $userId = $db->real_escape_string($dbUserId); $surveyId = $db->real_escape_string($dbSurveyId); $questionsArray = !empty($_POST['dbQuestionsArray']) ? $_POST['dbQuestionsArray'] : ''; foreach ($questionsArray as $response) { $questionId = $response['questionId']; $selectedAnswerId = $db->real_escape_string($response['selectedAnswer']); $freeResponseText = $db->real_escape_string($response['freeResponseText']); if ($selectedAnswerId == "null" && $freeResponseText != "null") { // check to see if free response question $test = $db->query("SELECT COUNT(*) as x, freeResponseId FROM freeResponse WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'"); $result = $test->fetch_array(); if ($result[0] == 0) { $db->query("INSERT INTO freeResponse (userId, surveyId, questionId, responseText, datetime) VALUES ('{$userId}', '{$surveyId}', '{$questionId}', '{$freeResponseText}', NOW())"); } else { $db->query("UPDATE freeResponse SET responseText = '{$freeResponseText}', datetime = NOW() WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'"); } } else { if ($selectedAnswerId != "null") { $test = $db->query("SELECT COUNT(*) as x, responseId FROM response WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'"); $result = $test->fetch_array(); if ($result[0] == 0) { $db->query("INSERT INTO response (userId, surveyId, questionId, answerId, datetime) VALUES ('{$userId}', '{$surveyId}', '{$questionId}', '{$selectedAnswerId}', NOW())");
<?php $iniArray = parse_ini_file("../nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { case 'insertSurvey': $dbSurvey = !empty($_POST['dbSurvey']) ? $_POST['dbSurvey'] : ''; if (!empty($dbSurvey)) { //note - use of $mysqli->real_escape_string() is to prevent SQL Injection attacks. //$surveyId = $db->real_escape_string($dbSurvey['surveyId']); $surveyName = $db->real_escape_string($dbSurvey['surveyName']); $surveyDescription = $db->real_escape_string($dbSurvey['surveyDescription']); $locked = $db->real_escape_string($dbSurvey['locked']); $published = $db->real_escape_string($dbSurvey['published']); //$db->query("INSERT INTO survey (surveyid, surveyname, surveydescription, locked) VALUES ('$surveyId', '$surveyName', '$surveyDescription', '$locked')"); $db->query("INSERT INTO survey (surveyname, surveydescription, locked, published) VALUES ('{$surveyName}', '{$surveyDescription}', {$locked}, {$published})"); echo $db->insert_id; //last insert id } break; case 'updateSurvey': $dbSurvey = !empty($_POST['dbSurvey']) ? $_POST['dbSurvey'] : ''; if (!empty($dbSurvey)) { $surveyId = $db->real_escape_string($dbSurvey['surveyId']); $surveyName = $db->real_escape_string($dbSurvey['surveyName']); $surveyDescription = $db->real_escape_string($dbSurvey['surveyDescription']); $published = $db->real_escape_string($dbSurvey['published']); $db->query("UPDATE survey SET surveyName = '{$surveyName}'," . " surveyDescription = '{$surveyDescription}', published = {$published} " . "WHERE surveyId = '{$surveyId}'"); } break;
$intCount++; print $intCount . ']'; $strColumns = 'pkid'; $strValues = 'NULL'; foreach ($arrResult as $strKey => $strValue) { $strColumns .= ', `' . strtolower($strKey) . '`'; if (strlen($strValue)) { $strValues .= ", '" . $objMySql->escape_string($strValue) . "'"; } else { $strValues .= ', NULL'; } } $strSql = sprintf('INSERT INTO `%s` VALUES (%s);', strtolower($strTableName), $strValues); $objMySql->query($strSql); } print " Done.\r\n"; } $strConnectionArray = unserialize(DB_CONNECTION_3); $objOdbc = odbc_connect(ACS_ODBC, null, null); $objMySql = new MySqli($strConnectionArray['server'], $strConnectionArray['username']); $objMySql->select_db($strConnectionArray['database']); $objResult = $objMySql->query('SHOW TABLES;'); $intRowCount = $objResult->num_rows; $intIndex = 1; while ($strArray = $objResult->fetch_array()) { printf('[%3s/%3s] ', $intIndex, $intRowCount); $strTableName = $strArray[0]; ImportData($objOdbc, $objMySql, $strTableName); $intIndex++; } $objMySql->close();
} $strSql .= " PRIMARY KEY (pkid)\r\n);\r\n\r\n"; return $strSql; } $objOdbc = odbc_connect(ACS_ODBC, null, null); $objDirectory = opendir(ACS_DATA_PATH); $strSql = null; while ($strFile = readdir($objDirectory)) { $strFile = strtolower($strFile); if (substr($strFile, strlen($strFile) - 7) == '.acsdat') { $strTableName = substr($strFile, 0, strlen($strFile) - 7); $strSql .= GetTableScript($objOdbc, $strTableName, $strTableName, null); } } if (trim(strtolower($objParameters->GetDefaultValue('output_path'))) == 'run') { $strConnectionArray = unserialize(DB_CONNECTION_3); $objMySql = new MySqli($strConnectionArray['server'], $strConnectionArray['username']); $objMySql->select_db('mysql'); $objMySql->query('DROP DATABASE IF EXISTS `' . $strConnectionArray['database'] . '`;'); $objMySql->query('CREATE DATABASE `' . $strConnectionArray['database'] . '`;'); $objMySql->select_db($strConnectionArray['database']); foreach (explode(';', $strSql) as $strSqlStatement) { $objMySql->query(trim($strSqlStatement . ';')); if ($strError = $objMySql->error) { print $strError . "\r\n"; } } $objMySql->close(); } else { file_put_contents($objParameters->GetDefaultValue('output_path'), $strSql); }