/** * sets pvausearchterms for user ID * *@throws MySQLConnectionException if a problem with MySQL happened */ function SetSearchterms($uid, $searchterms) { $searchterms = str_replace('"', '\'', $searchterms); if (isset($uid)) { if ($this->existsEntry("ID", $uid)) { parent::alterEntry($uid, 'searchterms', sql_prev_inj($searchterms)); } else { $this->addEntry("ID", $uid, "searchterms", sql_prev_inj($searchterms)); return false; } } }
/** * Gives the book ID from a given isbn (!) barcode */ function getBookIDByISBN($isbn) { require_once PATH_ACCESS . '/DBConnect.php'; $query = sql_prev_inj(sprintf('isbn = "%s"', $isbn)); $result = parent::searchEntry($query); if (!$result) { /** * @todo Proper Errorhandling here, not this: (wouldnt even execute) * throw DB_QUERY_ERROR.$this->db->error; */ } return $result; }
/** * Returns all Orders of soli_orders sorted by date */ function getSortedOrders() { $orders = array(); $query = sql_prev_inj(sprintf('SELECT * FROM %s ORDER BY %s', $this->tablename, 'date')); $result = $this->db->query($query); if (!$result) { throw new MySQLConnectionException($this->db->error); } while ($order = $result->fetch_assoc()) { $orders[] = $order; } if (!$orders || !count($orders)) { throw new MySQLVoidDataException('No Orders found in getSortedOrers'); } return $orders; }
/** Sorts the lending list for a UserID it gets from MySQL-table and returns them * Used by mod_retour !! */ function getLoanlistByUID($uid) { require_once PATH_ACCESS . '/DBConnect.php'; $res_array = array(); $query = sql_prev_inj(sprintf('SELECT * FROM %s WHERE user_id = "%s"', $this->tablename, $uid)); $result = $this->db->query($query); if (!$result) { /** * @todo Proper Errorhandling here, not this: (wouldnt even execute) * throw DB_QUERY_ERROR.$this->db->error; */ } while ($buffer = $result->fetch_assoc()) { $res_array[] = $buffer; } return $res_array; }
/** * Deletes all Orders which dates are smaller than the given timestamp * (yesterday or earlier, not involving hours, minutes, seconds) * @param string $timestamp * @throws MySQLConnectionException */ function deleteOrdersBeforeDate($timestamp) { $query = sql_prev_inj(sprintf('DELETE FROM %s WHERE date < "%s"', $this->tablename, date('Y-m-d', $timestamp))); $result = $this->db->query($query); if (!$result) { throw new MySQLConnectionException($this->db->error); } }
/** * Enter description here... */ function navBar($showPage, $table, $headmod, $mod, $action, $filter) { require_once 'sql_access/DBConnect.php'; $dbObject = new DBConnect(); $dbObject->initDatabaseFromXML(); $db = $dbObject->getDatabase(); $db->query('set names "utf8";'); $query = sql_prev_inj(sprintf('SELECT COUNT(*) AS total FROM %s', $table)); $result = $db->query($query); if (!$result) { throw new Exception('Fehler: Nichts gefunden!'); } $row = $result->fetch_array(MYSQLI_ASSOC); $maxPages = ceil($row['total'] / 10); $string = ""; if ($showPage > 1) { $string .= '<a href="?sitePointer=1§ion=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '"><<</a> '; $string .= '<a href="?sitePointer=' . ($showPage - 1) . '§ion=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '"><</a> '; } for ($x = $showPage - 5; $x <= $showPage + 5; $x++) { if ($x > 0 && $x < $showPage || $x > $showPage && $x <= $maxPages) { $string .= '<a href="?sitePointer=' . $x . '§ion=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '">' . $x . '</a> '; } if ($x == $showPage) { $string .= $x . ' '; } } if ($showPage < $maxPages) { $string .= '<a href="?sitePointer=' . ($showPage + 1) . '§ion=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '">></a> '; $string .= '<a href="?sitePointer=' . $maxPages . '§ion=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '">>></a> '; } return $string; }
/** * Returns every Element that has the same value as one of the values in the valuearray of the column-key $key * @param string $keyName The Key of the Column in the MySQL-table * @param array($value) $valueArray */ public function getMultipleEntriesByArray($keyName, $valueArray) { $valueStr = ''; if (!count($valueArray)) { throw new BadMethodCallException('valueArray is void!'); } foreach ($valueArray as $value) { $valueStr .= sprintf('"%s", ', $value); } $valueStr = rtrim($valueStr, ', '); $query = sql_prev_inj(sprintf('SELECT * FROM %s WHERE %s IN (%s);', $this->tablename, $keyName, $valueStr)); $result = $this->executeQuery($query); return $this->getResultArrayContent($result); }
/** * */ public function getPriceclass($mid) { $query = sql_prev_inj(sprintf('SELECT price_class FROM %s WHERE ID="%s"', $this->tablename, $mid)); $result = $this->db->query($query); if (!$result) { throw new MySQLConnectionException($this->db->error); } return $result->fetch_assoc()['price_class']; }
function getInvIDByBarcode($barcode) { require_once PATH_ACCESS . '/DBConnect.php'; $bookmanager = new BookManager(); $barcode = str_replace("-", "/", $barcode); // replace - with / $barcode = preg_replace("/\\/([0-9])/", "/ \$1", $barcode); //add space after / when it's missing $barcode = str_replace(" ", " ", $barcode); // remove two empty spaces $bookData = $bookmanager->getBookDataByBarcode($barcode); try { $barcode_exploded = explode(' ', $barcode); } catch (Exception $e) { } if (isset($bookData["id"]) && isset($barcode_exploded[5])) { $query = sql_prev_inj(sprintf('book_id = %s AND year_of_purchase = %s AND exemplar = %s', $bookData["id"], $barcode_exploded[1], $barcode_exploded[5])); $result = parent::searchEntry($query); return $result['id']; } }
public function updateLastLoginToNow($userId) { /** * @todo In database: set type of last_login to DATETIME * because SUBSTRING(CAST(NOW() AS char), 0, 11) is ugly. */ $query = sql_prev_inj(sprintf('UPDATE %s SET last_login = SUBSTRING(CAST(NOW() AS char), 0, 11) WHERE ID = %s', $this->tablename, $userId)); $this->executeQuery($query); }
/** * This function returns the ID of the Card which has the given UserID * Enter description here ... * @param numeric_string $ID The ID of the User * @throws MySQLVoidDataException If there is no card with this UserID * @throws UnexpectedValueException If MySQL found a User with multiple Cardnumbers * @return numeric_string the CardID */ function getCardIDByUserID($ID) { require PATH_ACCESS . '/databaseDistributor.php'; $query = sql_prev_inj(sprintf('SELECT * FROM %s WHERE UID=%s', $this->tablename, $ID)); $result = $this->db->query($query); $card = $result->fetch_assoc(); if (!$card) { throw new MySQLVoidDataException('MySQL returned no data!'); } if ($result->fetch_assoc() && $result != NULL) { //MySQL found two entries with the same user. Bad! throw new UnexpectedValueException('The User has two or more cardnumbers! fix it first!'); } return $card['ID']; }