function getSettings() { $db = new DBObject('cdc'); $sql = "SELECT schoolyear, semester FROM settings LIMIT 1"; if ($res = $db->query($sql)) { $settings = mysqli_fetch_assoc($res); return array('year' => intval($settings['schoolyear']), 'sem' => intval($settings['semester'])); } else { return false; } }
public function refresh(DBObject $db, $table = 'userinfo', $fields = ['userid'], $status = 'status') { $sql = "SELECT * FROM {$table} WHERE {$fields[0]} = {$_SESSION[$fields[0]]}"; if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if ($row[$status] == 0) { return false; } foreach ($fields as $field) { $_SESSION[$field] = $row[$field]; } return true; } else { // echo $db->getError(); error_log($db->getError()); return false; } }
$numbers = array('Age', 'offhours', 'onhours', 'HasPhoto', 'HasCert', 'HasEvalForm', 'schoolyear', 'semester'); $bools = array('HasPhoto' => 'rp', 'HasCert' => 'rc', 'HasEvalForm' => 're'); foreach ($_POST as $key => $value) { if ($key == 'sid' || $key == 'onid' || $key == 'offid') { ctype_digit($value) or die('Error: record does not exist.'); $id = $value; $col = $db->escape($key); } else { $key = in_array($key, $bools) ? array_search($key, $bools) : $db->escape($key); $value = $key === 'Bday' ? date('Y-m-d', strtotime(trim($value))) : $db->escape($value); if (strstr($key, '-') === false) { $value = in_array($key, $numbers) ? $value : "'{$value}'"; $sql = "UPDATE students SET {$key} = {$value} WHERE {$col} = {$id}"; } else { $arrkey = explode('-', $key); $value = in_array($arrkey[1], $numbers) ? "{$value}" : "'{$value}'"; if (empty($col)) { $sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value}"; } else { $sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value} WHERE {$col} = {$id}"; } } echo "{$sql}. "; if ($db->query($sql) && $db->getAffected() > 0) { echo "Saved."; } else { echo $db->getError(); } } } }
$sql = <<<EOSQL INSERT INTO \tstudents( \t\tlname, fname, mname, \t\tcourse, year, address, \t\tContact, Bday, Age, Gender, CivStat, Father, FatherPhone, Mother, MotherPhone, \t\tHasPhoto \t) \tVALUES( \t\t'{$lname}', '{$fname}', '{$mname}', \t\t'{$course}', '{$year}', '{$address}', \t\t'{$Contact}', '{$Bday}', {$Age}, '{$Gender}', '{$CivStat}', '{$Father}', '{$FatherPhone}', '{$Mother}', '{$MotherPhone}', \t\t{$HasPhoto} \t) EOSQL; if ($db->query($sql)) { // $sid = $db->getLastID(); // $tables = array('students'); // $rows = array('sid'); // $values = array($sid); // // $sql = "INSERT INTO offcampus (student) VALUES ($sid)"; // $db->query($sql) or die(deleteLast($tables, $rows, $values, $db->getError())); // $offid = $db->getLastID(); // $tables[] = 'offcampus'; // $rows[] = 'offid'; // $values[] = $offid; // // $sql = "INSERT INTO oncampus (student) VALUES ($sid)"; // $db->query($sql) or die(deleteLast($tables, $rows, $values, $db->getError())); // $onid = $db->getLastID();
private function check_db($table, $name, $file) { $db = new DBObject('newspum'); // $sql = "SELECT * FROM images WHERE originalmd5 = '{$this->imagehash}'"; $sql = sprintf("SELECT * FROM {$table} WHERE originalmd5 = '%s'", $this->imagehash); $result = $db->query($sql); if ($row = mysqli_fetch_array($result)) { $this->imagehash = $row['originalmd5']; $this->newfname = $row[$file]; //default row['imagefile'] $this->newfile = $this->folderpath . $this->newfname; $temp = explode('.', $row[$file]); $this->thumbfile = $this->thumbfolder . 't' . $temp[0] . '.' . $this->thumbext; $this->dbname = $db->escape(trim($row[$name])); //default row['imagename'] $this->existing = true; } else { $this->dbname = $db->escape(trim($this->image['name'])); $this->existing = false; } }
<?php chdir('..'); date_default_timezone_set('Asia/Manila'); require_once 'includes/classDB.php'; require_once 'includes/functions.php'; if (!empty($_POST['username']) && !empty($_POST['userpass'])) { $db = new DBObject(CURRENT_DB); $username = $db->escape($_POST['username']); $hashpass = hash('md5', $_POST['userpass']); $sql = "SELECT * FROM userinfo WHERE userpass = '******' AND username = '******'"; $time = rand(1000 * 1000, 1000 * 500); usleep($time); // sleep(1); if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if ($row['status']) { init_session(); init_my_cookie(); $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['username']; $_SESSION['status'] = $row['status']; $_SESSION['admin'] = $row['admin']; extend_timeout(); echo "Welcome back, {$row['username']}!"; } else { echo "This account has not yet been activated."; } } else { die('Invalid username/password.'); }
extend_timeout(); //print_r($_POST); $db = new DBObject(CURRENT_DB); $sql = '1'; //die('sample'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['start'])) { $startstring = "{$_POST['start']} {$_POST['start-hour']}:{$_POST['start-minute']} {$_POST['start-ampm']}"; $start = date_format(date_create_from_format('m/d/Y h:i a', $startstring), 'Y-m-d H:i:s'); $endstring = "{$_POST['end']} {$_POST['end-hour']}:{$_POST['end-minute']} {$_POST['end-ampm']}"; $end = date_format(date_create_from_format('m/d/Y h:i a', $endstring), 'Y-m-d H:i:s'); $actid = intval($_POST['actid']); $type = $db->escape($_POST['type']); $sql = "INSERT INTO actdates(actid, type, start, end) VALUES({$actid}, '{$type}', '{$start}', '{$end}')"; // echo $sql; if ($db->query($sql)) { echo "Record added!"; } else { die('Error: ' . $db->getError()); } } else { if (isset($_POST['delete'])) { $dateid = intval($_POST['delete']); $sql = "DELETE FROM actdates WHERE dateid = {$dateid}"; echo $sql; if ($db->query($sql)) { echo "Record deleted!"; } else { die('Error: ' . $db->getError()); } } else {
case 3: case 5: case 6: $ans[0] = "evaluation.q{$quest}e1 as ans1"; $ans[1] = "evaluation.q{$quest}e2 as ans2"; break; default: $ans[0] = "evaluation.q{$quest}e1 as ans1"; break; } $ans2 = join(', ', $ans); $question = $questions[$quest - 1]; $json['quest'] = $question; $where = $type ? '' : "AND schoolyear = {$year} AND semester = {$sem}"; $sql = <<<EOSQL SELECT evaluation.schoolyear, evaluation.semester, evaluation.student, {$ans2}, students.lname, students.fname, students.mname FROM evaluation INNER JOIN students ON evaluation.student = students.sid WHERE reqcode = 'OK' {$where} ORDER BY schoolyear DESC, semester DESC, id DESC EOSQL; if ($result = $db->query($sql)) { while ($row = mysqli_fetch_assoc($result)) { $fullname = create_name($row['fname'], $row['lname'], $row['mname']); $answer2 = isset($row['ans2']) || !empty($row['ans2']) ? $row['ans2'] : null; $json['ans'][] = array('answer' => $row['ans1'], 'answer2' => $answer2, 'sid' => $row['student'], 'fullname' => $fullname, 'year' => $row['schoolyear'], 'sem' => $row['semester']); } echo json_encode($json); } else { die("Error: {$db->getError()} -- {$sql}"); } }