public function register($username, $city, $sex, $mail, $pass, $ver_pass) { if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) { return 'badmail'; } else { if ($pass != $ver_pass) { return 'passdontmatch'; } else { if (sizeof($username) < 1) { return 'nameerror'; } else { $conn = new DatabaseConnection(); $username = $conn->quoteConcat($username); $city = $conn->quoteConcat($city); $sex = $conn->quoteConcat($sex); $mail = $conn->quoteConcat($mail); $pass = $conn->quote($pass); $sentence = 'SELECT registro(' . $username . $city . $sex . $mail . $pass . ")"; $conn->singleton($sentence); return 'good'; } } } }
public function add() { switch ($_GET['type']) { case 'book': $conn = new DatabaseConnection(); // Define the upload img directory $upload_dir = 'view/img/books/'; $def_book_pic = 'view/img/icon-default-book.png'; // If there's no picture selected if ($_FILES['picture']['error'] == 4) { if ($_POST['def_pic'] == $def_book_pic) { // If the picurl is the same as that of default picurl $sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($def_book_pic) . ')'; } else { // Else, it means that it already has a default picture, so it keeps it $sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($_POST['def_pic']) . ')'; } } else { // Now we define the name of the file $filename = $upload_dir . basename($_FILES['picture']['name']); // nombre del archivo // If the name of the picture is different if ($filename != $_POST['def_pic']) { // Erase the stored picture unlink($_POST['def_pic']); } move_uploaded_file($_FILES['picture']['tmp_name'], $filename); $sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($filename) . ')'; } $conn->query($sentence); break; case 'author': $conn = new DatabaseConnection(); // Define the upload img directory $upload_dir = 'view/img/authors/'; $def_user_pic = 'view/img/authors/icon-user-default.png'; // If no file is selected if ($_FILES['picture']['error'] == 4) { if ($_POST['def_pic'] == $def_user_pic) { $sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($def_user_pic) . ')'; } else { $sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($_POST['def_pic']) . ')'; } } else { // Now we define the name of the file $filename = $upload_dir . basename($_FILES['picture']['name']); // Name of the file $sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($filename) . ')'; move_uploaded_file($_FILES['picture']['tmp_name'], $filename); } $conn->query($sentence); break; case 'editorial': $conn = new DatabaseConnection(); $sentence = 'INSERT INTO editorial (nombre_editorial, pais_editorial, fundador, fundacion) VALUE (' . $conn->quoteConcat($_POST['nombre_editorial']) . $conn->quoteConcat($_POST['pais_editorial']) . $conn->quoteConcat($_POST['fundador']) . $_POST['fundacion'] . ')'; $conn->query($sentence); break; case 'genre': $conn = new DatabaseConnection(); $conn->query('INSERT INTO genero (descripcion_genero) VALUE (' . $conn->quote($_POST['descripcion_genero']) . ')'); break; case 'reader': $conn = new DatabaseConnection(); // Define the upload img directory $upload_dir = 'view/img/users/'; $def_user_pic = 'view/img/icon-user-default.png'; // If there's no picture selected if ($_FILES['picture']['error'] == 4) { $sentence = 'CALL agregaUsuario(' . $conn->quote($_POST['nombre_lector']) . ',' . $conn->quote($_POST['ciudad_lector']) . ',' . $conn->quote($_POST['sexo']) . ',' . $conn->quote($_POST['email']) . ',' . $conn->quote($_POST['password']) . ',' . $conn->quote($_POST['def_pic']) . ',' . $_POST['id_tipo_usuario'] . ')'; } else { // Now we define the name of the file $filename = $upload_dir . $_SESSION['id_lector'] . '.' . pathinfo($_FILES['picture']['name'], PATHINFO_EXTENSION); // nombre del archivo // If the name of the picture is different if ($filename != $_POST['def_pic'] && $_POST['def_pic'] != $def_user_pic) { // Erase the stored picture unlink($_POST['def_pic']); } move_uploaded_file($_FILES['picture']['tmp_name'], $filename); $sentence = 'CALL agregaUsuario(' . $conn->quote($_POST['nombre_lector']) . ',' . $conn->quote($_POST['ciudad_lector']) . ',' . $conn->quote($_POST['sexo']) . ',' . $conn->quote($_POST['email']) . ',' . $conn->quote($_POST['password']) . ',' . $conn->quote($filename) . ',' . $_POST['id_tipo_usuario'] . ')'; } $conn->query($sentence); break; } }