/** * Gets the html output and handles form inputs. * * @return string Html output. */ public function getOutput() { switch ($this->viewpoint) { // ###################################################################################################### case "overview": $tpl = new \template("patients/container"); $query = ""; if ($_SESSION['isAdmin']) { $query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n ORDER BY lastname ASC"; } else { $query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n WHERE patientId IN (SELECT patientId FROM :prefix:visit WHERE user = "******")\n ORDER BY lastname ASC"; } foreach (\dbConn::query($query) as $r) { $p = new \template("patients/patient"); $p->insert("id", $r['patientId']); $p->insert("firstname", $r['firstname']); $p->insert("lastname", $r['lastname']); $p->insert("room", $r['room']); $p->insert("visitorcount", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE patient = :0", $r['patientId'])); $p->insert("destination", ROOT . "patients" . "/" . $r['patientId']); $tpl->insert("patients", $p); } return $tpl->getOutput(); break; // ###################################################################################################### // ###################################################################################################### case "edit": $result = null; $tpl = new \template("patients/edit"); $tpl->insert("id", $_GET['par2']); if (isset($_POST['save'])) { $error = ""; if (!$this->saveChanges($error)) { $result = new \template("alerts/danger"); $result->insert("caption", "Fehler"); $result->insert("text", $error); $tpl->insert("firstname", $_POST['firstname']); $tpl->insert("lastname", $_POST['lastname']); $tpl->insert("room", $_POST['room']); $tpl->insert("birthday", (new \DateTime($_POST['birthday']))->format("d.m.Y")); } else { $result = new \template("alerts/success"); $result->insert("caption", "Erfolgreich"); $result->insert("text", "Änderungen wurden erfolgreich gespeichert."); } } $data = \dbConn::queryRow("SELECT * FROM :prefix:patient WHERE patientId = :0", $_GET['par2']); if (isset($result)) { $tpl->insert("result", $result); if ($error == "") { $tpl->insert("firstname", $data['firstname']); $tpl->insert("lastname", $data['lastname']); $tpl->insert("room", $data['room']); $tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y")); } } else { $tpl->insert("firstname", $data['firstname']); $tpl->insert("lastname", $data['lastname']); $tpl->insert("room", $data['room']); $tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y")); } foreach (\dbConn::query("\n SELECT firstname, lastname\n FROM :prefix:visit AS v\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE v.patient = :0\n ", $_GET['par2']) as $r) { $tpl->insert("visitors", "<option>" . $r['firstname'] . " " . $r['lastname'] . "</option>"); } return $tpl->getOutput(); break; // ###################################################################################################### // ###################################################################################################### case "new": if (!$_SESSION['isAdmin']) { return "<h1>Zugriff verweigert</h1>"; } $tpl = new \template("patients/new"); return $tpl->getOutput(); break; } }
$pr = new template("production"); $pr->insert("name", $prod); $pr->insert("nameEscaped", rawurlencode($prod)); $pr->insert("plan", rawurlencode($plan)); $pr->insert("url", rawurlencode(URL . "/")); $pr->insert("organisation", rawurlencode(ORGANISATION)); $pr->insert("webmaster", WEBMASTER); $master = dbConn::queryRow("SELECT masterName, masterEmail FROM :prefix:production\n WHERE plan = :0 AND name = :1", $plan, $prod); $pr->insert("masterName", $master['masterName']); $pr->insert("masterEmail", $master['masterEmail']); $planTpl->insert("productions", $pr->getOutput()); } foreach ($values['shifts'] as $sh) { $t = new template("shift"); $t->insert("fromToDate", substr(str_replace(":00-", " - ", $sh), 0, 13)); $shiftId = dbConn::querySingle("SELECT shiftId FROM :prefix:shift WHERE \n plan = :0 AND fromDate = :1 AND toDate = :2 ", $plan, explode("-", str_replace(":", "", $sh))[0], explode("-", str_replace(":", "", $sh))[1]); foreach ($values['productions'] as $prod) { // separate tables if (!in_array($prod, $values['productions'])) { continue; } $has = false; $required = 0; foreach (dbConn::query("SELECT * FROM :prefix:production_shift WHERE production = :0 AND shift = :1", $prod, $shiftId) as $r) { $required = $r['required']; $has = true; } $prodShift = new template("production_shift"); $prodShift->insert("shiftId", $shiftId); $prodShift->insert("disabled", $has ? "" : "shift-disabled"); $prodShift->insert("unique", seoUrl("{$plan}-{$prod}-" . substr(str_replace(":00-", " - ", $sh), 0, 13)));
<?php require "../config.php"; function validateDate($date) { $d = DateTime::createFromFormat('d.m.Y', $date); return $d && $d->format('d.m.Y') == $date; } if (!isset($_POST['name']) || strlen($_POST['name']) < 1) { die("Bitte geben Sie einen gültigen Namen ein."); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:plan WHERE name = :0", $_POST['name']) > 0) { die("Der eingegebene Name ist schon vergeben."); } if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) { die("Bitte geben Sie ein gültiges Datum ein."); } dbConn::execute("INSERT INTO :prefix:plan (name, public, editable) VALUES (:0, :1, :2);", htmlspecialchars($_POST['name']), $_POST['public'], $_POST['editable']); $tpl = new template("admin/nav.plan"); $tpl->insert("active", ""); $tpl->insert("name", htmlspecialchars($_POST['name'])); echo "SUCCESS" . $tpl->getOutput();
public function getOutput() { switch ($this->viewpoint) { case "overview": $tpl = new \template("visitors/container"); foreach (\dbConn::query("SELECT * FROM :prefix:user ORDER BY lastname ASC") as $r) { $v = new \template("visitors/visitor"); $v->insert("firstname", $r['firstname']); $v->insert("id", $r['userId']); $v->insert("lastname", $r['lastname']); $v->insert("rfid", $r['rfid']); $v->insert("patients", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE user = :0", $r['userId'])); $v->insert("lastvisit", \dbConn::querySingle("\n SELECT DATE_FORMAT(MAX(h.created), '%d.%m.%y %H:%i')\n FROM :prefix:visit AS v\n INNER JOIN :prefix:visit_history AS h\n ON v.visitId = h.visitId\n WHERE v.user = :0\n ", $r['userId'])); $v->insert("destination", ROOT . "visitors/" . $r['userId']); $tpl->insert("visitors", $v); } return $tpl->getOutput(); break; // ###################################################################################################### // ###################################################################################################### case "new": $tpl = new \template("visitors/new"); return $tpl; break; // ###################################################################################################### // ###################################################################################################### case "edit": $hasPatients = false; $visit = null; $tpl = new \template("visitors/edit.container"); // user data $user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n FROM :prefix:user WHERE userId = :0", $_GET['par2']); $tpl->insert("firstname", $user['firstname']); $tpl->insert("lastname", $user['lastname']); $tpl->insert("userid", $user['userid']); $tpl->insert("rfid", $user['rfid']); $tpl->insert("email", $user['email']); foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) { $tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>"); } // insert patients foreach (\dbConn::query("\n SELECT firstname, lastname, patientId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE user = :0\n ORDER BY firstname", $_GET['par2']) as $r) { $tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>"); if (!$hasPatients) { $visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_GET['par2'], $r['patientId']); } $hasPatients = true; } $visitTpl = new \template("visitors/edit.visit"); // relation foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) { $visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>"); } // description $visitTpl->insert("description", $visit['description']); // scent foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) { $visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>"); } // images $imgCount = 0; foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) { $visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']); $imgCount++; } for ($i = $imgCount + 1; $i <= 3; $i++) { $visitTpl->insert("image" . $i, ROOT . "images/icons/image.png"); } // audios $audioCount = 0; foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) { $visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png"); $audioCount++; } for ($i = $audioCount + 1; $i <= 3; $i++) { $visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png"); } $tpl->insert("visit", $visitTpl->getOutput()); return $tpl->getOutput(); break; } }
/** * Checks if a link is represented as a destination link in navigation bar. * * @param string $destination The href to check. * @return bool Value if the navigation contains the given href. * @static * @since Version 1.0 */ public static function isInNavigation($destination) { $result = dbConn::querySingle("SELECT COUNT(*) FROM :prefix:navigation WHERE destination = :0", $destination) > 0; frontend::getLogger()->debug("check if link ist as destination in navigation for '" . destination . "' with result: " . $result); return $result; }
$temp = str_replace("Ä", "Ae", $temp); $temp = str_replace("ü", "ue", $temp); $temp = str_replace("Ü", "Ue", $temp); if (!filter_var($temp, FILTER_VALIDATE_EMAIL)) { $errors[] = "Die E-Mail Adresse <strong>{$worker['email']}</strong> ist ungültig."; } } } if (count($errors) > 0) { echo "<ul>"; foreach ($errors as $err) { echo "<li>{$err}</li>"; } die; } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:plan WHERE \n name = :0\n public < CURRENT_TIMESTAMP OR \n editable < CURRENT_TIMESTAMP", $_POST['plan']) > 1) { die("REFRESH"); } try { $t = new transaction(); // delete removed workers from database if (isset($d['deleted'])) { foreach ($d['deleted'] as $key => $val) { $t->addStatement("DELETE FROM :prefix:worker WHERE production = :0 \n AND shift = :1\n AND name = :2\n AND email = :3", $d['production'], $d['shiftId'], $val['name'], $val['email']); } } // update existing or insert the added workers if (isset($d['workers'])) { foreach ($d['workers'] as $key => $val) { if ($val['action'] == "create") { $t->addStatement("INSERT INTO :prefix:worker (name, email, production, plan, shift) VALUES (:0, :1, :2, :3, :4);", htmlspecialchars($val['name']), htmlspecialchars($val['email']), $d['production'], $_POST['plan'], (int) $d['shiftId']);
foreach ($_POST['visits'] as $v) { if ($v['patientId'] == $r['patient']) { $contains = true; break; } } } if (!$contains) { $t->addStatement("DELETE FROM :prefix:visit WHERE user = :0 AND patient = :1", $_POST['userid'], $r['patient']); } } if (isset($_POST['visits']) && is_array($_POST['visits'])) { foreach ($_POST['visits'] as $p) { $visitId = dbConn::querySingle("SELECT visitId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON p.patientId = v.patient\n INNER JOIN :prefix:user AS u\n ON u.userId = v.user\n WHERE userId = :0 AND patientId = :1", $_POST['userid'], $p['patientId']); // check if visit relation already exists if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE user = :0 AND patient = :1", $_POST['userid'], $p['patientId']) < 1) { // if not, insert new row into database table $t->addStatement("INSERT INTO :prefix:visit (user, patient, relation, description, scent) VALUES (:0, :1, :2, :3, :4)", $_POST['userid'], $p['patientId'], $p['relation'], htmlspecialchars($p['description']), $p['scent']); } else { // if exists, update row $t->addStatement("UPDATE :prefix:visit SET\n relation = :0,\n description = :1,\n scent = :2 \n WHERE visitId = :3", $p['relation'], htmlspecialchars($p['description']), $p['scent'], $visitId); } $t->commit(); $t = new transaction(); // commit those changes right now /* * Update images */ $t->addStatement("DELETE FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visitId, 'Image'); if (isset($p['images']) && is_array($p['images'])) { foreach ($p['images'] as $img) {
/** * Loads all children of the current page. * * @return Array All children of the current page. * @since Version 1.2 */ private function getUrlChildren($parentId) { $children = array(); $query = $parentId == null ? "SELECT * FROM :prefix:content WHERE parentId IS NULL" : "SELECT * FROM :prefix:content WHERE parentId = :0"; foreach (\dbConn::query($query, $parentId) as $r) { $children[] = array("url" => $r['url'], "identifier" => $r['contentId']); if (\dbConn::querySingle("SELECT COUNT(*) FROM :prefix:content WHERE parentId = :0", $r['contentId']) > 0) { $children[] = $this->getUrlChildren($r['contentId']); } } return $children; }
/** * Checks if there were several failed logins during the last n minutes, where * n is a number stored in the database config table. If the threshold is * reached, a captcha is recommended. * * @return bool Value if captcha should be used for login. * @since Version 1.0 */ public static function isCaptchaRequired() { return dbConn::querySingle("SELECT COUNT(*) FROM :prefix:admin_login\n WHERE sessionId IS NULL\n AND created > (CURRENT_TIMESTAMP - INTERVAL (SELECT value FROM :prefix:config WHERE property = 'login_captcha_timespan') MINUTE)") > dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'login_captcha_threshold'"); }
<?php require "../config.php"; if ($_POST['name'] == "") { die("Bitte geben Sie einen Namen ein."); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:production WHERE plan = :0 AND name = :1", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name'])) > 0) { die("Der Name ist bereits vergeben."); } dbConn::execute("INSERT INTO :prefix:production (plan, name) VALUES (:0, :1);", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name'])); echo "SUCCESS";
// no user logged on if (!isset($_SESSION['user'])) { header("location: " . ROOT . "admin/"); die; } else { if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:admin WHERE adminId = :0", $_SESSION['user']) < 1) { unset($_SESSION['user']); header("location: " . ROOT . "admin/"); die; } else { if (isset($_GET['filename'])) { $name = BASEDIR . "../files/backups/" . $_GET['filename']; if (!file_exists($name) || $_GET['filename'] == "backup.php") { header("location: " . ROOT); die; } actionLogger::write(dbConn::querySingle("SELECT moduleId FROM :prefix:module WHERE class = 'backup'"), actionType::DOWNLOAD, dbConn::queryRow("SELECT * FROM :prefix:backup WHERE filename = :0", $_GET['filename'])); $fp = fopen($name, 'rb'); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-type: application/octet-stream"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($name)); ob_end_flush(); @readfile($name); } } }
// redirect to https // // TEMPLATE SETTINGS // require_once "core/template.php"; template::setDoIndent(true); // // DATABASE SETTINGS // require_once "core/dbConn.php"; dbConn::setHost("localhost"); dbConn::setDatabase("smartdoorbell"); dbConn::setUsername("root"); dbConn::setPassword("root"); dbConn::setTablePrefix("sdb_"); // // EMAIL SETTINGS // require_once "core/emailSettings.php"; emailSettings::setHost(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_smtp_host';")); emailSettings::setUsername(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_smtp_username';")); emailSettings::setPassword(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_smtp_password';")); emailSettings::setSender(dbConn::querySingle("SELECT value FROM :prefix:config WHERE property = 'contact_from';")); emailSettings::setMethod(emailSendMethod::PHPMAILER); // // OTHER STATIC RESOURCES // abstract class controller { public static $reference = null; }
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) { array_push($errors, array(110 => "invalid rfid code. code not in use")); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) { array_push($errors, array(111 => "invalid room id. room not in use")); } dieOnErrors($errors); // check if user account is in active state if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") { array_push($errors, array(116 => "user disabled")); dieOnErrors($errors); } // check if user is allowed to visit given room if (dbConn::querySingle("\n SELECT COUNT(*)\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE p.room = :0 AND u.rfid = :1\n ", $_GET['room'], $_GET['rfid']) < 1) { array_push($errors, array(115 => "permission denied")); } dieOnErrors($errors); // all data is valid and user has access // now create the response // collect required data $user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']); $visit = dbConn::queryRow("\n SELECT * \n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE p.room = :0 AND user = :1\n ", $_GET['room'], $user['userId']); $media = array(); foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) { $r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path']; array_push($media, $r); } $response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId']))); dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']); header('Content-type: application/json'); echo json_encode($response, JSON_PRETTY_PRINT);
$t->addStatement("INSERT INTO :prefix:visit (user, patient, relation, description, scent) VALUES (:0, :1, :2, :3, :4)", $_POST['userid'], $p['patientId'], $p['relation'], htmlspecialchars($p['description']), $p['scent']); } else { // if exists, update row $t->addStatement("UPDATE :prefix:visit SET\n relation = :0,\n description = :1,\n scent = :2 WHERE visitId = :3", $p['relation'], htmlspecialchars($p['description']), $p['scent'], $visitId); } $t->commit(); $t = new transaction(); // commit those changes right now /* * Update images */ $t->addStatement("DELETE FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visitId, 'Image'); if (isset($p['images']) && is_array($p['images'])) { foreach ($p['images'] as $img) { if ($visitId == null) { $visitId = dbConn::querySingle("SELECT visitId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON p.patientId = v.patient\n INNER JOIN :prefix:user AS u\n ON u.userId = v.user\n WHERE userId = :0 AND patientId = :1", $_POST['userid'], $p['patientId']); } $t->addStatement("INSERT INTO :prefix:visit_media (visitId, path, type) VALUES (:0, :1, :2);", $visitId, basename($img), "Image"); } } /* * Update audios */ $t->addStatement("DELETE FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visitId, 'Audio'); if (isset($p['audios']) && is_array($p['audios'])) { foreach ($p['audios'] as $aud) { $t->addStatement("INSERT INTO :prefix:visit_media (visitId, path, type) VALUES (:0, :1, :2);", $visitId, basename($aud), "Audio"); } } } }
/** * Checks if the user is an admin. * * @return boolean True if the user is administrator. */ private function isAdmin() { return \dbConn::querySingle("SELECT isAdmin FROM :prefix:user WHERE email = :0", $_POST['username']); }
$tpl->removeVariables(); echo $tpl->getOutput(); break; case "history": echo getHistory(0); break; case "newplan": $tpl = new template("admin/plan.create"); echo $tpl->getOutput(); break; case "email": $tpl = new template("admin/mail.container"); foreach (dbConn::query("SELECT * FROM :prefix:plan ORDER BY created DESC") as $r) { $tpl->insert("plans", template::create("admin/mail.plan", array("name" => $r['name']))); } foreach (dbConn::query("SELECT DISTINCT name, email FROM :prefix:worker ORDER BY name ASC") as $r) { $rec = new template("admin/mail.recipient"); $rec->insert("name", $r['name']); $rec->insert("address", $r['email']); foreach (dbConn::query("SELECT DISTINCT name FROM :prefix:plan", $r['name'], $r['email']) as $s) { $rec->insert("plans", template::create("admin/mail.recipient.plan", array("name" => $s['name'], "checked" => dbConn::querySingle("SELECT COUNT(*) FROM :prefix:worker \n WHERE name = :0 AND email = :1 AND plan = :2", $r['name'], $r['email'], $s['name']) > 0 ? "checked" : ""))); } $tpl->insert("recipients", $rec); } $tpl->removeVariables(); echo $tpl->getOutput(); break; default: echo "\n <div class='alert alert-danger' role='alert'>\n <span class='sr-only'>Fehler:</span>\n Funktion nicht implementiert\n </div>"; break; }
/** * Checks if a link is represented as a destination link in navigation bar. * * @param string $destination The href to check. * @return bool Value if the navigation contains the given href. * @static * @since Version 1.0 */ public static function isInNavigation($destination) { return dbConn::querySingle("SELECT COUNT(*) FROM :prefix:navigation WHERE destination = :0", $destination) > 0; }
<?php require "../config.php"; function validateDate($date) { $d = DateTime::createFromFormat('H:i', $date); return $d && $d->format('H:i') == $date; } $plan = $_POST['plan']; $_POST = $_POST['data']; if (!validateDate($_POST['from']) || !validateDate($_POST['to'])) { die("Bitte geben Sie ein gültiges Zeitformat ein."); } if ($_POST['to'] == $_POST['from']) { die("Anfang und Ende dürfen nicht identisch sein."); } if (strtotime($_POST['to']) < strtotime($_POST['from'])) { die("Der Anfang muss vor dem Ende liegen."); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:shift WHERE plan = :0 AND fromDate = :1 AND toDate = :2", $plan, $_POST['from'], $_POST['to']) > 0) { die("Eine Schicht mit den eingegebenen Zeiten existiert bereits für diesen Plan."); } dbConn::execute("INSERT INTO :prefix:shift (plan, fromDate, toDate) VALUES (:0, :1, :2)", $plan, $_POST['from'], $_POST['to']); echo "SUCCESS";