function show_keyphrase($appid, $sentence) { $output = "xml"; $request = "http://jlp.yahooapis.jp/KeyphraseService/V1/extract?"; $request .= "appid=" . $appid . "&sentence=" . urlencode($sentence) . "&output=" . $output; $responsexml = simplexml_load_file($request); $result_num = count($responsexml->Result); if ($result_num > 0) { echo "<table>"; echo "<tr><td><b>キーフレーズ</b></td></tr>"; for ($i = 0; $i < $result_num; $i++) { $result = $responsexml->Result[$i]; echo "<tr><td>" . escapestring($result->Keyphrase) . "</td></tr>"; } echo "</table>"; } }
exit; } else { //UNSET SESSION /* The foreach loop works only on arrays and is used to loop through each key /value pair in an array. For every loop iteraction the value of the cuurent array element is assigned to the $val and the array pointer parameter. */ foreach ($_SESSION as $key => $val) { if (substr($key, 0, 7) !== 'svadmin' && $key !== 'svabsuri') { unset($_SESSION[$key]); } } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_nl = sprintf("INSERT INTO tbladministrator (aname, asurname, aemail, ausername, apassword) VALUES (%s, %s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vusername, 'text'), escapestring($vconntekiah, $vpassword, 'text')); $sql_nl_result = mysqli_query($vconntekiah, $sql_nl); $last_id = mysqli_insert_id($vconntekiah); if ($sql_nl_result) { header('Location: cms-admin-display.php?kid='); exit; } else { header('Location: cms-admin-add-new.php?kadd=failed'); exit; } } /*. $_SESSION['svabsuri'] .*/ } else { header('Location: signout.php'); exit; }
if ($vcontent == '') { $vvalidate++; } } else { $vvalidate++; } $vqstr = "?k1=f"; $vqstr .= "&k2=" . urlencode($vcontent); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: ' . $_SESSION['svabsuri'] . 'cms/contact-edit.php' . $vqstr); exit; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_content = sprintf("UPDATE tblcontact SET ccontent = %s WHERE cid = {$vcid}", escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $vcid, 'int')); $sql_content_result = mysqli_query($vconntekiah, $sql_content); if ($sql_content_result) { header('Location:' . $_SESSION['svabsuri'] . 'cms/contact-view.php?edit=success'); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/contact-edit.php?edit=failed'); exit; } } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
if ($vacontent == '') { $vvalidate++; } } else { $vvalidate++; } $vqstr = "?k1=f"; $vqstr .= "&k2=" . urlencode($vacontent); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: ' . $_SESSION['svabsuri'] . 'cms/about-view-edit.php' . $vqstr); exit; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_content = sprintf("UPDATE tblabout SET acontent = %s WHERE aid = {$vcid}", escapestring($vconntekiah, $vacontent, 'text'), escapestring($vconntekiah, $vcid, 'int')); $sql_content_result = mysqli_query($vconntekiah, $sql_content); if ($sql_content_result) { header('Location:' . $_SESSION['svabsuri'] . 'cms/about-view.php?edit=success'); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/about-view-edit.php?edit=failed'); exit; } } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
} print "</select><input type=hidden name=VIEW><input type=submit value='View and Modify' /></form><td>"; print " <td><form method=post action=customers.php><input type=hidden name=NEWCUST><input type=submit value='Create New Customer'></form></td></tr></table>"; if (array_key_exists('VIEW', $_POST)) { $theQueryB = oci_parse($conn, "select * from customers where cust_id=" . $_POST['CUSTID'] . ""); oci_execute($theQueryB); while ($info = oci_fetch_row($theQueryB)) { print "<form method=post action=customers.php><table border=0 cellpadding=8, cellspacing=4>"; print "<tr><td bgcolor=B7C3D0>Customer ID</td><td bgcolor=B7C3D0>" . $info[0] . "<input type=hidden name=NEWID value='" . $info[0] . "'></td></tr>"; print "<tr><td bgcolor=B7C3D0>First Name</td><td bgcolor=B7C3D0><input type=text name=NEWFIRST value='" . escapestring($info[1]) . "'></td></tr>"; print "<tr><td bgcolor=B7C3D0>Last Name</td><td bgcolor=B7C3D0><input type=text name=NEWLAST value='" . escapestring($info[2]) . "'></td></tr>"; print "<tr><td bgcolor=B7C3D0>Street Address</td><td bgcolor=B7C3D0><input type=text name=NEWADD value='" . escapestring($info[3]) . "'></td></tr>"; print "<tr><td bgcolor=B7C3D0>City</td><td bgcolor=B7C3D0><input type=text name=NEWCITY value='" . escapestring($info[4]) . "'></td></tr>"; print "<tr><td bgcolor=B7C3D0>State</td><td bgcolor=B7C3D0><input type=text name=NEWSTATE value='" . escapestring($info[5]) . "'></td></tr>"; print "<tr><td bgcolor=B7C3D0>Zip Code</td><td bgcolor=B7C3D0><input type=text name=NEWZIP value='" . escapestring($info[6]) . "'></td></tr>"; print "<tr><td bgcolor=B7C3D0>Phone</td><td bgcolor=B7C3D0><input type=text name=NEWPHONE value='" . escapestring($info[7]) . "'></td></tr>"; print "</table><input type=hidden name=UPDATECUST value=" . $info[0] . "><input type=hidden name=VIEW><input type=hidden name=CUSTID value=" . $info[0] . "><input type=submit value='Update Info'></form>"; // print "<form method=post action=customers.php><input type=hidden name=DROPCUST value=".$info[0]."><input type=submit value='Delete Customer'></form>"; } } else { if (array_key_exists('NEWCUST', $_POST)) { print "<form method=post action=customers.php><table border=0 cellpadding=8, cellspacing=4>"; print "<tr><td bgcolor=B7C3D0>Customer ID</td><td bgcolor=B7C3D0><input type=text name=NEWID></td></tr>"; print "<tr><td bgcolor=B7C3D0>First Name</td><td bgcolor=B7C3D0><input type=text name=NEWFIRST></td></tr>"; print "<tr><td bgcolor=B7C3D0>Last Name</td><td bgcolor=B7C3D0><input type=text name=NEWLAST ></td></tr>"; print "<tr><td bgcolor=B7C3D0>Street Address</td><td bgcolor=B7C3D0><input type=text name=NEWADD ></td></tr>"; print "<tr><td bgcolor=B7C3D0>City</td><td bgcolor=B7C3D0><input type=text name=NEWCITY ></td></tr>"; print "<tr><td bgcolor=B7C3D0>State</td><td bgcolor=B7C3D0><input type=text name=NEWSTATE ></td></tr>"; print "<tr><td bgcolor=B7C3D0>Zip Code</td><td bgcolor=B7C3D0><input type=text name=NEWZIP ></td></tr>"; print "<tr><td bgcolor=B7C3D0>Phone</td><td bgcolor=B7C3D0><input type=text name=NEWPHONE ></td></tr>"; print "</table><input type=hidden name=CREATECUST><input type=submit value='Create New'></form>";
if ($vbody == '') { $vvalidate++; } } else { $vvalidate++; } $vqstr = "?k1=f"; $vqstr .= "&k2=" . urlencode($vbody); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: ' . $_SESSION['svabsuri'] . 'cms/projects-edit.php' . $vqstr); exit; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_content = sprintf("UPDATE tblprojects SET pbody = %s WHERE pid = {$veid}", escapestring($vconntekiah, $vbody, 'text'), escapestring($vconntekiah, $veid, 'int')); $sql_content_result = mysqli_query($vconntekiah, $sql_content); if ($sql_content_result) { header('Location:' . $_SESSION['svabsuri'] . 'cms/projects-view.php?edit=success'); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/projects-edit.php?edit=failed'); exit; } } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
} function escapestring($str) { $from = array('\\', '(', ')', '|', '-', '!', '@', '~', '"', '&', '/', '^', '$', '='); $to = array('\\\\', '\\(', '\\)', '\\|', '\\-', '\\!', '\\@', '\\~', '\\"', '\\&', '\\/', '\\^', '\\$', '\\='); return str_replace($from, $to, $str); } $trimmedquery = trim($query); $query = trim($trimmedquery, "."); $tokens = preg_split("/([\\s.])/", $query, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); foreach ($tokens as &$token) { if (trim($token) != "") { if ($token == ".") { $token = "<< . <<"; } else { $token = "*" . escapestring($token) . "*"; } } } $query = implode(" ", $tokens); if ($trimmedquery[0] == '.') { $query = ". << " . $query; } if ($trimmedquery[strlen($trimmedquery) - 1] == '.') { $query = $query . " << ."; } $orderby = null; if (strpos($trimmedquery, ".") !== false || strpos($trimmedquery, " ") !== false) { $query = "@ftsname " . $query; $orderby = "namelen"; } else {
} $url .= "&sentence=" . urlencode($sentence); $xml = simplexml_load_file($url); foreach ($xml->ma_result->word_list->word as $cur) { echo "<tr>\n"; if (isset($arr_response[0]) && $arr_response[0] != "") { echo "<td>" . escapestring($cur->surface) . "</td>"; } if (isset($arr_response[1]) && $arr_response[1] != "") { echo "<td>" . escapestring($cur->reading) . "</td>"; } if (isset($arr_response[2]) && $arr_response[2] != "") { echo "<td>" . escapestring($cur->pos) . "</td>"; } if (isset($arr_response[3]) && $arr_response[3] != "") { echo "<td>" . escapestring($cur->baseform) . "</td>"; } if (isset($arr_response[4]) && $arr_response[4] != "") { echo "<td>" . escapestring($cur->feature) . "</td>"; } echo "</tr>\n"; } } ?> </table></td></tr></table></form> <!-- Begin Yahoo! JAPAN Web Services Attribution Snippet --> <a href="http://developer.yahoo.co.jp/about"> <img src="http://i.yimg.jp/images/yjdn/yjdn_attbtn2_105_17.gif" width="105" height="17" title="Webサービス by Yahoo! JAPAN" alt="Webサービス by Yahoo! JAPAN" border="0" style="margin:15px 15px 15px 15px"></a> <!-- End Yahoo! JAPAN Web Services Attribution Snippet --> </body></html>
$vvalidate++; } } else { $vvalidate++; } $vqstr = "?k1=f"; $vqstr .= "&k2=" . urlencode($vcontent); $vqstr .= "&k3=" . urlencode($vtitle); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: ' . $_SESSION['svabsuri'] . 'cms/event-edit.php' . $vqstr); exit; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_content = sprintf("UPDATE tblevents SET econtent = %s, etitle = %s WHERE eid = {$veid}", escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $veid, 'int')); $sql_content_result = mysqli_query($vconntekiah, $sql_content); if ($sql_content_result) { header('Location:' . $_SESSION['svabsuri'] . 'cms/event-view.php?edit=success'); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/event-edit.php?edit=failed'); exit; } } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
$newimg = imageResize($pngimagefrmsrc); //WE CALL THE IMAGE RESIZE FUNCTION $newimgbasename = 'thumb_' . $vimgoriginal; //PREFIX OUR THUMBNAIL WITH THUMB_ $vimgthumbfilepath = 'cms/uploaded-images/' . $newimgbasename; //DEFINE THE FILE PATH FOR OUR NEW JPEG IMAGE imagepng($newimg, $vimgthumbfilepath); //THIS WRITES NEW PNG IMAGE TO A FILE //CLEAN UP TMP FILES AND OBJECTS NO LONGER REQUIRED TO SAVE STORAGE SPACE imagedestroy($pngimagefrmsrc); imagedestroy($thumb_tmp); } //CONNECT TO MYSQL DATABASE require 'inc-conntekiah.php'; //INSERT STATEMENT $sql_insert = sprintf("INSERT INTO tblnews (nimgthumb, nimglarge, nimglargecaption) VALUES (%s, %s, %s)", escapestring($vconntekiah, $vimgthumb, 'text'), escapestring($vconntekiah, $vimglarge, 'text'), escapestring($vconntekiah, $vimglargecaption, 'text')); $insert_result = mysqli_query($vconntekiah, $sql_insert); $last_id = mysqli_insert_id($vconntekiah); if ($insert_result) { header('Location: news-preview.php?key=success&kid=' . $last_id . ''); exit; } else { echo 'database not updated'; exit; } } } else { header('Location: news-add-new.php?key=nofileselected'); } } else { header('Location: news-add-new.php?key=formnotsubmitted');
} $vqstr = "?kvalidation=failed"; $vqstr .= "&ktitle=" . urlencode($vtitle); $vqstr .= "&kdate=" . urlencode($vdatetime); $vqstr .= "&ksummary=" . urlencode($vsummary); $vqstr .= "&kcontent=" . urlencode($vcontent); $vqstr .= "&kcaption=" . urlencode($vcaption); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: news-add-new.php' . $vqstr); exit; } else { //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_news = sprintf("INSERT INTO tblnews (ntitle, ndatetime, nsummary, ncontent, nimgthumb, nimglarge, nimglargecaption) VALUES (%s, %s, %s, %s, %s, %s, %s)", escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $vdatetime, 'date'), escapestring($vconntekiah, $vsummary, 'text'), escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $newimgbasename, 'text'), escapestring($vconntekiah, $vimgoriginal, 'text'), escapestring($vconntekiah, $vcaption, 'text')); $sql_news_result = mysqli_query($vconntekiah, $sql_news); if ($sql_news_result) { header('Location: news-view.php'); exit; } else { header('Location: news-add-new.php?kinsert=failed'); exit; } } } else { header('Location: signout.php'); exit; }
<?php require "inc-cms-pre-doctype.php"; //CHECK IF THE FORM SUBMITTED if (isset($_POST['txtsecurity']) && $_POST['txtsecurity'] === $_SESSION['svadminsecurity']) { $vid = $_POST['kid']; $vstatus = $_POST['txtstatus']; if ($vstatus === 'i') { $vstatus = 'a'; } elseif ($vstatus === 'a') { $vstatus = 'i'; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_update = sprintf("UPDATE tbladministrator SET astatus = %s WHERE aid = %u", escapestring($vconntekiah, $vstatus, 'text'), escapestring($vconntekiah, $vid, 'int')); $update_result = mysqli_query($vconntekiah, $sql_update); if ($update_result) { header('Location: ' . $_SESSION['svabsuri'] . 'cms/cms-admin-display.php?kid=' . $vid . '&kupdate=true&'); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/cms-admin-display.php?kid=' . $vid . '&kupdate=false&'); exit; } } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
function letteratoz($getletter) { ?> <div class="atoznav"> <?php // array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i'); foreach (range('A', 'Z') as $letter) { ?> <a href="index.php?letid=<?php echo $letter; ?> "><?php echo $letter; ?> </a>   <?php } ?> </div> <!-- closes magazinenav--> <?php //$letterlist = escapeinteger($_GET['letid']); $letterlist = escapestring($getletter); ?> <div class="topbox"> <div class="rightlist"> <?php if ($letterlist) { lifestyleblogs($letterlist); } ?> </div></div> <?php }
<head> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <link href="main.css" rel="stylesheet" type="text/css"> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js"></script> <title></title> </head> <body> <form method="POST" name="qform" id="main_contents"> <p>タイトル</p> <textarea name="title" rows="3" cols="70"><?php echo $title; ?> </textarea> <p>本文</p> <textarea id="sentence" name="sentence" rows="20" cols="70"><?php echo escapestring($sentence); ?> </textarea><br> <input type="submit" name="command_query" value="解析"> </form> <?php echo "<div id='key_results'>"; echo "<p>分析結果</p><table>"; echo "<tr><td>キーワード</td><td>関連度</td><td>話題性</td><td>最終評価</td></tr>"; if ($sentence) { $best_hashTag = 0; //ベストハッシュタグ $second_hashTag = 0; //2番目のハッシュタグ $hashTags = get_hashTags(APPID, $sentence);
$vvalidate++; } $vmsg = filter_var(trim($_POST['txtmsg']), FILTER_SANITIZE_STRING); if ($vmsg === '') { $vvalidate++; } $vqstr = "?kvalidation=failed"; $vqstr .= "&kname=" . urlencode($vname); $vqstr .= "&ksurname=" . urlencode($vsurname); $vqstr .= "&kemail=" . urlencode($vemail); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: contact.php' . $vqstr); exit; } else { //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_contact = sprintf("INSERT INTO tblcontactform (cfname, cfsurname, cfemail, cfmsg) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vmsg, 'text')); $sql_contact_result = mysqli_query($vconntekiah, $sql_contact); header('Location: contact.php?kinsert=successful'); exit; header('Location: contact.php?kinsert=failed'); exit; } } else { header('Location: contact.php'); exit; }
} } if ($vvalidate > 0) { session_destroy(); header('Location: signin.php?kvalidation=failed'); exit; } else { //EXTRACT ALL THE VALUES FROM THE GET SUPER GLOBAL ARRAY AND ASSIGN THEM TO THE VARIABLES $vusername = sha1(trim($_POST['txtusername'])); $vpassword = sha1(trim($_POST['txtpassword'])); //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE A SQL STATEMENT AND ASSIGN THE OUTCOME TO THE VARIABLE %s string formatting %u for intergers. sprintf string printe in a formated structure $sql_signin = sprintf("SELECT * FROM tbladministrator WHERE ausername = %s AND apassword = %s AND astatus = %s", escapestring($vconntekiah, $vusername, 'text'), escapestring($vconntekiah, $vpassword, 'text'), escapestring($vconntekiah, $vstatus, 'text')); //EXECUTE THE SQL STATEMENT $rssignin = mysqli_query($vconntekiah, $sql_signin); //CREATE AN ASSOCIATIVE ARRAY OF THE RECORD SET $rssignin_rows = mysqli_fetch_assoc($rssignin); //CLOSE CONNECTION mysqli_close($vconntekiah); //COUNT THE NUMBER OF RECORDS RETURNED BY THE RECORD GET $rssignin_total_records = mysqli_num_rows($rssignin); if ($rssignin_total_records == 1) { //echo $rssignin_total_records; exit(); //EXTRACT FROM THE ASSOCIATIVE ARRAY THE VALUE ASSOCIATED WITH THE KEY aname $_SESSION['svadminid'] = $rssignin_rows['aid']; $_SESSION['svadminname'] = $rssignin_rows['aname']; $_SESSION['svadminsurname'] = $rssignin_rows['asurname']; $_SESSION['svadminemail'] = $rssignin_rows['aemail'];
if ($vcaption === '') { $vvalidate++; } $vqstr = "?kvalidation=failed"; $vqstr .= "&kcaption=" . urlencode($vcaption); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: album-add-new.php' . $vqstr); exit; } else { //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //echo $vid; exit; //FORMULATE THE INSERT STATEMENT $sql_projects = sprintf("INSERT INTO tblalbumimages (aidate, alid, aimage, aicaption) VALUES (%s, %u, %s, %s)", escapestring($vconntekiah, $vImageDate, 'text'), escapestring($vconntekiah, $vid, 'int'), escapestring($vconntekiah, $vimgoriginal, 'text'), escapestring($vconntekiah, $vcaption, 'text')); //echo $sql_projects; exit(); $sql_projects_result = mysqli_query($vconntekiah, $sql_projects); if ($sql_projects_result) { header('Location: album-view.php?kid=' . $vid); exit; } else { header('Location: album-add-new.php?kinsert=failed'); exit; } } } else { header('Location: signout.php'); exit; }
if ($_FILES['txt' . $vdptname . 'img2']['name'] == '' && $vimg2old != '') { $vimg2 = $vimg2old; } elseif ($_FILES['txt' . $vdptname . 'img2']['name'] != '' && $vimg2old == 'na') { $vimg2 = imguri($_FILES['txt' . $vdptname . 'img2']['name'], $_FILES['txt' . $vdptname . 'img2']['size'], 'txt' . $vdptname . 'img2'); } else { $vimg2 = imguri($_FILES['txt' . $vdptname . 'img2']['name'], $_FILES['txt' . $vdptname . 'img2']['size'], 'txt' . $vdptname . 'img2'); unlink('../uploaded-images/' . $vimg1old); } if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-edit.php' . $vqstr); exit; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_content = sprintf("UPDATE tblnews SET nsummary = %s, ncontent = %s, ntitle = %s WHERE nid = {$vnid}", escapestring($vconntekiah, $vsummary, 'text'), escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $vnid, 'int')); $sql_content_result = mysqli_query($vconntekiah, $sql_content); if ($sql_content_result) { header('Location:' . $_SESSION['svabsuri'] . 'cms/news-view.php?edit=success'); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-edit.php?edit=failed'); exit; } } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
$vqstr .= "&kname=" . urlencode($vname); $vqstr .= "&ksurname=" . urlencode($vsurname); $vqstr .= "&kemail=" . urlencode($vemail); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: volunteer-form.php' . $vqstr); exit; } else { //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_volunteer = sprintf("INSERT INTO tblvolunteers (vname, vsurname, vemail, vmsg) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vmsg, 'text')); $sql_volunteer_result = mysqli_query($vconntekiah, $sql_volunteer); if ($sql_volunteer_result == 'yes') { require 'inc-function-escape-string.php'; } require 'inc-conntekiah.php'; //FORMULATE THE INSERT STATEMENT $sql_mailinglist = sprintf("INSERT INTO tblmailinglist (memail) VALUES (%s)", escapestring($vconntekiah, $vemail, 'text')); $sql_mailinglist_result = mysqli_query($vconntekiah, $sql_mailinglist); header('Location: volunteer-form.php?kinsert=successful'); exit; header('Location: volunteer-form.php?kinsert=failed'); exit; } } else { header('Location: volunteer-form.php'); exit; }
exit; } else { //UNSET SESSION /* The foreach loop works only on arrays and is used to loop through each key /value pair in an array. For every loop iteraction the value of the cuurent array element is assigned to the $val and the array pointer parameter. */ foreach ($_SESSION as $key => $val) { if (substr($key, 0, 7) !== 'svadmin' && $key !== 'svabsuri') { unset($_SESSION[$key]); } } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_nl = sprintf("INSERT INTO tblstaff (sdate, sname, ssurname, semail) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vdate, 'text'), escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text')); $sql_nl_result = mysqli_query($vconntekiah, $sql_nl); $last_id = mysqli_insert_id($vconntekiah); if ($sql_nl_result) { header('Location:' . $_SESSION['svabsuri'] . 'cms/staff-view.php?kid=' . $last_id); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . '/staff-add-new.php'); exit; } } /*. $_SESSION['svabsuri'] .*/ } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
<?php require "inc-cms-pre-doctype.php"; //CHECK IF THE FORM SUBMITTED if (isset($_POST['txtsecurity']) && $_POST['txtsecurity'] === $_SESSION['svadminsecurity']) { $vid = $_POST['kid']; $vstatus = $_POST['txtstatus']; if ($vstatus === 'i') { $vstatus = 'a'; } elseif ($vstatus === 'a') { $vstatus = 'i'; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_update = sprintf("UPDATE tblnews SET nstatus = %s WHERE nid = %u", escapestring($vconntekiah, $vstatus, 'text'), escapestring($vconntekiah, $vid, 'int')); $update_result = mysqli_query($vconntekiah, $sql_update); if ($update_result) { header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-view.php?kid=' . $vid . '&kupdate=true&'); exit; } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-view.php?kid=' . $vid . '&kupdate=false&'); exit; } } else { header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php'); exit; }
$vmsg = filter_var(trim($_POST['txtmsg']), FILTER_SANITIZE_STRING); if ($vmsg === '') { $vvalidate++; } $vqstr = "?kvalidation=failed"; $vqstr .= "&kname=" . urlencode($vname); $vqstr .= "&ksurname=" . urlencode($vsurname); $vqstr .= "&kemail=" . urlencode($vemail); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: volunteer-form.php' . $vqstr); exit; } else { //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_volunteer = sprintf("INSERT INTO tblvolunteers (vname, vsurname, vemail, vmsg) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vmsg, 'text')); $sql_volunteer_result = mysqli_query($vconntekiah, $sql_volunteer); if ($sql_volunteer_result) { echo 'yes'; exit; } header('Location: volunteer-form.php?kinsert=failed'); exit; } } else { header('Location: volunteer-form.php'); exit; }
if ($vcontent === '') { $vvalidate++; } $vqstr = "?kvalidation=failed"; $vqstr .= "&ktitle=" . urlencode($vtitle); $vqstr .= "&kstartdate=" . urlencode($vstartdate); $vqstr .= "&kcontent=" . urlencode($vcontent); if ($vvalidate !== 0) { //ENCODE QUERYSTRING header('Location: event-add-new.php' . $vqstr); exit; } else { //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION escapestring require 'inc-function-escape-string.php'; //FORMULATE THE INSERT STATEMENT $sql_events = sprintf("INSERT INTO tblevents (edate, etitle, estartdate, econtent) VALUES (curdate(), %s, %s, %s)", escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $vstartdate, 'date'), escapestring($vconntekiah, $vcontent, 'text')); $sql_events_result = mysqli_query($vconntekiah, $sql_events); if ($sql_events_result) { header('Location: event-view.php'); exit; } else { header('Location: event-add-new.php?kinsert=failed'); exit; } } } else { header('Location: signout.php'); exit; }
<?php $vid = $_GET['txtid']; $vstatus = $_GET['txtstatus']; if ($vstatus == 'i') { $vstatus = 'a'; } else { $vstatus = 'i'; } //CONNECT TO THE MYSQL SERVER require 'inc-conntekiah.php'; //CALL IN THE FUNCTION ESCAPE STRING() require 'inc-function-escapestring.php'; //FORMULATE SQL STATEMENT $sql_delete = sprintf("UPDATE tblevents SET estatus = %s WHERE eid = %u", escapestring($vconntekiah, $vstatus, 'text'), escapestring($vconntekiah, $vid, 'int')); $delete_result = mysqli_query($vconntekiah, $sql_delete); if ($vstatus === 'i') { echo 'deactive'; } else { echo 'active'; }