function show_keyphrase($appid, $sentence)
{
$output = "xml";
$request = "http://jlp.yahooapis.jp/KeyphraseService/V1/extract?";
$request .= "appid=" . $appid . "&sentence=" . urlencode($sentence) . "&output=" . $output;
$responsexml = simplexml_load_file($request);
$result_num = count($responsexml->Result);
if ($result_num > 0) {
echo "<table>";
echo "<tr><td><b>キーフレーズ</b></td></tr>";
for ($i = 0; $i < $result_num; $i++) {
$result = $responsexml->Result[$i];
echo "<tr><td>" . escapestring($result->Keyphrase) . "</td></tr>";
}
echo "</table>";
}
}
exit;
} else {
//UNSET SESSION
/* The foreach loop works only on arrays and is used to loop through each key /value pair in an array. For every loop iteraction the value of the cuurent array element is assigned to the $val and the array pointer parameter.
*/
foreach ($_SESSION as $key => $val) {
if (substr($key, 0, 7) !== 'svadmin' && $key !== 'svabsuri') {
unset($_SESSION[$key]);
}
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_nl = sprintf("INSERT INTO tbladministrator (aname, asurname, aemail, ausername, apassword) VALUES (%s, %s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vusername, 'text'), escapestring($vconntekiah, $vpassword, 'text'));
$sql_nl_result = mysqli_query($vconntekiah, $sql_nl);
$last_id = mysqli_insert_id($vconntekiah);
if ($sql_nl_result) {
header('Location: cms-admin-display.php?kid=');
exit;
} else {
header('Location: cms-admin-add-new.php?kadd=failed');
exit;
}
}
/*. $_SESSION['svabsuri'] .*/
} else {
header('Location: signout.php');
exit;
}
if ($vcontent == '') {
$vvalidate++;
}
} else {
$vvalidate++;
}
$vqstr = "?k1=f";
$vqstr .= "&k2=" . urlencode($vcontent);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: ' . $_SESSION['svabsuri'] . 'cms/contact-edit.php' . $vqstr);
exit;
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_content = sprintf("UPDATE tblcontact SET ccontent = %s WHERE cid = {$vcid}", escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $vcid, 'int'));
$sql_content_result = mysqli_query($vconntekiah, $sql_content);
if ($sql_content_result) {
header('Location:' . $_SESSION['svabsuri'] . 'cms/contact-view.php?edit=success');
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/contact-edit.php?edit=failed');
exit;
}
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
if ($vacontent == '') {
$vvalidate++;
}
} else {
$vvalidate++;
}
$vqstr = "?k1=f";
$vqstr .= "&k2=" . urlencode($vacontent);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: ' . $_SESSION['svabsuri'] . 'cms/about-view-edit.php' . $vqstr);
exit;
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_content = sprintf("UPDATE tblabout SET acontent = %s WHERE aid = {$vcid}", escapestring($vconntekiah, $vacontent, 'text'), escapestring($vconntekiah, $vcid, 'int'));
$sql_content_result = mysqli_query($vconntekiah, $sql_content);
if ($sql_content_result) {
header('Location:' . $_SESSION['svabsuri'] . 'cms/about-view.php?edit=success');
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/about-view-edit.php?edit=failed');
exit;
}
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
}
print "</select><input type=hidden name=VIEW><input type=submit value='View and Modify' /></form><td>";
print " <td><form method=post action=customers.php><input type=hidden name=NEWCUST><input type=submit value='Create New Customer'></form></td></tr></table>";
if (array_key_exists('VIEW', $_POST)) {
$theQueryB = oci_parse($conn, "select * from customers where cust_id=" . $_POST['CUSTID'] . "");
oci_execute($theQueryB);
while ($info = oci_fetch_row($theQueryB)) {
print "<form method=post action=customers.php><table border=0 cellpadding=8, cellspacing=4>";
print "<tr><td bgcolor=B7C3D0>Customer ID</td><td bgcolor=B7C3D0>" . $info[0] . "<input type=hidden name=NEWID value='" . $info[0] . "'></td></tr>";
print "<tr><td bgcolor=B7C3D0>First Name</td><td bgcolor=B7C3D0><input type=text name=NEWFIRST value='" . escapestring($info[1]) . "'></td></tr>";
print "<tr><td bgcolor=B7C3D0>Last Name</td><td bgcolor=B7C3D0><input type=text name=NEWLAST value='" . escapestring($info[2]) . "'></td></tr>";
print "<tr><td bgcolor=B7C3D0>Street Address</td><td bgcolor=B7C3D0><input type=text name=NEWADD value='" . escapestring($info[3]) . "'></td></tr>";
print "<tr><td bgcolor=B7C3D0>City</td><td bgcolor=B7C3D0><input type=text name=NEWCITY value='" . escapestring($info[4]) . "'></td></tr>";
print "<tr><td bgcolor=B7C3D0>State</td><td bgcolor=B7C3D0><input type=text name=NEWSTATE value='" . escapestring($info[5]) . "'></td></tr>";
print "<tr><td bgcolor=B7C3D0>Zip Code</td><td bgcolor=B7C3D0><input type=text name=NEWZIP value='" . escapestring($info[6]) . "'></td></tr>";
print "<tr><td bgcolor=B7C3D0>Phone</td><td bgcolor=B7C3D0><input type=text name=NEWPHONE value='" . escapestring($info[7]) . "'></td></tr>";
print "</table><input type=hidden name=UPDATECUST value=" . $info[0] . "><input type=hidden name=VIEW><input type=hidden name=CUSTID value=" . $info[0] . "><input type=submit value='Update Info'></form>";
// print "<form method=post action=customers.php><input type=hidden name=DROPCUST value=".$info[0]."><input type=submit value='Delete Customer'></form>";
}
} else {
if (array_key_exists('NEWCUST', $_POST)) {
print "<form method=post action=customers.php><table border=0 cellpadding=8, cellspacing=4>";
print "<tr><td bgcolor=B7C3D0>Customer ID</td><td bgcolor=B7C3D0><input type=text name=NEWID></td></tr>";
print "<tr><td bgcolor=B7C3D0>First Name</td><td bgcolor=B7C3D0><input type=text name=NEWFIRST></td></tr>";
print "<tr><td bgcolor=B7C3D0>Last Name</td><td bgcolor=B7C3D0><input type=text name=NEWLAST ></td></tr>";
print "<tr><td bgcolor=B7C3D0>Street Address</td><td bgcolor=B7C3D0><input type=text name=NEWADD ></td></tr>";
print "<tr><td bgcolor=B7C3D0>City</td><td bgcolor=B7C3D0><input type=text name=NEWCITY ></td></tr>";
print "<tr><td bgcolor=B7C3D0>State</td><td bgcolor=B7C3D0><input type=text name=NEWSTATE ></td></tr>";
print "<tr><td bgcolor=B7C3D0>Zip Code</td><td bgcolor=B7C3D0><input type=text name=NEWZIP ></td></tr>";
print "<tr><td bgcolor=B7C3D0>Phone</td><td bgcolor=B7C3D0><input type=text name=NEWPHONE ></td></tr>";
print "</table><input type=hidden name=CREATECUST><input type=submit value='Create New'></form>";
if ($vbody == '') {
$vvalidate++;
}
} else {
$vvalidate++;
}
$vqstr = "?k1=f";
$vqstr .= "&k2=" . urlencode($vbody);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: ' . $_SESSION['svabsuri'] . 'cms/projects-edit.php' . $vqstr);
exit;
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_content = sprintf("UPDATE tblprojects SET pbody = %s WHERE pid = {$veid}", escapestring($vconntekiah, $vbody, 'text'), escapestring($vconntekiah, $veid, 'int'));
$sql_content_result = mysqli_query($vconntekiah, $sql_content);
if ($sql_content_result) {
header('Location:' . $_SESSION['svabsuri'] . 'cms/projects-view.php?edit=success');
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/projects-edit.php?edit=failed');
exit;
}
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
}
function escapestring($str)
{
$from = array('\\', '(', ')', '|', '-', '!', '@', '~', '"', '&', '/', '^', '$', '=');
$to = array('\\\\', '\\(', '\\)', '\\|', '\\-', '\\!', '\\@', '\\~', '\\"', '\\&', '\\/', '\\^', '\\$', '\\=');
return str_replace($from, $to, $str);
}
$trimmedquery = trim($query);
$query = trim($trimmedquery, ".");
$tokens = preg_split("/([\\s.])/", $query, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
foreach ($tokens as &$token) {
if (trim($token) != "") {
if ($token == ".") {
$token = "<< . <<";
} else {
$token = "*" . escapestring($token) . "*";
}
}
}
$query = implode(" ", $tokens);
if ($trimmedquery[0] == '.') {
$query = ". << " . $query;
}
if ($trimmedquery[strlen($trimmedquery) - 1] == '.') {
$query = $query . " << .";
}
$orderby = null;
if (strpos($trimmedquery, ".") !== false || strpos($trimmedquery, " ") !== false) {
$query = "@ftsname " . $query;
$orderby = "namelen";
} else {
}
$url .= "&sentence=" . urlencode($sentence);
$xml = simplexml_load_file($url);
foreach ($xml->ma_result->word_list->word as $cur) {
echo "<tr>\n";
if (isset($arr_response[0]) && $arr_response[0] != "") {
echo "<td>" . escapestring($cur->surface) . "</td>";
}
if (isset($arr_response[1]) && $arr_response[1] != "") {
echo "<td>" . escapestring($cur->reading) . "</td>";
}
if (isset($arr_response[2]) && $arr_response[2] != "") {
echo "<td>" . escapestring($cur->pos) . "</td>";
}
if (isset($arr_response[3]) && $arr_response[3] != "") {
echo "<td>" . escapestring($cur->baseform) . "</td>";
}
if (isset($arr_response[4]) && $arr_response[4] != "") {
echo "<td>" . escapestring($cur->feature) . "</td>";
}
echo "</tr>\n";
}
}
?>
</table></td></tr></table></form>
<!-- Begin Yahoo! JAPAN Web Services Attribution Snippet -->
<a href="http://developer.yahoo.co.jp/about">
<img src="http://i.yimg.jp/images/yjdn/yjdn_attbtn2_105_17.gif" width="105" height="17" title="Webサービス by Yahoo! JAPAN" alt="Webサービス by Yahoo! JAPAN" border="0" style="margin:15px 15px 15px 15px"></a>
<!-- End Yahoo! JAPAN Web Services Attribution Snippet -->
</body></html>
$vvalidate++;
}
} else {
$vvalidate++;
}
$vqstr = "?k1=f";
$vqstr .= "&k2=" . urlencode($vcontent);
$vqstr .= "&k3=" . urlencode($vtitle);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: ' . $_SESSION['svabsuri'] . 'cms/event-edit.php' . $vqstr);
exit;
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_content = sprintf("UPDATE tblevents SET econtent = %s, etitle = %s WHERE eid = {$veid}", escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $veid, 'int'));
$sql_content_result = mysqli_query($vconntekiah, $sql_content);
if ($sql_content_result) {
header('Location:' . $_SESSION['svabsuri'] . 'cms/event-view.php?edit=success');
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/event-edit.php?edit=failed');
exit;
}
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
$newimg = imageResize($pngimagefrmsrc);
//WE CALL THE IMAGE RESIZE FUNCTION
$newimgbasename = 'thumb_' . $vimgoriginal;
//PREFIX OUR THUMBNAIL WITH THUMB_
$vimgthumbfilepath = 'cms/uploaded-images/' . $newimgbasename;
//DEFINE THE FILE PATH FOR OUR NEW JPEG IMAGE
imagepng($newimg, $vimgthumbfilepath);
//THIS WRITES NEW PNG IMAGE TO A FILE
//CLEAN UP TMP FILES AND OBJECTS NO LONGER REQUIRED TO SAVE STORAGE SPACE
imagedestroy($pngimagefrmsrc);
imagedestroy($thumb_tmp);
}
//CONNECT TO MYSQL DATABASE
require 'inc-conntekiah.php';
//INSERT STATEMENT
$sql_insert = sprintf("INSERT INTO tblnews (nimgthumb, nimglarge, nimglargecaption) VALUES (%s, %s, %s)", escapestring($vconntekiah, $vimgthumb, 'text'), escapestring($vconntekiah, $vimglarge, 'text'), escapestring($vconntekiah, $vimglargecaption, 'text'));
$insert_result = mysqli_query($vconntekiah, $sql_insert);
$last_id = mysqli_insert_id($vconntekiah);
if ($insert_result) {
header('Location: news-preview.php?key=success&kid=' . $last_id . '');
exit;
} else {
echo 'database not updated';
exit;
}
}
} else {
header('Location: news-add-new.php?key=nofileselected');
}
} else {
header('Location: news-add-new.php?key=formnotsubmitted');
}
$vqstr = "?kvalidation=failed";
$vqstr .= "&ktitle=" . urlencode($vtitle);
$vqstr .= "&kdate=" . urlencode($vdatetime);
$vqstr .= "&ksummary=" . urlencode($vsummary);
$vqstr .= "&kcontent=" . urlencode($vcontent);
$vqstr .= "&kcaption=" . urlencode($vcaption);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: news-add-new.php' . $vqstr);
exit;
} else {
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_news = sprintf("INSERT INTO tblnews (ntitle, ndatetime, nsummary, ncontent, nimgthumb, nimglarge, nimglargecaption) VALUES (%s, %s, %s, %s, %s, %s, %s)", escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $vdatetime, 'date'), escapestring($vconntekiah, $vsummary, 'text'), escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $newimgbasename, 'text'), escapestring($vconntekiah, $vimgoriginal, 'text'), escapestring($vconntekiah, $vcaption, 'text'));
$sql_news_result = mysqli_query($vconntekiah, $sql_news);
if ($sql_news_result) {
header('Location: news-view.php');
exit;
} else {
header('Location: news-add-new.php?kinsert=failed');
exit;
}
}
} else {
header('Location: signout.php');
exit;
}
<?php
require "inc-cms-pre-doctype.php";
//CHECK IF THE FORM SUBMITTED
if (isset($_POST['txtsecurity']) && $_POST['txtsecurity'] === $_SESSION['svadminsecurity']) {
$vid = $_POST['kid'];
$vstatus = $_POST['txtstatus'];
if ($vstatus === 'i') {
$vstatus = 'a';
} elseif ($vstatus === 'a') {
$vstatus = 'i';
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_update = sprintf("UPDATE tbladministrator SET astatus = %s WHERE aid = %u", escapestring($vconntekiah, $vstatus, 'text'), escapestring($vconntekiah, $vid, 'int'));
$update_result = mysqli_query($vconntekiah, $sql_update);
if ($update_result) {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/cms-admin-display.php?kid=' . $vid . '&kupdate=true&');
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/cms-admin-display.php?kid=' . $vid . '&kupdate=false&');
exit;
}
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
function letteratoz($getletter)
{
?>
<div class="atoznav">
<?php
// array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i');
foreach (range('A', 'Z') as $letter) {
?>
<a href="index.php?letid=<?php
echo $letter;
?>
"><?php
echo $letter;
?>
</a>  
<?php
}
?>
</div> <!-- closes magazinenav-->
<?php
//$letterlist = escapeinteger($_GET['letid']);
$letterlist = escapestring($getletter);
?>
<div class="topbox">
<div class="rightlist">
<?php
if ($letterlist) {
lifestyleblogs($letterlist);
}
?>
</div></div>
<?php
}
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<link href="main.css" rel="stylesheet" type="text/css">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js"></script>
<title></title>
</head>
<body>
<form method="POST" name="qform" id="main_contents">
<p>タイトル</p>
<textarea name="title" rows="3" cols="70"><?php
echo $title;
?>
</textarea>
<p>本文</p>
<textarea id="sentence" name="sentence" rows="20" cols="70"><?php
echo escapestring($sentence);
?>
</textarea><br>
<input type="submit" name="command_query" value="解析">
</form>
<?php
echo "<div id='key_results'>";
echo "<p>分析結果</p><table>";
echo "<tr><td>キーワード</td><td>関連度</td><td>話題性</td><td>最終評価</td></tr>";
if ($sentence) {
$best_hashTag = 0;
//ベストハッシュタグ
$second_hashTag = 0;
//2番目のハッシュタグ
$hashTags = get_hashTags(APPID, $sentence);
$vvalidate++;
}
$vmsg = filter_var(trim($_POST['txtmsg']), FILTER_SANITIZE_STRING);
if ($vmsg === '') {
$vvalidate++;
}
$vqstr = "?kvalidation=failed";
$vqstr .= "&kname=" . urlencode($vname);
$vqstr .= "&ksurname=" . urlencode($vsurname);
$vqstr .= "&kemail=" . urlencode($vemail);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: contact.php' . $vqstr);
exit;
} else {
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_contact = sprintf("INSERT INTO tblcontactform (cfname, cfsurname, cfemail, cfmsg) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vmsg, 'text'));
$sql_contact_result = mysqli_query($vconntekiah, $sql_contact);
header('Location: contact.php?kinsert=successful');
exit;
header('Location: contact.php?kinsert=failed');
exit;
}
} else {
header('Location: contact.php');
exit;
}
}
}
if ($vvalidate > 0) {
session_destroy();
header('Location: signin.php?kvalidation=failed');
exit;
} else {
//EXTRACT ALL THE VALUES FROM THE GET SUPER GLOBAL ARRAY AND ASSIGN THEM TO THE VARIABLES
$vusername = sha1(trim($_POST['txtusername']));
$vpassword = sha1(trim($_POST['txtpassword']));
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE A SQL STATEMENT AND ASSIGN THE OUTCOME TO THE VARIABLE %s string formatting %u for intergers. sprintf string printe in a formated structure
$sql_signin = sprintf("SELECT * FROM tbladministrator WHERE ausername = %s AND apassword = %s AND astatus = %s", escapestring($vconntekiah, $vusername, 'text'), escapestring($vconntekiah, $vpassword, 'text'), escapestring($vconntekiah, $vstatus, 'text'));
//EXECUTE THE SQL STATEMENT
$rssignin = mysqli_query($vconntekiah, $sql_signin);
//CREATE AN ASSOCIATIVE ARRAY OF THE RECORD SET
$rssignin_rows = mysqli_fetch_assoc($rssignin);
//CLOSE CONNECTION
mysqli_close($vconntekiah);
//COUNT THE NUMBER OF RECORDS RETURNED BY THE RECORD GET
$rssignin_total_records = mysqli_num_rows($rssignin);
if ($rssignin_total_records == 1) {
//echo $rssignin_total_records; exit();
//EXTRACT FROM THE ASSOCIATIVE ARRAY THE VALUE ASSOCIATED WITH THE KEY aname
$_SESSION['svadminid'] = $rssignin_rows['aid'];
$_SESSION['svadminname'] = $rssignin_rows['aname'];
$_SESSION['svadminsurname'] = $rssignin_rows['asurname'];
$_SESSION['svadminemail'] = $rssignin_rows['aemail'];
if ($vcaption === '') {
$vvalidate++;
}
$vqstr = "?kvalidation=failed";
$vqstr .= "&kcaption=" . urlencode($vcaption);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: album-add-new.php' . $vqstr);
exit;
} else {
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//echo $vid; exit;
//FORMULATE THE INSERT STATEMENT
$sql_projects = sprintf("INSERT INTO tblalbumimages (aidate, alid, aimage, aicaption) VALUES (%s, %u, %s, %s)", escapestring($vconntekiah, $vImageDate, 'text'), escapestring($vconntekiah, $vid, 'int'), escapestring($vconntekiah, $vimgoriginal, 'text'), escapestring($vconntekiah, $vcaption, 'text'));
//echo $sql_projects; exit();
$sql_projects_result = mysqli_query($vconntekiah, $sql_projects);
if ($sql_projects_result) {
header('Location: album-view.php?kid=' . $vid);
exit;
} else {
header('Location: album-add-new.php?kinsert=failed');
exit;
}
}
} else {
header('Location: signout.php');
exit;
}
if ($_FILES['txt' . $vdptname . 'img2']['name'] == '' && $vimg2old != '') {
$vimg2 = $vimg2old;
} elseif ($_FILES['txt' . $vdptname . 'img2']['name'] != '' && $vimg2old == 'na') {
$vimg2 = imguri($_FILES['txt' . $vdptname . 'img2']['name'], $_FILES['txt' . $vdptname . 'img2']['size'], 'txt' . $vdptname . 'img2');
} else {
$vimg2 = imguri($_FILES['txt' . $vdptname . 'img2']['name'], $_FILES['txt' . $vdptname . 'img2']['size'], 'txt' . $vdptname . 'img2');
unlink('../uploaded-images/' . $vimg1old);
}
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-edit.php' . $vqstr);
exit;
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_content = sprintf("UPDATE tblnews SET nsummary = %s, ncontent = %s, ntitle = %s WHERE nid = {$vnid}", escapestring($vconntekiah, $vsummary, 'text'), escapestring($vconntekiah, $vcontent, 'text'), escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $vnid, 'int'));
$sql_content_result = mysqli_query($vconntekiah, $sql_content);
if ($sql_content_result) {
header('Location:' . $_SESSION['svabsuri'] . 'cms/news-view.php?edit=success');
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-edit.php?edit=failed');
exit;
}
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
$vqstr .= "&kname=" . urlencode($vname);
$vqstr .= "&ksurname=" . urlencode($vsurname);
$vqstr .= "&kemail=" . urlencode($vemail);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: volunteer-form.php' . $vqstr);
exit;
} else {
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_volunteer = sprintf("INSERT INTO tblvolunteers (vname, vsurname, vemail, vmsg) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vmsg, 'text'));
$sql_volunteer_result = mysqli_query($vconntekiah, $sql_volunteer);
if ($sql_volunteer_result == 'yes') {
require 'inc-function-escape-string.php';
}
require 'inc-conntekiah.php';
//FORMULATE THE INSERT STATEMENT
$sql_mailinglist = sprintf("INSERT INTO tblmailinglist (memail) VALUES (%s)", escapestring($vconntekiah, $vemail, 'text'));
$sql_mailinglist_result = mysqli_query($vconntekiah, $sql_mailinglist);
header('Location: volunteer-form.php?kinsert=successful');
exit;
header('Location: volunteer-form.php?kinsert=failed');
exit;
}
} else {
header('Location: volunteer-form.php');
exit;
}
exit;
} else {
//UNSET SESSION
/* The foreach loop works only on arrays and is used to loop through each key /value pair in an array. For every loop iteraction the value of the cuurent array element is assigned to the $val and the array pointer parameter.
*/
foreach ($_SESSION as $key => $val) {
if (substr($key, 0, 7) !== 'svadmin' && $key !== 'svabsuri') {
unset($_SESSION[$key]);
}
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_nl = sprintf("INSERT INTO tblstaff (sdate, sname, ssurname, semail) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vdate, 'text'), escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'));
$sql_nl_result = mysqli_query($vconntekiah, $sql_nl);
$last_id = mysqli_insert_id($vconntekiah);
if ($sql_nl_result) {
header('Location:' . $_SESSION['svabsuri'] . 'cms/staff-view.php?kid=' . $last_id);
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . '/staff-add-new.php');
exit;
}
}
/*. $_SESSION['svabsuri'] .*/
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
<?php
require "inc-cms-pre-doctype.php";
//CHECK IF THE FORM SUBMITTED
if (isset($_POST['txtsecurity']) && $_POST['txtsecurity'] === $_SESSION['svadminsecurity']) {
$vid = $_POST['kid'];
$vstatus = $_POST['txtstatus'];
if ($vstatus === 'i') {
$vstatus = 'a';
} elseif ($vstatus === 'a') {
$vstatus = 'i';
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_update = sprintf("UPDATE tblnews SET nstatus = %s WHERE nid = %u", escapestring($vconntekiah, $vstatus, 'text'), escapestring($vconntekiah, $vid, 'int'));
$update_result = mysqli_query($vconntekiah, $sql_update);
if ($update_result) {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-view.php?kid=' . $vid . '&kupdate=true&');
exit;
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/news-view.php?kid=' . $vid . '&kupdate=false&');
exit;
}
} else {
header('Location: ' . $_SESSION['svabsuri'] . 'cms/signout.php');
exit;
}
$vmsg = filter_var(trim($_POST['txtmsg']), FILTER_SANITIZE_STRING);
if ($vmsg === '') {
$vvalidate++;
}
$vqstr = "?kvalidation=failed";
$vqstr .= "&kname=" . urlencode($vname);
$vqstr .= "&ksurname=" . urlencode($vsurname);
$vqstr .= "&kemail=" . urlencode($vemail);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: volunteer-form.php' . $vqstr);
exit;
} else {
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_volunteer = sprintf("INSERT INTO tblvolunteers (vname, vsurname, vemail, vmsg) VALUES (%s, %s, %s, %s)", escapestring($vconntekiah, $vname, 'text'), escapestring($vconntekiah, $vsurname, 'text'), escapestring($vconntekiah, $vemail, 'text'), escapestring($vconntekiah, $vmsg, 'text'));
$sql_volunteer_result = mysqli_query($vconntekiah, $sql_volunteer);
if ($sql_volunteer_result) {
echo 'yes';
exit;
}
header('Location: volunteer-form.php?kinsert=failed');
exit;
}
} else {
header('Location: volunteer-form.php');
exit;
}
if ($vcontent === '') {
$vvalidate++;
}
$vqstr = "?kvalidation=failed";
$vqstr .= "&ktitle=" . urlencode($vtitle);
$vqstr .= "&kstartdate=" . urlencode($vstartdate);
$vqstr .= "&kcontent=" . urlencode($vcontent);
if ($vvalidate !== 0) {
//ENCODE QUERYSTRING
header('Location: event-add-new.php' . $vqstr);
exit;
} else {
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION escapestring
require 'inc-function-escape-string.php';
//FORMULATE THE INSERT STATEMENT
$sql_events = sprintf("INSERT INTO tblevents (edate, etitle, estartdate, econtent) VALUES (curdate(), %s, %s, %s)", escapestring($vconntekiah, $vtitle, 'text'), escapestring($vconntekiah, $vstartdate, 'date'), escapestring($vconntekiah, $vcontent, 'text'));
$sql_events_result = mysqli_query($vconntekiah, $sql_events);
if ($sql_events_result) {
header('Location: event-view.php');
exit;
} else {
header('Location: event-add-new.php?kinsert=failed');
exit;
}
}
} else {
header('Location: signout.php');
exit;
}
<?php
$vid = $_GET['txtid'];
$vstatus = $_GET['txtstatus'];
if ($vstatus == 'i') {
$vstatus = 'a';
} else {
$vstatus = 'i';
}
//CONNECT TO THE MYSQL SERVER
require 'inc-conntekiah.php';
//CALL IN THE FUNCTION ESCAPE STRING()
require 'inc-function-escapestring.php';
//FORMULATE SQL STATEMENT
$sql_delete = sprintf("UPDATE tblevents SET estatus = %s WHERE eid = %u", escapestring($vconntekiah, $vstatus, 'text'), escapestring($vconntekiah, $vid, 'int'));
$delete_result = mysqli_query($vconntekiah, $sql_delete);
if ($vstatus === 'i') {
echo 'deactive';
} else {
echo 'active';
}
