function handle_post() { if ($_GET["name"] && $_GET["userid"]) { $userName = strtolower(str_replace(' ', '_', $_GET["name"])); $filePath = generatePath(strtolower($_GET["userid"]), $userName); $json = file_get_contents('php://input'); writeJson($filePath, $json); } else { echo generateError("Error while generating / saving"); } }
function processSetQuery($query, $vars) { try { $db = $GLOBALS["db"]; // These two statements run the query against your database table. $stmt = $db->prepare($query); $result = $stmt->execute($vars); } catch (PDOException $ex) { echo $query; // Note: On a production website, you should not output $ex->getMessage(). // It may provide an attacker with helpful information about your code. print "<div class=\"error\">Failed to run query: " . $ex->getMessage() . "</div>"; generateError(1, "db failure"); } return null; }
function execSQL() { //point,query,format,params $array = func_get_args(); $count = func_num_args(); if ($count < 1) { generateError("Insufficient arguments", "CRITIAL ERROR", "NO POINT GIVEN", $array); } if ($count < 2) { generateError("Insufficient arguments", "Insufficient Arguments", $array[0], $array); } $myDB = dbConnect(); $query = $myDB->prepare($array[1]); if (!$query) { generateError("Query went false", "Query failure", "execSQL 1+" . $array[0], $array); } if ($count > 2) { $passArr = array(); array_push($passArr, $array[2]); for ($i = 3; $i < $count; $i++) { array_push($passArr, $array[$i]); } call_user_func_array(array($query, "bind_param"), makeValuesReferenced($passArr)); if (!$query) { generateError("Query went false", "Query failure", "execSQL 2+" . $array[0], $array); } } $query->execute(); if (!$query || $query->error) { if ($query) { $msg = "Query errored: " . $query->errorInfo(); } else { $msg = "Query went false"; } generateError($msg, "Query failure", "execSQL 3+" . $array[0], $array); return false; } if (strtolower(substr($array[1], 0, 6)) == 'insert') { return $query->insert_id; } else { //not an Insert, so just return true; return true; } }