function handle_post()
{
if ($_GET["name"] && $_GET["userid"]) {
$userName = strtolower(str_replace(' ', '_', $_GET["name"]));
$filePath = generatePath(strtolower($_GET["userid"]), $userName);
$json = file_get_contents('php://input');
writeJson($filePath, $json);
} else {
echo generateError("Error while generating / saving");
}
}
function processSetQuery($query, $vars)
{
try {
$db = $GLOBALS["db"];
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($vars);
} catch (PDOException $ex) {
echo $query;
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
print "<div class=\"error\">Failed to run query: " . $ex->getMessage() . "</div>";
generateError(1, "db failure");
}
return null;
}
function execSQL()
{
//point,query,format,params
$array = func_get_args();
$count = func_num_args();
if ($count < 1) {
generateError("Insufficient arguments", "CRITIAL ERROR", "NO POINT GIVEN", $array);
}
if ($count < 2) {
generateError("Insufficient arguments", "Insufficient Arguments", $array[0], $array);
}
$myDB = dbConnect();
$query = $myDB->prepare($array[1]);
if (!$query) {
generateError("Query went false", "Query failure", "execSQL 1+" . $array[0], $array);
}
if ($count > 2) {
$passArr = array();
array_push($passArr, $array[2]);
for ($i = 3; $i < $count; $i++) {
array_push($passArr, $array[$i]);
}
call_user_func_array(array($query, "bind_param"), makeValuesReferenced($passArr));
if (!$query) {
generateError("Query went false", "Query failure", "execSQL 2+" . $array[0], $array);
}
}
$query->execute();
if (!$query || $query->error) {
if ($query) {
$msg = "Query errored: " . $query->errorInfo();
} else {
$msg = "Query went false";
}
generateError($msg, "Query failure", "execSQL 3+" . $array[0], $array);
return false;
}
if (strtolower(substr($array[1], 0, 6)) == 'insert') {
return $query->insert_id;
} else {
//not an Insert, so just return true;
return true;
}
}
