function __construct() { $this->DBConnArray = getDBConn(); if (!$this->DBConnArray['ErrorReturn']['Success']) { $_SESSION['returnArray'] = $this->DBConnArray['ErrorReturn']['ErrorMessage']; #header("Location: " . $_SERVER['HTTP_REFERER']); return; } }
$hold = htmlspecialchars($value); $hold = trim($hold); $hold = stripslashes($hold); $postArray[$name] = $hold; } $listStr = preg_replace("/\\)/", "", $_REQUEST['date_list']); $listArr = explode("(", $listStr); $invoiceList = array(); foreach ($listArr as $ownDtPair) { $arr = explode(",", $ownDtPair); if (!isset($arr[1])) { continue; } $invoiceList[$arr[0]][] = $arr[1]; } $DBConnArray = getDBConn(); if (!$DBConnArray['ErrorReturn']['Success']) { echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage'])); } ######################################################## # get all relevant owners ######################################################## $sql = "SELECT o.* FROM owners as o, users as u, canners as c \n\t\tWHERE u.id=c.user_id AND o.canner_id = c.user_id\n\t\tAND u.email_address = '" . $postArray['email_address'] . "'\n\t\tORDER BY o.collection_day, city_address;"; $returnArray = getDataSet($DBConnArray, $sql); if (!$returnArray['ErrorReturn']['Success']) { echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage'])); return; } ########################################################## # get invoices and payments ##########################################################
<?php require_once "config.php"; $db_link = getDBConn(); function getDBConn() { set_time_limit(1); @($db_link = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE)) or print ""; //emailAdmin("Could not connect", "Could not connect to database (utilities.getDBConn):".mysql_error()); //die('Could not connect: ' . mysql_error()); if ($db_link) { print mysql_error(); return $db_link; } }
function doRegister() { if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) { $_SESSION['registered'] = false; $_SESSION['msgToUser'] = "******"; header('Location: register.php'); die; } if ($_POST["password"] != $_POST["password2"]) { $_SESSION['registered'] = false; $_SESSION['msgToUser'] = "******"; header('Location: register.php'); die; } if (strlen($_POST["password"]) < 8) { $_SESSION['registered'] = false; $_SESSION['msgToUser'] = "******"; header('Location: register.php'); die; } $dbcon = getDBConn(); $stmt = $dbcon->prepare("SELECT `fname` from `users` WHERE `email` = :email"); $stmt->bindParam(':email', $_POST["email"]); $stmt->execute(); if ($stmt->rowCount() > 0) { //A user with that email already exists $_SESSION['registered'] = false; header('Location: index.php'); } else { //No user exists so we can register $pword_hash = password_hash($_POST["password"], PASSWORD_DEFAULT); $stmt = $dbcon->prepare("INSERT INTO `users` (fname,lname,email,pword,admin) VALUES (:fname,:lname,:email,:pword,FALSE)"); $stmt->bindParam(':fname', $_POST["fname"]); $stmt->bindParam(':lname', $_POST["lname"]); $stmt->bindParam(':email', $_POST["email"]); $stmt->bindParam(':pword', $pword_hash); $stmt->execute(); $_SESSION['registered'] = true; header('Location: index.php'); } }
<?php include 'functions.php'; doHeader('Upload Project'); $conn = getDBConn(); $ending = ".php"; if (isset($_POST['submit'])) { $urlname = str_replace(' ', '', $_POST['name']) . $ending; $stmt = $conn->prepare("INSERT INTO projects (name, description, location)\n VALUES (:name, :description, :loc)"); $stmt->bindValue(':name', htmlentities($_POST['name'])); $stmt->bindValue(':description', htmlentities($_POST['desc'])); $stmt->bindValue(':loc', htmlentities($_POST['loc'])); $stmt->execute(); } ?> <h2>Upload a Project </h2> <?php if (isset($_POST['submit'])) { echo "<p class='red'> " . $_POST['name'] . " has been successfully uploaded at " . $urlname . "</p>"; echo "<p class='red'>Edit the page <a href='" . $urlname . "'>here.</a></p>"; } ?> <hr class='separator' align='left'> <form action="uploadProj.php" name="uploadForm" method="post"> <div class="form-group"> <label> Name:
function getProductDesc($productNum) { $db = getDBConn(getCurrentUser()); $stmt = $db->prepare("SELECT Description FROM AT_Product WHERE ID = :productID"); $stmt->execute(array(':productID' => $productNum)); $description = $stmt->fetchColumn(); return $description; }
function getPage() { $NUMPERPAGE = 10; $pageToGet = intval($_POST["pageNumber"]); $pageToGet--; $sql = "SELECT * FROM `dinfo`"; $dbconn = getDBConn(); $numEntries = $dbconn->query($sql)->rowCount(); $numPages = (int) $numEntries / $NUMPERPAGE; if ($pageToGet < $numPages && $pageToGet >= 0) { $startIndex = $pageToGet * $NUMPERPAGE; $sql2 = "SELECT `dname` FROM `dinfo` LIMIT :numPerPage OFFSET :start"; $drinkInfo = $dbconn->prepare($sql2); $drinkInfo->bindParam(":numPerPage", $NUMPERPAGE, PDO::PARAM_INT); $drinkInfo->bindParam(":start", $startIndex, PDO::PARAM_INT); $drinkInfo->execute(); $drinkInfoResult = $drinkInfo->fetchAll(PDO::FETCH_ASSOC); echo json_encode($drinkInfoResult); } }
function addAdmin() { $dbconn = getDBConn(); $stmt = $dbconn->prepare("UPDATE `users` SET admin= 1 WHERE id = :id"); $stmt->bindParam(':id', $_POST['addadmin']); $stmt->execute(); header("Location: admin.php"); }