public function saveItem($dbc, $cid)
{
$query = "INSERT INTO basket(cartID,itemName,Value) VALUES(?,?,?)";
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "dsd", $cid, $this->name, $this->value);
if (!mysqli_execute($stmt)) {
die('stmt error: ' . mysqli_stmt_error($stmt));
}
$this->id = mysqli_stmt_insert_id($stmt);
}
public function Autenticar($user, $password)
{
$mysqli = $this->mysqli;
$stmt = \mysqli_prepare($mysqli, "CALL AUTENTICAR_ADMIN(?,?)");
\mysqli_stmt_bind_param($stmt, 'ss', $user, $password);
\mysqli_execute($stmt);
$r1 = 0;
$r2 = '';
\mysqli_stmt_bind_result($stmt, $r1, $r2);
while (\mysqli_stmt_fetch($stmt)) {
return true;
}
\mysqli_stmt_close($stmt);
}
function model_user_add($kasutajanimi, $parool)
{
global $l;
$hash = password_hash($parool, PASSWORD_DEFAULT);
$query = "INSERT INTO areinman__kasutajad (Kasutajanimi, Parool) VALUES (?,?)";
$stmt = mysqli_prepare($l, $query);
if (mysqli_error($l)) {
echo mysqli_error($l);
exit;
}
mysqli_stmt_bind_param($stmt, "ss", $kasutajanimi, $hash);
mysqli_execute($stmt);
$id = mysqli_stmt_insert_id($stmt);
mysqli_stmt_close($stmt);
return $id;
}
public function ObtenerCategoriaId($id)
{
$mysqli = $this->mysqli;
$stmt = \mysqli_prepare($mysqli, "CALL GET_CAT_ID(?)");
\mysqli_stmt_bind_param($stmt, 'i', $id);
\mysqli_execute($stmt);
$cat = 0;
$nombre = '';
$url = '';
\mysqli_stmt_bind_result($stmt, $cat, $nombre, $url);
while (\mysqli_stmt_fetch($stmt)) {
$this->intId = $cat;
$this->strNombre = $nombre;
$this->strImagen = $url;
}
\mysqli_stmt_close($stmt);
}
public function insertUser($dbc)
{
require_once '../mysqli_connect.php';
//Insert info into the database
$query = "INSERT INTO users(firstName,lastName,email, password, streetAddress, postalCode, DOB, gender) VALUES (?,?,?,?,?,?,?,?)";
//Prepare mysqli statement
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error1: ' . mysqli_error($dbc));
}
//Bind parameters
mysqli_stmt_bind_param($stmt, "ssssssds", $this->firstName, $this->lastName, $this->email, $this->password, $this->streetAddress, $this->postalCode, $this->DOB, $this->gender);
if (!mysqli_execute($stmt)) {
die('stmt error2: ' . mysqli_stmt_error($stmt));
}
$this->id = mysqli_stmt_insert_id($stmt);
}
/**
* This function removes record with id $_GET[ID'] from the table Jobs
*/
function deleteJob()
{
global $db_conn;
$redirectlocation = "index.php?action=jobs";
$stmt = mysqli_stmt_init($db_conn);
global $db_conn;
$sql = "DELETE FROM `jobs` WHERE `JobID` = ?";
if (!mysqli_stmt_prepare($stmt, $sql)) {
print "Failed to prepare statement\n";
} else {
mysqli_stmt_bind_param($stmt, "i", $_GET['id']);
mysqli_execute($stmt);
mysqli_stmt_close($stmt);
}
immediate_redirect_to($redirectlocation);
// return to jobs
}
function addBookCp($getdata, $postdata)
{
global $db;
require 'image_upload.php';
$description = $postdata['description'];
$bid = $getdata['bid'];
$path = imageUpload('data/bcopy_images/', 'bcopyimage');
$stmt = mysqli_prepare($db, 'INSERT INTO bcopies SET bid = ?, uid = ?, description = ?, image = ?');
mysqli_stmt_bind_param($stmt, 'iiss', $bid, $_SESSION['userid'], htmlspecialchars($description), $path);
mysqli_execute($stmt);
$bcid = mysqli_insert_id($db);
$success = mysqli_affected_rows($db);
if ($success) {
return $bcid;
}
return false;
}
function bookSearch($userQuery)
{
$userQuery .= "%";
global $db;
$sqlQuery = "SELECT bid, title, description, coverimage FROM books WHERE title LIKE ? ORDER by title ASC";
$stmt = mysqli_prepare($db, $sqlQuery);
mysqli_stmt_bind_param($stmt, 's', $userQuery);
mysqli_execute($stmt);
mysqli_stmt_bind_result($stmt, $bid, $title, $des, $img);
while (mysqli_stmt_fetch($stmt)) {
$books[] = ['title' => $title, 'bid' => $bid, 'description' => $des, 'img' => $img];
}
if (empty($books)) {
return false;
} else {
return $books;
}
}
if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) {
$DOB = escape_data($_POST['DOB']);
} else {
$DOB = "00000000";
}
$gender = $_POST['Gender'];
//Insert info into the database
$query = "INSERT INTO users(firstName,lastName,email, password, streetAddress, postalCode, DOB, gender) VALUES (?,?,?,?,?,?,?,?)";
//Prepare mysqli statement
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
//Bind parameters
mysqli_stmt_bind_param($stmt, "ssssssds", $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender);
if (!mysqli_execute($stmt)) {
die('stmt error: ' . mysqli_stmt_error($stmt));
}
//Query to get user ID
$query = "SELECT id FROM users WHERE email=?";
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "s", $email);
if (!mysqli_stmt_execute($stmt)) {
die('stmt error1: ' . mysqli_stmt_error($stmt));
}
mysqli_stmt_bind_result($stmt, $id);
while (mysqli_stmt_fetch($stmt)) {
$newUser = new User($id, $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender);
/**
* This functions shows the edit Jobs form
* This form is automatically filled with data given by ID
*/
function displayEditCustomer()
{
global $db_conn;
$stmt = mysqli_stmt_init($db_conn);
$sql = "SELECT * FROM `Winkel` WHERE `Wcode` = ? ";
if (!mysqli_stmt_prepare($stmt, $sql)) {
print "Failed to prepare statement\n";
} else {
mysqli_stmt_bind_param($stmt, "s", $_GET['id']);
mysqli_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
mysqli_stmt_close($stmt);
if ($row = mysqli_fetch_assoc($result)) {
?>
<h1>Edit Job</h1>
<form method="post" action="index.php?action=updateCustomer">
<table>
<tr>
<td>Name:</td>
<td><input type="text" name="Naam" value="<?php
echo $row['Naam'];
?>
" /></td>
</tr>
<tr>
<td>Address:</td>
<td><input type="text" name="Adres" value="<?php
echo $row['Adres'];
?>
" /></td>
</tr>
<tr>
<td>Place:</td>
<td><input type="text" name="Plaats" value="<?php
echo $row['Plaats'];
?>
" /></td>
</tr>
<tr>
<td>Phone Number:</td>
<td><input type="text" name="Telefoonnr" value="<?php
echo $row['Telefoonnr'];
?>
" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Save" /></td>
</tr>
</table>
<input type="hidden" name="Wcode" value="<?php
echo $row['Wcode'];
?>
" />
</form>
<?php
} else {
die("No Data could be found");
}
}
}
<?php
require 'connectdb.php';
$login_username = mysqli_real_escape_string($dbcon, $_POST['username']);
$login_password = mysqli_real_escape_string($dbcon, $_POST['password']);
$salt = 'tikde78uj4ujuhlaoikiksakeidkd';
$hash_login_password = hash_hmac('sha256', $login_password, $salt);
$sql = "SELECT * FROM tb_login WHERE login_username=? AND login_password=?";
$stmt = mysqli_prepare($dbcon, $sql);
mysqli_stmt_bind_param($stmt, "ss", $login_username, $hash_login_password);
mysqli_execute($stmt);
$result_user = mysqli_stmt_get_result($stmt);
if ($result_user->num_rows == 1) {
session_start();
$row_user = mysqli_fetch_array($result_user, MYSQLI_ASSOC);
$_SESSION['login_id'] = $row_user['login_id'];
header("Location: ../index.php");
} else {
echo "ผู้ใช้หรือรหัสผ่านไม่ถูกต้อง";
}
function _query($sql, $inputarr)
{
global $ADODB_COUNTRECS;
if (is_array($sql)) {
$stmt = $sql[1];
foreach($inputarr as $k => $v) {
if (is_string($v)) $a[] = MYSQLI_BIND_STRING;
else if (is_integer($v)) $a[] = MYSQLI_BIND_INT;
else $a[] = MYSQLI_BIND_DOUBLE;
$fnarr =& array_merge( array($stmt,$a) , $inputarr);
$ret = call_user_func_array('mysqli_bind_param',$fnarr);
}
$ret = mysqli_execute($stmt);
return $ret;
}
if (!$mysql_res = mysqli_query($this->_connectionID, $sql, ($ADODB_COUNTRECS) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT)) {
if ($this->debug) ADOConnection::outp("Query: " . $sql . " failed. " . $this->ErrorMsg());
return false;
}
return $mysql_res;
}
/**
* This function removes record with id $_GET[ID'] from the table Jobs
*/
function deleteJob()
{
global $db_conn;
$stmt = mysqli_stmt_init($db_conn);
$sql = "DELETE FROM `jobs` WHERE `JobID` = ?";
if (!mysqli_stmt_prepare($stmt, $sql)) {
print "Failed to prepare statement\n";
} else {
mysqli_stmt_bind_param($stmt, "i", $_GET['id']);
mysqli_execute($stmt);
mysqli_stmt_close($stmt);
}
header("location: index.php?action=jobs");
// return to jobs
exit;
}
function addBook($data, $files)
{
global $db;
require 'image_upload.php';
//Insert title, description, cover url and isbn it books table
$title = $data['title'];
$description = $data['description'];
$path = imageUpload('data/cover_images/', 'cover_img');
$stmt = mysqli_prepare($db, 'INSERT INTO books SET title = ?, description = ?, coverimage = ?, uid = ?');
mysqli_stmt_bind_param($stmt, 'sssi', htmlspecialchars($title), htmlspecialchars($description), $path, $_SESSION['userid']);
mysqli_execute($stmt);
$bid = mysqli_insert_id($db);
foreach ($data['authors'] as $author) {
//Insert authors name in authors table
$stmt = mysqli_prepare($db, 'INSERT INTO bookauthors SET bid = ?, name = ?');
mysqli_stmt_bind_param($stmt, 'is', $bid, htmlspecialchars($author));
mysqli_execute($stmt);
}
foreach ($data['genres'] as $genreId) {
//Insert authors name in authors table
$stmt = mysqli_prepare($db, 'INSERT INTO bookgenres SET bid = ?, genreid = ?');
mysqli_stmt_bind_param($stmt, 'ii', $bid, $genreId);
mysqli_execute($stmt);
}
return $bid;
}
<?php
// Consider the following code snippet:
$query = "INSERT INTO mytable \n (myinteger, mydouble, myblob, myvarchar)\n VALUES (?, ?, ?, ?)";
$statement = mysqli_prepare($link, $query);
if (!$statement) {
die(mysqli_error($link));
}
/* The variables being bound to by MySQLi
don't need to exist prior to binding */
mysqli_bind_param($statement, "idbs", $myinteger, $mydouble, $myblob, $myvarchar);
/* ???????????? */
/* execute the query, using the variables as defined. */
if (!mysqli_execute($statement)) {
die(mysqli_error($link));
}
// Assuming this snippet is a smaller part of a correctly written script, what actions must occur in place of the ????? in the above code snippet to insert a row with the following values: 10, 20.2, foo, string ?
/*
1) A transaction must be begun and the variables must be assigned
2) Each value must be assigned prior to calling mysqli_bind_param(), and thus nothing should be done
3) Use mysqli_bind_value() to assign each of the values
4) Assign $myinteger, $mydouble, $myblob, $myvarchar the proper values http://php.net/manual/en/mysqli-stmt.bind-param.php
*/
public function ObtenerProductoCategoria($cat)
{
$Productos = array();
$i = 0;
$mysqli = $this->mysqli;
$stmt = \mysqli_prepare($mysqli, "CALL GET_PRODUCTO_CAT(?)");
\mysqli_stmt_bind_param($stmt, 'i', $cat);
\mysqli_execute($stmt);
$categoria = '';
$titulo = '';
$imagen = '';
$descripcion = '';
$id = 0;
$precio = 0.0;
\mysqli_stmt_bind_result($stmt, $id, $titulo, $descripcion, $precio, $categoria, $imagen);
while (\mysqli_stmt_fetch($stmt)) {
$pro = new CL_PRODUCTO();
$pro->arrCategoria[0] = $categoria;
$pro->arrImagen[0] = $imagen;
$pro->dblPrecio = $precio;
$pro->strTitulo = $titulo;
$pro->strDescripcion = $descripcion;
$pro->intId = $id;
$Productos[$i] = $pro;
$i++;
}
\mysqli_stmt_close($stmt);
return $Productos;
}
. Vi glæder os til dit besøg.
<?php
} else {
if (isset($_POST['delete_button'])) {
$query = 'DELETE FROM reservationer WHERE `best_nr` = ?';
$statement = mysqli_prepare($dbc, $query);
mysqli_stmt_bind_param($statement, 's', $bestnr);
$x = mysqli_stmt_execute($statement);
var_dump($x);
echo "Du har du aflyst dit besøg";
} else {
if (isset($_POST['update_button'])) {
$query = 'SELECT `name`, `pers`, `dato`, `time`, `tlf`, `email` FROM reservationer WHERE `best_nr` = ?';
$statement = mysqli_prepare($dbc, $query);
mysqli_stmt_bind_param($statement, 's', $bestnr);
mysqli_execute($statement);
mysqli_stmt_bind_result($statement, $name, $pers, $date, $time, $tlf, $email);
mysqli_stmt_fetch($statement);
$display_time = split(':', $time)[0] . ':' . split(':', $time)[1];
$display_date = date('d-m-Y', strtotime($date));
$comments = $row['comments'];
?>
</p>
<script type="text/javascript">
$( ".notebest p" ).css( "display", "none" );
</script>
<form method="post" action="opdater.php">
<label for="name">Navn:</label>
<input type="text" id="name" name="name" value="<?php
echo $name;
protected function SelectQuery($con, $query, $params)
{
$stmt = $this->PrepareQuery($con, $query, $params);
if (!$stmt) {
return;
}
mysqli_execute($stmt);
// SELECT * FROM Users
$rows = mysqli_stmt_result_metadata($stmt);
while ($field = mysqli_fetch_field($rows)) {
$fields[] =& $row[$field->name];
$az[] = $field->name;
}
call_user_func_array(array($stmt, 'bind_result'), $fields);
$i = 0;
while (mysqli_stmt_fetch($stmt)) {
foreach ($az as $key => $value) {
$arr[$i][$value] = $row[$value];
}
$i++;
}
if ($arr) {
return $arr;
} else {
$this->DB_false($query, $params);
return FALSE;
}
}
/**
* This functions shows the edit Jobs form
* This form is automatically filled with data given by ID
*/
function displayEditJob()
{
global $db_conn;
$stmt = mysqli_stmt_init($db_conn);
$sql = "SELECT * FROM `jobs` WHERE `JobID` =? ";
if (!mysqli_stmt_prepare($stmt, $sql)) {
print "Failed to prepare statement\n";
} else {
mysqli_stmt_bind_param($stmt, "i", $_GET['id']);
mysqli_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
mysqli_stmt_close($stmt);
if ($row = mysqli_fetch_assoc($result)) {
?>
<h1>Edit Job</h1>
<form method="post" action="index.php?action=updateJob">
<table>
<tr>
<td>Title:</td>
<td><input type="text" name="JobTitle" value="<?php
echo $row['JobTitle'];
?>
" /></td>
</tr>
<tr>
<td>Minimum Salary:</td>
<td><input type="text" name="MinSalary" value="<?php
echo $row['MinSalary'];
?>
" /></td>
</tr>
<tr>
<td>Maximum Salary:</td>
<td><input type="text" name="Maxsalary" value="<?php
echo $row['MaxSalary'];
?>
" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Save" /></td>
</tr>
</table>
<input type="hidden" name="JobID" value="<?php
echo $row['JobID'];
?>
" />
</form>
<?php
} else {
die("No Data could be found");
}
}
}
<?php
$args = array('id_client' => FILTER_VALIDATE_INT, 'id_model' => FILTER_VALIDATE_INT, 'date' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => "/^\\d{4}-\\d{2}-\\d{2}\$/")), 'fio_human' => FILTER_SANITIZE_STRING, 'tel_human' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => "/^\\(\\d{3}\\).\\d{3}-\\d{4}\$/")), 'serial' => FILTER_SANITIZE_STRING, 'defect' => array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_FLAG_NO_ENCODE_QUOTES), 'complect' => array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_FLAG_NO_ENCODE_QUOTES), 'print' => FILTER_SANITIZE_STRING, 'prin' => FILTER_VALIDATE_INT);
$inputs = filter_input_array(INPUT_POST, $args);
// var_dump($inputs);
$query = "INSERT INTO `" . $S_CONFIG['prefix'] . "remont` \n\t\t\tVALUE (NULL, ?, ?, 'NNNNNNNNNN', ?, ?, ?, ?, ?, ?, ?, 0, ?, 1, 'N', NULL, 'N', '', 'N')";
$prep = mysqli_prepare($S_CONFIG['link'], $query);
$pass = pass_generator();
mysqli_stmt_bind_param($prep, 'ssississsi', $pass, $inputs['date'], $inputs['id_client'], $inputs['fio_human'], $inputs['tel_human'], $inputs['id_model'], $inputs['complect'], $inputs['defect'], $inputs['serial'], $inputs['prin']);
$redirect['timer'] = 0;
if (!mysqli_execute($prep)) {
$redirect['error_text'] = mysqli_error($S_CONFIG['link']);
$redirect['url'] = $_SERVER['HTTP_REFERER'];
} else {
$insert_id = mysqli_insert_id($S_CONFIG['link']);
$redirect['url'] = "?r=single/view&id=" . $insert_id;
if (isset($inputs['print'])) {
$redirect['text'] = '<script type="text/javascript">
window.open("/index.php?r=print/add&id=' . $insert_id . '", "_blank");
</script>';
}
}
render(array('redirect' => $redirect), "redirect");
function pass_generator()
{
$lowercase = "zyxwvutsrqponmlkjihgfedcba";
//символы в нижнем регистре 26
$uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
//символы в верхнем регистре 26
$speccase = "!-_+.,";
//специальные символы 6
