public function saveItem($dbc, $cid) { $query = "INSERT INTO basket(cartID,itemName,Value) VALUES(?,?,?)"; $stmt = mysqli_prepare($dbc, $query); if (!$stmt) { die('mysqli error: ' . mysqli_error($dbc)); } mysqli_stmt_bind_param($stmt, "dsd", $cid, $this->name, $this->value); if (!mysqli_execute($stmt)) { die('stmt error: ' . mysqli_stmt_error($stmt)); } $this->id = mysqli_stmt_insert_id($stmt); }
public function Autenticar($user, $password) { $mysqli = $this->mysqli; $stmt = \mysqli_prepare($mysqli, "CALL AUTENTICAR_ADMIN(?,?)"); \mysqli_stmt_bind_param($stmt, 'ss', $user, $password); \mysqli_execute($stmt); $r1 = 0; $r2 = ''; \mysqli_stmt_bind_result($stmt, $r1, $r2); while (\mysqli_stmt_fetch($stmt)) { return true; } \mysqli_stmt_close($stmt); }
function model_user_add($kasutajanimi, $parool) { global $l; $hash = password_hash($parool, PASSWORD_DEFAULT); $query = "INSERT INTO areinman__kasutajad (Kasutajanimi, Parool) VALUES (?,?)"; $stmt = mysqli_prepare($l, $query); if (mysqli_error($l)) { echo mysqli_error($l); exit; } mysqli_stmt_bind_param($stmt, "ss", $kasutajanimi, $hash); mysqli_execute($stmt); $id = mysqli_stmt_insert_id($stmt); mysqli_stmt_close($stmt); return $id; }
public function ObtenerCategoriaId($id) { $mysqli = $this->mysqli; $stmt = \mysqli_prepare($mysqli, "CALL GET_CAT_ID(?)"); \mysqli_stmt_bind_param($stmt, 'i', $id); \mysqli_execute($stmt); $cat = 0; $nombre = ''; $url = ''; \mysqli_stmt_bind_result($stmt, $cat, $nombre, $url); while (\mysqli_stmt_fetch($stmt)) { $this->intId = $cat; $this->strNombre = $nombre; $this->strImagen = $url; } \mysqli_stmt_close($stmt); }
public function insertUser($dbc) { require_once '../mysqli_connect.php'; //Insert info into the database $query = "INSERT INTO users(firstName,lastName,email, password, streetAddress, postalCode, DOB, gender) VALUES (?,?,?,?,?,?,?,?)"; //Prepare mysqli statement $stmt = mysqli_prepare($dbc, $query); if (!$stmt) { die('mysqli error1: ' . mysqli_error($dbc)); } //Bind parameters mysqli_stmt_bind_param($stmt, "ssssssds", $this->firstName, $this->lastName, $this->email, $this->password, $this->streetAddress, $this->postalCode, $this->DOB, $this->gender); if (!mysqli_execute($stmt)) { die('stmt error2: ' . mysqli_stmt_error($stmt)); } $this->id = mysqli_stmt_insert_id($stmt); }
/** * This function removes record with id $_GET[ID'] from the table Jobs */ function deleteJob() { global $db_conn; $redirectlocation = "index.php?action=jobs"; $stmt = mysqli_stmt_init($db_conn); global $db_conn; $sql = "DELETE FROM `jobs` WHERE `JobID` = ?"; if (!mysqli_stmt_prepare($stmt, $sql)) { print "Failed to prepare statement\n"; } else { mysqli_stmt_bind_param($stmt, "i", $_GET['id']); mysqli_execute($stmt); mysqli_stmt_close($stmt); } immediate_redirect_to($redirectlocation); // return to jobs }
function addBookCp($getdata, $postdata) { global $db; require 'image_upload.php'; $description = $postdata['description']; $bid = $getdata['bid']; $path = imageUpload('data/bcopy_images/', 'bcopyimage'); $stmt = mysqli_prepare($db, 'INSERT INTO bcopies SET bid = ?, uid = ?, description = ?, image = ?'); mysqli_stmt_bind_param($stmt, 'iiss', $bid, $_SESSION['userid'], htmlspecialchars($description), $path); mysqli_execute($stmt); $bcid = mysqli_insert_id($db); $success = mysqli_affected_rows($db); if ($success) { return $bcid; } return false; }
function bookSearch($userQuery) { $userQuery .= "%"; global $db; $sqlQuery = "SELECT bid, title, description, coverimage FROM books WHERE title LIKE ? ORDER by title ASC"; $stmt = mysqli_prepare($db, $sqlQuery); mysqli_stmt_bind_param($stmt, 's', $userQuery); mysqli_execute($stmt); mysqli_stmt_bind_result($stmt, $bid, $title, $des, $img); while (mysqli_stmt_fetch($stmt)) { $books[] = ['title' => $title, 'bid' => $bid, 'description' => $des, 'img' => $img]; } if (empty($books)) { return false; } else { return $books; } }
if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) { $DOB = escape_data($_POST['DOB']); } else { $DOB = "00000000"; } $gender = $_POST['Gender']; //Insert info into the database $query = "INSERT INTO users(firstName,lastName,email, password, streetAddress, postalCode, DOB, gender) VALUES (?,?,?,?,?,?,?,?)"; //Prepare mysqli statement $stmt = mysqli_prepare($dbc, $query); if (!$stmt) { die('mysqli error: ' . mysqli_error($dbc)); } //Bind parameters mysqli_stmt_bind_param($stmt, "ssssssds", $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender); if (!mysqli_execute($stmt)) { die('stmt error: ' . mysqli_stmt_error($stmt)); } //Query to get user ID $query = "SELECT id FROM users WHERE email=?"; $stmt = mysqli_prepare($dbc, $query); if (!$stmt) { die('mysqli error: ' . mysqli_error($dbc)); } mysqli_stmt_bind_param($stmt, "s", $email); if (!mysqli_stmt_execute($stmt)) { die('stmt error1: ' . mysqli_stmt_error($stmt)); } mysqli_stmt_bind_result($stmt, $id); while (mysqli_stmt_fetch($stmt)) { $newUser = new User($id, $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender);
/** * This functions shows the edit Jobs form * This form is automatically filled with data given by ID */ function displayEditCustomer() { global $db_conn; $stmt = mysqli_stmt_init($db_conn); $sql = "SELECT * FROM `Winkel` WHERE `Wcode` = ? "; if (!mysqli_stmt_prepare($stmt, $sql)) { print "Failed to prepare statement\n"; } else { mysqli_stmt_bind_param($stmt, "s", $_GET['id']); mysqli_execute($stmt); $result = mysqli_stmt_get_result($stmt); mysqli_stmt_close($stmt); if ($row = mysqli_fetch_assoc($result)) { ?> <h1>Edit Job</h1> <form method="post" action="index.php?action=updateCustomer"> <table> <tr> <td>Name:</td> <td><input type="text" name="Naam" value="<?php echo $row['Naam']; ?> " /></td> </tr> <tr> <td>Address:</td> <td><input type="text" name="Adres" value="<?php echo $row['Adres']; ?> " /></td> </tr> <tr> <td>Place:</td> <td><input type="text" name="Plaats" value="<?php echo $row['Plaats']; ?> " /></td> </tr> <tr> <td>Phone Number:</td> <td><input type="text" name="Telefoonnr" value="<?php echo $row['Telefoonnr']; ?> " /></td> </tr> <tr> <td></td> <td><input type="submit" value="Save" /></td> </tr> </table> <input type="hidden" name="Wcode" value="<?php echo $row['Wcode']; ?> " /> </form> <?php } else { die("No Data could be found"); } } }
<?php require 'connectdb.php'; $login_username = mysqli_real_escape_string($dbcon, $_POST['username']); $login_password = mysqli_real_escape_string($dbcon, $_POST['password']); $salt = 'tikde78uj4ujuhlaoikiksakeidkd'; $hash_login_password = hash_hmac('sha256', $login_password, $salt); $sql = "SELECT * FROM tb_login WHERE login_username=? AND login_password=?"; $stmt = mysqli_prepare($dbcon, $sql); mysqli_stmt_bind_param($stmt, "ss", $login_username, $hash_login_password); mysqli_execute($stmt); $result_user = mysqli_stmt_get_result($stmt); if ($result_user->num_rows == 1) { session_start(); $row_user = mysqli_fetch_array($result_user, MYSQLI_ASSOC); $_SESSION['login_id'] = $row_user['login_id']; header("Location: ../index.php"); } else { echo "ผู้ใช้หรือรหัสผ่านไม่ถูกต้อง"; }
function _query($sql, $inputarr) { global $ADODB_COUNTRECS; if (is_array($sql)) { $stmt = $sql[1]; foreach($inputarr as $k => $v) { if (is_string($v)) $a[] = MYSQLI_BIND_STRING; else if (is_integer($v)) $a[] = MYSQLI_BIND_INT; else $a[] = MYSQLI_BIND_DOUBLE; $fnarr =& array_merge( array($stmt,$a) , $inputarr); $ret = call_user_func_array('mysqli_bind_param',$fnarr); } $ret = mysqli_execute($stmt); return $ret; } if (!$mysql_res = mysqli_query($this->_connectionID, $sql, ($ADODB_COUNTRECS) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT)) { if ($this->debug) ADOConnection::outp("Query: " . $sql . " failed. " . $this->ErrorMsg()); return false; } return $mysql_res; }
/** * This function removes record with id $_GET[ID'] from the table Jobs */ function deleteJob() { global $db_conn; $stmt = mysqli_stmt_init($db_conn); $sql = "DELETE FROM `jobs` WHERE `JobID` = ?"; if (!mysqli_stmt_prepare($stmt, $sql)) { print "Failed to prepare statement\n"; } else { mysqli_stmt_bind_param($stmt, "i", $_GET['id']); mysqli_execute($stmt); mysqli_stmt_close($stmt); } header("location: index.php?action=jobs"); // return to jobs exit; }
function addBook($data, $files) { global $db; require 'image_upload.php'; //Insert title, description, cover url and isbn it books table $title = $data['title']; $description = $data['description']; $path = imageUpload('data/cover_images/', 'cover_img'); $stmt = mysqli_prepare($db, 'INSERT INTO books SET title = ?, description = ?, coverimage = ?, uid = ?'); mysqli_stmt_bind_param($stmt, 'sssi', htmlspecialchars($title), htmlspecialchars($description), $path, $_SESSION['userid']); mysqli_execute($stmt); $bid = mysqli_insert_id($db); foreach ($data['authors'] as $author) { //Insert authors name in authors table $stmt = mysqli_prepare($db, 'INSERT INTO bookauthors SET bid = ?, name = ?'); mysqli_stmt_bind_param($stmt, 'is', $bid, htmlspecialchars($author)); mysqli_execute($stmt); } foreach ($data['genres'] as $genreId) { //Insert authors name in authors table $stmt = mysqli_prepare($db, 'INSERT INTO bookgenres SET bid = ?, genreid = ?'); mysqli_stmt_bind_param($stmt, 'ii', $bid, $genreId); mysqli_execute($stmt); } return $bid; }
<?php // Consider the following code snippet: $query = "INSERT INTO mytable \n (myinteger, mydouble, myblob, myvarchar)\n VALUES (?, ?, ?, ?)"; $statement = mysqli_prepare($link, $query); if (!$statement) { die(mysqli_error($link)); } /* The variables being bound to by MySQLi don't need to exist prior to binding */ mysqli_bind_param($statement, "idbs", $myinteger, $mydouble, $myblob, $myvarchar); /* ???????????? */ /* execute the query, using the variables as defined. */ if (!mysqli_execute($statement)) { die(mysqli_error($link)); } // Assuming this snippet is a smaller part of a correctly written script, what actions must occur in place of the ????? in the above code snippet to insert a row with the following values: 10, 20.2, foo, string ? /* 1) A transaction must be begun and the variables must be assigned 2) Each value must be assigned prior to calling mysqli_bind_param(), and thus nothing should be done 3) Use mysqli_bind_value() to assign each of the values 4) Assign $myinteger, $mydouble, $myblob, $myvarchar the proper values http://php.net/manual/en/mysqli-stmt.bind-param.php */
public function ObtenerProductoCategoria($cat) { $Productos = array(); $i = 0; $mysqli = $this->mysqli; $stmt = \mysqli_prepare($mysqli, "CALL GET_PRODUCTO_CAT(?)"); \mysqli_stmt_bind_param($stmt, 'i', $cat); \mysqli_execute($stmt); $categoria = ''; $titulo = ''; $imagen = ''; $descripcion = ''; $id = 0; $precio = 0.0; \mysqli_stmt_bind_result($stmt, $id, $titulo, $descripcion, $precio, $categoria, $imagen); while (\mysqli_stmt_fetch($stmt)) { $pro = new CL_PRODUCTO(); $pro->arrCategoria[0] = $categoria; $pro->arrImagen[0] = $imagen; $pro->dblPrecio = $precio; $pro->strTitulo = $titulo; $pro->strDescripcion = $descripcion; $pro->intId = $id; $Productos[$i] = $pro; $i++; } \mysqli_stmt_close($stmt); return $Productos; }
. Vi glæder os til dit besøg. <?php } else { if (isset($_POST['delete_button'])) { $query = 'DELETE FROM reservationer WHERE `best_nr` = ?'; $statement = mysqli_prepare($dbc, $query); mysqli_stmt_bind_param($statement, 's', $bestnr); $x = mysqli_stmt_execute($statement); var_dump($x); echo "Du har du aflyst dit besøg"; } else { if (isset($_POST['update_button'])) { $query = 'SELECT `name`, `pers`, `dato`, `time`, `tlf`, `email` FROM reservationer WHERE `best_nr` = ?'; $statement = mysqli_prepare($dbc, $query); mysqli_stmt_bind_param($statement, 's', $bestnr); mysqli_execute($statement); mysqli_stmt_bind_result($statement, $name, $pers, $date, $time, $tlf, $email); mysqli_stmt_fetch($statement); $display_time = split(':', $time)[0] . ':' . split(':', $time)[1]; $display_date = date('d-m-Y', strtotime($date)); $comments = $row['comments']; ?> </p> <script type="text/javascript"> $( ".notebest p" ).css( "display", "none" ); </script> <form method="post" action="opdater.php"> <label for="name">Navn:</label> <input type="text" id="name" name="name" value="<?php echo $name;
protected function SelectQuery($con, $query, $params) { $stmt = $this->PrepareQuery($con, $query, $params); if (!$stmt) { return; } mysqli_execute($stmt); // SELECT * FROM Users $rows = mysqli_stmt_result_metadata($stmt); while ($field = mysqli_fetch_field($rows)) { $fields[] =& $row[$field->name]; $az[] = $field->name; } call_user_func_array(array($stmt, 'bind_result'), $fields); $i = 0; while (mysqli_stmt_fetch($stmt)) { foreach ($az as $key => $value) { $arr[$i][$value] = $row[$value]; } $i++; } if ($arr) { return $arr; } else { $this->DB_false($query, $params); return FALSE; } }
/** * This functions shows the edit Jobs form * This form is automatically filled with data given by ID */ function displayEditJob() { global $db_conn; $stmt = mysqli_stmt_init($db_conn); $sql = "SELECT * FROM `jobs` WHERE `JobID` =? "; if (!mysqli_stmt_prepare($stmt, $sql)) { print "Failed to prepare statement\n"; } else { mysqli_stmt_bind_param($stmt, "i", $_GET['id']); mysqli_execute($stmt); $result = mysqli_stmt_get_result($stmt); mysqli_stmt_close($stmt); if ($row = mysqli_fetch_assoc($result)) { ?> <h1>Edit Job</h1> <form method="post" action="index.php?action=updateJob"> <table> <tr> <td>Title:</td> <td><input type="text" name="JobTitle" value="<?php echo $row['JobTitle']; ?> " /></td> </tr> <tr> <td>Minimum Salary:</td> <td><input type="text" name="MinSalary" value="<?php echo $row['MinSalary']; ?> " /></td> </tr> <tr> <td>Maximum Salary:</td> <td><input type="text" name="Maxsalary" value="<?php echo $row['MaxSalary']; ?> " /></td> </tr> <tr> <td></td> <td><input type="submit" value="Save" /></td> </tr> </table> <input type="hidden" name="JobID" value="<?php echo $row['JobID']; ?> " /> </form> <?php } else { die("No Data could be found"); } } }
<?php $args = array('id_client' => FILTER_VALIDATE_INT, 'id_model' => FILTER_VALIDATE_INT, 'date' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => "/^\\d{4}-\\d{2}-\\d{2}\$/")), 'fio_human' => FILTER_SANITIZE_STRING, 'tel_human' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => "/^\\(\\d{3}\\).\\d{3}-\\d{4}\$/")), 'serial' => FILTER_SANITIZE_STRING, 'defect' => array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_FLAG_NO_ENCODE_QUOTES), 'complect' => array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_FLAG_NO_ENCODE_QUOTES), 'print' => FILTER_SANITIZE_STRING, 'prin' => FILTER_VALIDATE_INT); $inputs = filter_input_array(INPUT_POST, $args); // var_dump($inputs); $query = "INSERT INTO `" . $S_CONFIG['prefix'] . "remont` \n\t\t\tVALUE (NULL, ?, ?, 'NNNNNNNNNN', ?, ?, ?, ?, ?, ?, ?, 0, ?, 1, 'N', NULL, 'N', '', 'N')"; $prep = mysqli_prepare($S_CONFIG['link'], $query); $pass = pass_generator(); mysqli_stmt_bind_param($prep, 'ssississsi', $pass, $inputs['date'], $inputs['id_client'], $inputs['fio_human'], $inputs['tel_human'], $inputs['id_model'], $inputs['complect'], $inputs['defect'], $inputs['serial'], $inputs['prin']); $redirect['timer'] = 0; if (!mysqli_execute($prep)) { $redirect['error_text'] = mysqli_error($S_CONFIG['link']); $redirect['url'] = $_SERVER['HTTP_REFERER']; } else { $insert_id = mysqli_insert_id($S_CONFIG['link']); $redirect['url'] = "?r=single/view&id=" . $insert_id; if (isset($inputs['print'])) { $redirect['text'] = '<script type="text/javascript"> window.open("/index.php?r=print/add&id=' . $insert_id . '", "_blank"); </script>'; } } render(array('redirect' => $redirect), "redirect"); function pass_generator() { $lowercase = "zyxwvutsrqponmlkjihgfedcba"; //символы в нижнем регистре 26 $uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; //символы в верхнем регистре 26 $speccase = "!-_+.,"; //специальные символы 6