function authenticate_user($data) { global $db; $email = $data['email']; $password = $data['password']; //getting the salt $stmt = mysqli_prepare($db, "SELECT salt FROM users WHERE email = ? LIMIT 1"); mysqli_stmt_bind_param($stmt, "s", $email); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); mysqli_stmt_bind_result($stmt, $salt); if (mysqli_stmt_num_rows($stmt)) { mysqli_stmt_fetch($stmt); $password = hash('sha256', "{$password}" . "{$salt}"); //adding salt to given pass hashing and checking if the resulting hash is the same as the original mysqli_stmt_close($stmt); $stmt = mysqli_prepare($db, "SELECT uid, username, email FROM users WHERE email = ? AND password = ?"); mysqli_stmt_bind_param($stmt, "ss", $email, $password); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); mysqli_stmt_bind_result($stmt, $uid, $username, $email); if (mysqli_stmt_num_rows($stmt)) { mysqli_stmt_fetch($stmt); mysqli_stmt_close($stmt); $user = ['userid' => $uid, 'username' => $username, 'email' => $email]; return $user; } else { return false; } } else { return false; } }
function checkrows() { include "components/db_connect.php"; $username = $_POST['email']; $x = "select * from details where email='{$username}'"; $result = mysqli_prepare($con, $x); mysqli_stmt_execute($result); mysqli_stmt_store_result($result); $y = mysqli_stmt_num_rows($result); include "components/db_disconnect.php"; return $y; }
if (mysqli_stmt_prepare($stmt, 'SELECT unknown_column FROM this_table_does_not_exist') || mysqli_stmt_execute($stmt)) { printf("[041] The invalid SELECT statement is issued on purpose\n"); } if (-1 !== ($tmp = mysqli_stmt_affected_rows($stmt))) { printf("[042] Expecting int/-1, got %s/%s\n", gettype($tmp), $tmp); } if ($IS_MYSQLND) { if (false !== ($tmp = mysqli_stmt_store_result($stmt))) { printf("[043] Expecting boolean/false, got %s\\%s\n", gettype($tmp), $tmp); } } else { if (true !== ($tmp = mysqli_stmt_store_result($stmt))) { printf("[043] Libmysql does not care if the previous statement was bogus, expecting boolean/true, got %s\\%s\n", gettype($tmp), $tmp); } } if (0 !== ($tmp = mysqli_stmt_num_rows($stmt))) { printf("[044] Expecting int/0, got %s/%s\n", gettype($tmp), $tmp); } if (-1 !== ($tmp = mysqli_stmt_affected_rows($stmt))) { printf("[045] Expecting int/-1, got %s/%s\n", gettype($tmp), $tmp); } mysqli_stmt_close($stmt); $stmt = mysqli_stmt_init($link); if (!mysqli_stmt_prepare($stmt, "DROP TABLE IF EXISTS test_mysqli_stmt_affected_rows_table_1") || !mysqli_stmt_execute($stmt)) { printf("[046] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); } mysqli_stmt_close($stmt); if (!is_null($tmp = mysqli_stmt_affected_rows($stmt))) { printf("[047] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp); } mysqli_close($link);
function login() { include_once 'database_conn.php'; // check is form filled if (isFormFilled()) { // if not filled, stop return; } $uid = sanitizeData($_POST['username']); $pswd = sanitizeData($_POST['password']); $columnLengthSql = "\n\t\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\t\tWHERE TABLE_NAME = 'te_users'\n\t\t\tAND (column_name = 'username'\n\t\t\tOR column_name = 'passwd')"; $COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql); $isError = false; $errMsg[] = validateStringLength($uid, $COLUMN_LENGTH['username']); //uid $errMsg[] = validateStringLength($pswd, $COLUMN_LENGTH['passwd']); //pswd for ($i = 0; $i < count($errMsg); $i++) { if (!($errMsg[$i] === true)) { echo "{$errMsg[$i]}"; $isError = true; } } //if contain error, halt continue executing the code if ($isError) { return; } // check is uid exist $checkUIDSql = "SELECT passwd, salt FROM te_users WHERE username = ?"; $stmt = mysqli_prepare($conn, $checkUIDSql); mysqli_stmt_bind_param($stmt, "s", $uid); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) <= 0) { echo "Sorry we don't seem to have that username."; return; } mysqli_stmt_bind_result($stmt, $getHashpswd, $getSalt); while (mysqli_stmt_fetch($stmt)) { $hashPswd = $getHashpswd; $salt = $getSalt; } // if exist, then get salt and db hashed password // create hash based on password // hash pswd using sha256 algorithm // concat salt in db by uid // hash using sha256 algorithm $pswd = hash("sha256", $salt . hash("sha256", $pswd)); // check does it match with hased password from db if (strcmp($pswd, $hashPswd) === 0) { echo "Success login<br/>"; // add session $_SESSION['logged-in'] = $uid; // go to url $url = $_SERVER['REQUEST_URI']; header("Location: {$url}"); } else { echo "Fail login<br/>"; } }
function evalLoggedUser($con, $id, $u, $p) { $sql = "SELECT lastlogin FROM users WHERE id=? AND name=? AND pass=? LIMIT 1"; if ($stmt = mysqli_prepare($con, $sql)) { mysqli_stmt_bind_param($stmt, "iss", $id, $u, $p); mysqli_stmt_execute($stmt); // $query = mysqli_query($conx, $sql); $numrows = mysqli_stmt_num_rows($stmt); if ($numrows > 0) { return true; } } }
function verificaMesGrafico($string) { include "conf-conexao.php"; include "script-time.php"; // selecione o total de meses quando ano for igua a anoCorrente $consultaSqlVerificaMes = "SELECT MES FROM tab_dados_grafico WHERE MES LIKE '%{$string}%' AND ANO = {$anoCorrente}"; $stmt = mysqli_prepare($conexao, $consultaSqlVerificaMes); if ($stmt) { mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); echo mysqli_stmt_num_rows($stmt); } }
function obtenerCantidadPorDNI($dni) { $conect = conectar(); $sql = "SELECT COUNT(prod.id) as cantidad\n FROM persona as per\n INNER JOIN producto as prod ON (prod.persona_id = per.id)\n WHERE per.dni = ?\n GROUP BY per.dni"; $stmt = $conect->prepare($sql); $stmt->bind_param('i', $dni); $stmt->execute(); $stmt->bind_result($cantidad); $stmt->store_result(); if (mysqli_stmt_num_rows($stmt) > 0) { $row = mysqli_stmt_fetch($stmt); $result = array('estado' => true, 'cantidad' => $cantidad); } else { $result = array('estado' => false); } return $result; }
function getAllActivitiesByUser($params) { $connection = dbConnect(); $options = ['columns' => 'a.id, ud.nome as demandante, s.sigla, sa.status, a.titulo, a.data, a.tempo_gasto, a.id_status', 'join' => [['type' => 'INNER JOIN', 'table' => 'setores s', 'columns' => 's.id = a.id_setor'], ['type' => 'INNER JOIN', 'table' => 'status_atividade sa', 'columns' => 'sa.id = a.id_status'], ['type' => 'INNER JOIN', 'table' => 'usuarios ud', 'columns' => 'ud.id = a.id_demandante']], 'where' => ['a.id_responsavel' => $_SESSION['id']], 'order_by' => 'a.data DESC', 'limit' => $params['limit'] . ', ' . $params['offset']]; $sql = buildSelect('atividades a', $options); $stmt = mysqli_prepare($connection, $sql); mysqli_stmt_bind_param($stmt, 'i', $_SESSION['id']); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); mysqli_stmt_bind_result($stmt, $id, $demandante, $sigla, $status, $titulo, $data, $tempo_gasto, $id_status); $result = []; while (mysqli_stmt_fetch($stmt)) { array_push($result, ["id" => $id, "demandante" => $demandante, "sigla" => $sigla, "status" => $status, "titulo" => $titulo, "data" => $data, "tempo_gasto" => $tempo_gasto, "id_status" => $id_status]); } $numRows = mysqli_stmt_num_rows($stmt); mysqli_stmt_close($stmt); dbClose($connection); return ['result' => $result, 'numRows' => $numRows]; }
function func_test_mysqli_stmt_num_rows($stmt, $query, $expected, $offset) { if (!mysqli_stmt_prepare($stmt, $query)) { printf("[%03d] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); return false; } if (!mysqli_stmt_execute($stmt)) { printf("[%03d] [%d] %s\n", $offset + 1, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); return false; } if (!mysqli_stmt_store_result($stmt)) { printf("[%03d] [%d] %s\n", $offset + 2, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); return false; } if ($expected !== ($tmp = mysqli_stmt_num_rows($stmt))) { printf("[%03d] Expecting %s/%d, got %s/%d\n", $offset + 3, gettype($expected), $expected, gettype($tmp), $tmp); } mysqli_stmt_free_result($stmt); return true; }
function getDocID($url) { $con = $GLOBALS["con"]; $sql = "SELECT docID FROM documents WHERE URL=?"; $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con)); mysqli_stmt_bind_param($stmt, 's', $url) or die(mysqli_stmt_error($stmt)); mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt)); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) < 1) { mysqli_stmt_close($stmt); $sql = "INSERT INTO documents (URL) VALUES (?)"; $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con)); mysqli_stmt_bind_param($stmt, 's', $url) or die(mysqli_stmt_error($stmt)); mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt)); mysqli_stmt_bind_result($stmt, $docID); mysqli_stmt_fetch($stmt); return getDocID($url); } else { mysqli_stmt_bind_result($stmt, $docID); mysqli_stmt_fetch($stmt); return $docID; } }
function get_key($dbh, $config, $key) { $data = array(); $result = 0; $stmt = mysqli_prepare($dbh, "SELECT name,try_interval,last_try FROM " . $config['table_prefix'] . "keys WHERE `key` = ? LIMIT 0,1"); mysqli_stmt_bind_param($stmt, "s", $key); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $result = mysqli_stmt_num_rows($stmt); mysqli_stmt_bind_result($stmt, $name, $try_interval, $last_try); while (mysqli_stmt_fetch($stmt)) { $data['name'] = $name; $data['try_interval'] = $try_interval; $data['last_try'] = $last_try; } mysqli_stmt_close($stmt); unset($stmt); if ($result) { return $data; } else { return 0; } }
//var_dump($_POST); $lifetime = 86400; session_set_cookie_params($lifetime, $httponly = true); if ($link->connect_error) { die("Connection failed: " . $link->connect_error); } //&& $username != $_SESSION['username'] if (!isset($_SESSION['username'])) { //echo "2"; $username = $_POST['username']; $password = md5($_POST['password']); $query = mysqli_prepare($link, "SELECT username, password FROM member WHERE username = ? "); mysqli_stmt_bind_param($query, 's', $username); mysqli_stmt_execute($query); mysqli_stmt_store_result($query); $rows = mysqli_stmt_num_rows($query); mysqli_stmt_bind_result($query, $user, $pass); mysqli_stmt_fetch($query); if ($rows == 1) { if ($password == $pass) { $_SESSION['username'] = $username; } else { //password is just wrong or something went wrong with the hashing echo "wrong hash or pass"; header("location:index.php?invalidcredA"); exit; } } else { //wrong username or multiple entries header("location:index.php?invalidcredB"); exit;
function logSubject($title) { $con = $GLOBALS["con"]; $sql = "SELECT subjectID FROM subjects WHERE Name=?"; //$title $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con)); mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt)); mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt)); mysqli_stmt_store_result($stmt); $rows = mysqli_stmt_num_rows($stmt); mysqli_stmt_close($stmt); if ($rows < 1) { $sql = "INSERT INTO subjects (Name) VALUES (?)"; //$title $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con)); mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt)); mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt)); mysqli_stmt_close($stmt); } }
$pass = "******"; $db = "test"; $connection = mysqli_connect($host, $user, $pass, $db) or die("ei saa ühendust mootoriga"); mysqli_query($connection, "SET CHARACTER SET UTF8") or die("Ei saanud baasi utf-8-sse - " . mysqli_error($connection)); // php and mysql datetime compatibility http://stackoverflow.com/questions/2215354/php-date-format-when-inserting-into-datetime-in-mysql $visitTime = date("Y-m-d H:i:s"); $visitorAddress = $_SERVER['REMOTE_ADDR']; // Insert visitors IP ind current time to DB $insertVisitQuery = "INSERT INTO rturi_stats (ip, time) VALUES ('" . $visitorAddress . "', '" . $visitTime . "');"; mysqli_query($connection, $insertVisitQuery) or die("Ei saanud kirjet lisatud - " . mysqli_error($connection)); // query how many visits there have been from users IP $selectNumberOfVisitsQuery = "SELECT * FROM rturi_stats WHERE ip = '" . $visitorAddress . "';"; //row count code copied from http://php.net/manual/en/mysqli-stmt.num-rows.php if ($stmt = mysqli_prepare($connection, $selectNumberOfVisitsQuery)) { /* execute query */ mysqli_stmt_execute($stmt); /* store result */ mysqli_stmt_store_result($stmt); $numberOfVisits = mysqli_stmt_num_rows($stmt); /* close statement */ mysqli_stmt_close($stmt); } // get the earliest visit datetime from DB // some help from mysqli tutorial http://codular.com/php-mysqli $selectEarliestVisitQuery = "SELECT MIN(time) FROM rturi_stats WHERE ip ='88.196.181.145';"; $earliestVisitQueryResult = mysqli_query($connection, $selectEarliestVisitQuery) or die("Kõige varasema külstuse aja päring ebaõnnestus - " . mysqli_error($connection)); $resultRow = $earliestVisitQueryResult->fetch_assoc(); $earliestVisit = $resultRow['MIN(time)']; echo "Sinu IP aadress on " . $_SERVER['REMOTE_ADDR'] . "<br><br>"; echo "See on sinu " . $numberOfVisits . ". külastus sellel lehel. Esimene külastus oli " . $earliestVisit; mysqli_close($connection);
if (($tmp = count($fields_res_meta)) !== $num_fields) { printf("[015] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp); } if ($fields_res_meta != $fields) { printf("[016] Prepared Statement metadata differs from normal metadata, dumping\n"); var_dump($fields_res_meta); var_dump($fields); } if (function_exists('mysqli_stmt_get_result') && $stmt->prepare('EXPLAIN SELECT t1.*, t2.* FROM test AS t1, test AS t2') && $stmt->execute()) { if (!($res_stmt = mysqli_stmt_get_result($stmt))) { printf("[017] Cannot fetch result from PS [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); } if (($tmp = mysqli_num_rows($res_stmt)) !== $num_rows) { printf("[018] Expecting int/%d got %s/%s\n", $num_rows, gettype($tmp), $tmp); } if (mysqli_stmt_num_rows($stmt) !== 0) { printf("[019] Expecting int/0 got %s/%s\n", gettype($tmp), $tmp); } if (($tmp = mysqli_stmt_field_count($stmt)) !== $num_fields) { printf("[020] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp); } if (($tmp = $res_stmt->field_count) !== $num_fields) { printf("[021] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp); } $fields_stmt = mysqli_fetch_fields($res_stmt); if (($tmp = count($fields_stmt)) !== $num_fields) { printf("[022] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp); } reset($fields); foreach ($fields_stmt as $fields_stmt_val) { list(, $fields_val) = each($fields);
} ?> <br><br><h1 class='blue'>Competitive Analysis</h1><br> <?php /* run prepared queries to see if any data is already present in intellectual_property table */ /* create a prepared statement */ if ($stmt = mysqli_prepare($link, "SELECT * FROM competitive_analysis WHERE id=?")) { /* bind variables to marker */ mysqli_stmt_bind_param($stmt, 's', $_SESSION['id']); /* execute query */ mysqli_stmt_execute($stmt); /* store result */ mysqli_stmt_store_result($stmt); printf("%d results<br>", mysqli_stmt_num_rows($stmt)); /* bind result variables */ mysqli_stmt_bind_result($stmt, $id, $entry, $behavior, $advantage); /* print table headers */ echo "<table><thead><tr><th></th><th>Current Behavior</th><th>Our Competitive Advantage</tr></thead>"; while (mysqli_stmt_fetch($stmt)) { /* print output */ ?> <form action="marketUpdate.php" method="POST"> <input type="hidden" name="table" value="competitiveAnalysis"> <input type="hidden" name="id" value="<?php echo $id; ?> "> <input type="hidden" name="entry" value="<?php echo $entry;
mysqli_stmt_close($stmt); } $sqlsongs = "SELECT title,artist,weight FROM songs WHERE pkg=1"; $sql = "SELECT pid FROM buypackages WHERE uid=?"; $pkglist = ""; if ($stmt = mysqli_prepare($con, $sql)) { mysqli_stmt_bind_param($stmt, "s", $uid); mysqli_stmt_execute($stmt); if (mysqli_stmt_error($stmt)) { echo 'SQL Error: ' . mysqli_stmt_error($stmt); } mysqli_stmt_bind_result($stmt, $pid); while (mysqli_stmt_fetch($stmt)) { $sqlsongs = $sqlsongs . " OR pkg=" . $pid; } $n = mysqli_stmt_num_rows($stmt); mysqli_stmt_close($stmt); } if ($sb == "sbn") { $sqlsongs = $sqlsongs . " ORDER BY title"; } else { if ($sb == "sbp") { $sqlsongs = $sqlsongs . " ORDER BY weight"; } } //echo "<select id=\"songpick\">"; //echo $sqlsongs; echo "<form>"; if ($stmt = mysqli_prepare($con, $sqlsongs)) { mysqli_stmt_execute($stmt); if (mysqli_stmt_error($stmt)) {
function isWaiting($conn, $UserId, $BlockId) { $stmt = mysqli_prepare($conn, "select * from WaitingList where WUserid = ? and Blockid = ?"); mysqli_stmt_bind_param($stmt, "ii", $UserId, $BlockId); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $num = mysqli_stmt_num_rows($stmt); mysqli_stmt_free_result($stmt); mysqli_stmt_close($stmt); if ($num > 0) { return true; } return false; }
include "header.php"; ?> <?php $conn = new mysqli("localhost", "my_user", "my*password", "mgabriel"); if (mysqli_connect_errno()) { echo 'Cannot connect to database: ' . mysqli_connect_error($conn); } else { $query = mysqli_prepare($conn, "SELECT profileinfo.firstname, profileinfo.lastname, profileinfo.email, profileinfo.day, profileinfo.time FROM profileinfo inner join services_provided ON services_provided.id=profileinfo.id WHERE services_provided.service_id = ?;") or die("Error: " . mysqli_error($conn)); // bind parameters "s" - string mysqli_stmt_bind_param($query, "i", $_POST['service_description']); //run the query mysqli_stmt_execute returns true if the //query was successful mysqli_stmt_execute($query) or die("Error. Could not insert into the table." . mysqli_error($conn)); mysqli_stmt_store_result($query); if (mysqli_stmt_num_rows($query) == 0) { echo "No entries found"; } else { // bind variables to prepared statement mysqli_stmt_bind_result($query, $firstname, $lastname, $email, $day, $time); // fetch values $dataArr = []; while (mysqli_stmt_fetch($query)) { $dataArr[] = $firstname . ' ' . $lastname . ' ' . $email . ' ' . $day . ' ' . $time; } foreach ($dataArr as $profileinfo) { echo $profileinfo . '<br/>'; } } mysqli_stmt_close($query); //for prepared stmts only
// print '<li>Possible :'.' '. $tetradinfo['Possible'].'</li>'; // print '<li>Probable :'.' '. $tetradinfo['Probable'].'</li>'; // print '<li>Confirmed :'. ' '.$tetradinfo['Confirmed'].'</li></ul>'; if ($table === "bredstat_1989") { $query = "SELECT Tetrad FROM {$table} WHERE {$tetradid} > 1"; } else { $query = "SELECT Tetrad FROM {$table} WHERE {$tetradid} >= 1"; } // $query = "SELECT Tetrad FROM $table WHERE $tetradid >= 1"; if ($stmt = mysqli_prepare($link, $query)) { /* execute query */ mysqli_stmt_execute($stmt); /* store result */ mysqli_stmt_store_result($stmt); print "<div class='myCount'>"; printf("Total Number of Species: %d\n", mysqli_stmt_num_rows($stmt)); printf("<span class='caret'></span>"); print "</div>"; /* close statement */ mysqli_stmt_close($stmt); } if ($table === "bredstat_1989") { $stmt = "SELECT Tetrad FROM {$table} WHERE {$tetradid} > 1 ORDER BY Tetrad ASC"; } else { $stmt = "SELECT Tetrad FROM {$table} WHERE {$tetradid} >= 1 ORDER BY Tetrad ASC"; } // $stmt = "SELECT Tetrad FROM $table WHERE $tetradid >= 1 ORDER BY Tetrad ASC"; if ($res = mysqli_query($link, $stmt)) { echo '<ol class="rich_species_List group" style="display: none;">'; /* fetch associative array */ while ($row = mysqli_fetch_assoc($res)) {
function generate_common($graphType, $beginningQuery, $endQuery, $label1Column, $label2Column, $valueColumn) { global $rType, $sDate, $eDate, $days, $sTime, $eTime; $link = retrieve_mysqli(); $query = $beginningQuery . " WHERE "; $query .= generate_conditional() . $endQuery; if ($stmt = mysqli_prepare($link, $query)) { mysqli_stmt_bind_param($stmt, "ssss", $sDate, $eDate, $sTime, $eTime); mysqli_stmt_execute($stmt); $stmt->store_result(); $resultrow = array(); stmt_bind_assoc($stmt, $resultrow); $numRows = mysqli_stmt_num_rows($stmt); if ($numRows != 0) { $isEmployee = FALSE; if (isset($label2Column)) { $isEmployee = TRUE; } $labels = array(); $values = array(); while (mysqli_stmt_fetch($stmt)) { $label1 = NULL; $label2 = NULL; // label2 is lastname if isEmployee, otherwise NULL $value = NULL; foreach ($resultrow as $key => $data) { if ($label1Column == $key) { $label1 = $data; } else { if ($valueColumn == $key) { $value = $data; } else { if ($isEmployee) { if ($label2Column == $key) { $label2 = $data; } } else { if (isset($label1) && isset($value)) { break; } } } } if (isset($label1) && isset($value) && isset($label2)) { break; } } $label = $label1; if ($isEmployee) { $label .= ' ' . $label2; } array_push($labels, $label); array_push($values, $value); } mysqli_stmt_close($stmt); echo json_encode(array('graphType' => $graphType, 'labels' => $labels, 'values' => $values)); exit; } echo '0 results returned.'; exit; } }
if (empty($_POST['email']) || empty($_POST['password'])) { exit_message('Please make sure you enter both an email address and password'); } if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { exit_message('Please enter a valid email address'); } // user has entered a valid email and a password $email = $_POST['email']; $password = $_POST['password']; require 'db.php'; $user = mysqli_prepare($db, 'SELECT `id`, `admin`, `banned` FROM `users` WHERE `email` = ? AND `password` = SHA2(CONCAT(`salt`, ?), 256)'); mysqli_stmt_bind_param($user, 'ss', $email, $password); mysqli_stmt_execute($user); ++$db_queries; mysqli_stmt_store_result($user); if (mysqli_stmt_num_rows($user) === 0) { exit_message('Sorry, no account exists with this email and password'); } mysqli_stmt_bind_result($user, $id, $admin, $banned); mysqli_stmt_fetch($user); mysqli_stmt_close($user); mysqli_close($db); if ($banned === '1') { // user is banned ($banned will return 1); exit_message('This account has been banned'); } $_SESSION['user'] = $id; if ($admin === '1') { // ONLY set this variable if user is an admin ($admin will return 1) $_SESSION['admin'] = true; }
//echo "strDo= " . $strDo; //Get Form Post Data $strEmailForgotForm = funct_GetandCleanVariables($_POST["forgot_email"]); if ($DB_MYSQLI->connect_errno) { echo "Failed to connect to MySQL: (" . $DB_MYSQLI->connect_errno . ") " . $DB_MYSQLI->connect_error; } if ($stmt = $DB_MYSQLI->prepare("SELECT id FROM " . TBL_USERS . " WHERE email = ? ")) { $stmt->bind_param("s", $strEmailForgotForm); //Bind parameters s - string, b - blob, i - int, etc $stmt->execute(); //Execute it $stmt->bind_result($intUserID); //bind results //$stmt -> fetch(); //fetch the value mysqli_stmt_store_result($stmt); $intTotalRowsFound = mysqli_stmt_num_rows($stmt); //echo "totalrows: $intTotalRowsFound <br>"; if ($intTotalRowsFound < 1) { $errorMSG = "Sorry, the email: " . $strEmailForgotForm . " is not in our records"; //No Such Email in Database } else { //Email found so ... while ($stmt->fetch()) { //echo " $intUserID, $strFirstName, $strLastName, $strEmail <br>"; //generate temp password $strPasswordTemp = createRandomKey_Num(12); //hash it $strPassword_hash = password_hash($strPasswordTemp, PASSWORD_DEFAULT); //PASSWORD_BCRYPT //update database //$query = "UPDATE ".TBL_USERS." SET password='******' WHERE id = $intUserID " ;
} assert(mysqli_stmt_affected_rows($stmt) === $stmt->affected_rows); printf("stmt->affected_rows = '%s'\n", $stmt->affected_rows); assert(mysqli_stmt_errno($stmt) === $stmt->errno); printf("stmt->errno = '%s'\n", $stmt->errno); assert(mysqli_stmt_error($stmt) === $stmt->error); printf("stmt->error = '%s'\n", $stmt->error); assert(mysqli_stmt_error_list($stmt) === $stmt->error_list); var_dump("stmt->error = ", $stmt->error_list); assert(mysqli_stmt_field_count($stmt) === $stmt->field_count); printf("stmt->field_count = '%s'\n", $stmt->field_count); assert($stmt->id > 0); printf("stmt->id = '%s'\n", $stmt->id); assert(mysqli_stmt_insert_id($stmt) === $stmt->insert_id); printf("stmt->insert_id = '%s'\n", $stmt->insert_id); assert(mysqli_stmt_num_rows($stmt) === $stmt->num_rows); printf("stmt->num_rows = '%s'\n", $stmt->num_rows); assert(mysqli_stmt_param_count($stmt) === $stmt->param_count); printf("stmt->param_count = '%s'\n", $stmt->param_count); assert(mysqli_stmt_sqlstate($stmt) === $stmt->sqlstate); printf("stmt->sqlstate = '%s'\n", $stmt->sqlstate); printf("\nAccess to undefined properties:\n"); printf("stmt->unknown = '%s'\n", @$stmt->unknown); @($stmt->unknown = 13); printf("stmt->unknown = '%s'\n", @$stmt->unknown); printf("\nPrepare using the constructor:\n"); $stmt = new mysqli_stmt($link, 'SELECT id FROM test_mysqli_class_mysqli_stmt_interface_table_1 ORDER BY id'); if (!$stmt->execute()) { printf("[002] [%d] %s\n", $stmt->errno, $stmt->error); } $stmt->close();
} if (!is_null($tmp = mysqli_stmt_data_seek($stmt, 2))) { printf("[009] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp); } if (!mysqli_stmt_fetch($stmt)) { printf("[010] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); } var_dump($id); if (!is_null($tmp = mysqli_stmt_data_seek($stmt, 0))) { printf("[011] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp); } if (!mysqli_stmt_fetch($stmt)) { printf("[012] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); } var_dump($id); if (!is_null($tmp = mysqli_stmt_data_seek($stmt, mysqli_stmt_num_rows($stmt) + 100))) { printf("[013] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp); } if (mysqli_stmt_fetch($stmt)) { printf("[014] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); } var_dump($id); if (false !== ($tmp = mysqli_stmt_data_seek($stmt, -1))) { printf("[015] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp); } if (mysqli_stmt_fetch($stmt)) { printf("[016] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt)); } var_dump($id); mysqli_stmt_close($stmt); if (NULL !== ($tmp = mysqli_stmt_data_seek($stmt, 0))) {
function logSubject($title, $factsExist) { $con = $GLOBALS["con"]; $sql = "SELECT subjectID FROM subjects WHERE Name=?"; //$title $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con)); mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt)); mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt)); mysqli_stmt_store_result($stmt); $rows = mysqli_stmt_num_rows($stmt); mysqli_stmt_close($stmt); if ($rows < 1) { echo "logged " . $title; $valid = 1; if ($factsExist == false) { $valid = 0; } $sql = "INSERT INTO subjects (Name, Valid) VALUES (?, {$valid})"; //$title $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con)); mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt)); mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt)); mysqli_stmt_close($stmt); if ($title != $GLOBALS["originalSubject"]) { echo "logged " . $GLOBALS["originalSubject"]; $sql = "INSERT INTO subjects (Name, Valid) VALUES (?, 0)"; //$title $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con)); mysqli_stmt_bind_param($stmt, 's', $GLOBALS["originalSubject"]) or die(mysqli_stmt_error($stmt)); mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt)); mysqli_stmt_close($stmt); } } }
// Require the database connection: require MYSQL; // Set the page title and include the header: include './includes/plain_header.html'; // Fetch the order information: $q = 'SELECT FORMAT(total/100, 2) AS total, FORMAT(shipping/100,2) AS shipping, credit_card_number, DATE_FORMAT(order_date, "%a %b %e, %Y at %h:%i%p") AS od, email, CONCAT(last_name, ", ", first_name) AS name, CONCAT_WS(" ", address1, address2, city, state, zip) AS address, phone, CONCAT_WS(" - ", ncc.category, ncp.name) AS item, quantity, FORMAT(price_per/100,2) AS price_per FROM orders AS o INNER JOIN customers AS c ON (o.customer_id = c.id) INNER JOIN order_contents AS oc ON (oc.order_id = o.id) INNER JOIN non_coffee_products AS ncp ON (oc.product_id = ncp.id AND oc.product_type="goodies") INNER JOIN non_coffee_categories AS ncc ON (ncc.id = ncp.non_coffee_category_id) WHERE o.id=? AND SHA1(email)=? UNION SELECT FORMAT(total/100, 2), FORMAT(shipping/100,2), credit_card_number, DATE_FORMAT(order_date, "%a %b %e, %Y at %l:%i%p"), email, CONCAT(last_name, ", ", first_name), CONCAT_WS(" ", address1, address2, city, state, zip), phone, CONCAT_WS(" - ", gc.category, s.size, sc.caf_decaf, sc.ground_whole) AS item, quantity, FORMAT(price_per/100,2) FROM orders AS o INNER JOIN customers AS c ON (o.customer_id = c.id) INNER JOIN order_contents AS oc ON (oc.order_id = o.id) INNER JOIN specific_coffees AS sc ON (oc.product_id = sc.id AND oc.product_type="coffee") INNER JOIN sizes AS s ON (s.id=sc.size_id) INNER JOIN general_coffees AS gc ON (gc.id=sc.general_coffee_id) WHERE o.id=? AND SHA1(email)=?'; // Prepare the statement: $stmt = mysqli_prepare($dbc, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'isis', $order_id, $email_hash, $order_id, $email_hash); // Execute the query: mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) > 0) { // Display the order info: echo '<h3>Your Order</h3>'; // Bind the result: mysqli_stmt_bind_result($stmt, $total, $shipping, $cc_num, $order_date, $email, $name, $address, $phone, $item, $quantity, $price); // Get the first row: mysqli_stmt_fetch($stmt); // Display the order and customer information: echo '<p><strong>Order ID</strong>: ' . $order_id . '</p><p><strong>Order Date</strong>: ' . $order_date . '</p><p><strong>Customer Name</strong>: ' . htmlspecialchars($name) . '</p><p><strong>Shipping Address</strong>: ' . htmlspecialchars($address) . '</p><p><strong>Customer Email</strong>: ' . htmlspecialchars($email) . '</p><p><strong>Customer Phone</strong>: ' . htmlspecialchars($phone) . '</p><p><strong>Credit Card Number Used</strong>: *' . $cc_num . '</p>'; // Create the table: echo '<table border="0" cellspacing="3" cellpadding="3"> <thead> <tr> <th align="center">Item</th> <th align="center">Quantity</th> <th align="right">Price</th>
function display_data($link, $sql) { $param = "%{$_POST['text']}%"; if ($_POST['region'] == "sport") { echo "<thead>\r\n <tr>\r\n \r\n\t\t\t\t\t\t <th>League</th>\r\n\t\t\t\t\t\t <th>Sports</th>\r\n\t\t\t\t\t </tr>\r\n\t\t\t\t </thead>"; if ($stmt = mysqli_prepare($link, $sql)) { //prepare successful mysqli_stmt_bind_param($stmt, "s", $param) or die("bind param"); mysqli_stmt_execute($stmt); //show number of rows mysqli_stmt_store_result($stmt); $row_count = mysqli_stmt_num_rows($stmt); printf("Number of rows: %d <br>", $row_count); mysqli_stmt_bind_result($stmt, $leagueName, $sport); while (mysqli_stmt_fetch($stmt)) { echo "<form action='delete.php' method='POST'>\r\n\t\t\t\t\t <input type='hidden' name='table' value='sport'>"; echo "<tr>"; //echo "<td><input class='btn btn-danger' type='submit' name='delete' value='Delete'></td>"; echo '<td><input type="hidden" name="League" value="' . $leagueName . '">' . $leagueName . '</td>'; echo '<td><input type="hidden" name="Sports" value="' . $sport . '">' . $sport . '</td>'; echo "</tr>"; echo "</form>"; } mysqli_stmt_close($stmt); } } if ($_POST['region'] == "team") { echo "<thead>\r\n <tr>\r\n <th></th>\r\n\t\t\t\t\t\t <th>TeamName</th>\r\n\t\t\t\t\t\t <th>League</th>\r\n\t\t\t\t\t </tr>\r\n\t\t\t\t </thead>"; if ($stmt = mysqli_prepare($link, $sql)) { //prepare successful mysqli_stmt_bind_param($stmt, "s", $param) or die("bind param"); mysqli_stmt_execute($stmt); //show number of rows mysqli_stmt_store_result($stmt); $row_count = mysqli_stmt_num_rows($stmt); printf("Number of rows: %d <br>", $row_count); mysqli_stmt_bind_result($stmt, $teamName, $league); while (mysqli_stmt_fetch($stmt)) { echo "<form action='delete.php' method='POST'>\r\n\t\t\t\t\t <input type='hidden' name='table' value='team'>"; echo "<tr>"; echo "<td><input class='btn btn-danger' type='submit' name='delete' value='Delete'></td>"; echo '<td><input type="hidden" name="TeamName" value="' . $teamName . '">' . $teamName . '</td>'; echo '<td><input type="hidden" name="League" value="' . $league . '">' . $league . '</td>'; echo "</tr>"; echo "</form>"; } mysqli_stmt_close($stmt); } } if ($_POST['region'] == "game") { echo "<thead>\r\n <tr>\r\n <th></th>\r\n\t\t\t\t\t\t <th>GameID</th>\r\n\t\t\t\t\t\t <th>Home</th>\r\n\t\t\t\t\t\t <th>Guest</th>\r\n\t\t\t\t\t\t <th>GameTime</th>\r\n\t\t\t\t\t </tr>\r\n\t\t\t\t </thead>"; if ($stmt = mysqli_prepare($link, $sql)) { //prepare successful mysqli_stmt_bind_param($stmt, "ss", $param, $param) or die("bind param"); mysqli_stmt_execute($stmt); //show number of rows mysqli_stmt_store_result($stmt); $row_count = mysqli_stmt_num_rows($stmt); printf("Number of rows: %d <br>", $row_count); mysqli_stmt_bind_result($stmt, $gameID, $home, $guest, $gameTime); while (mysqli_stmt_fetch($stmt)) { echo "<form action='delete.php' method='POST'>\r\n\t\t\t\t\t <input type='hidden' name='table' value='game'>"; echo "<tr>"; echo "<td><input class='btn btn-danger' type='submit' name='delete' value='Delete'></td>"; echo '<td><input type="hidden" name="GameID" value="' . $gameID . '">' . $gameID . '</td>'; echo '<td><input type="hidden" name="Home" value="' . $home . '">' . $home . '</td>'; echo '<td><input type="hidden" name="Guest" value="' . $guest . '">' . $guest . '</td>'; echo '<td><input type="hidden" name="GameTime" value="' . $gameTime . '">' . $gameTime . '</td>'; echo "</tr>"; echo "</form>"; } mysqli_stmt_close($stmt); } } }
public function count() { return \mysqli_stmt_num_rows($this->res); }
function content() { include "components/db_connect.php"; $username = $_SESSION['username']; $query = "SELECT * FROM details WHERE email ='{$username}'"; $result = mysqli_query($con, $query); $value = mysqli_fetch_array($result); $_SESSION['name'] = $value['name']; $logout_status = $value['Logout_status']; $query = "SELECT * FROM time_and_questions WHERE serial_num='1'"; $result = mysqli_query($con, $query); $value = mysqli_fetch_array($result); setcookie("timer", $value['timer'], time() + 3600 * 24); $_SESSION['no_of_ques'] = $value['no_of_questions']; $query = "SELECT * FROM questions"; $result = mysqli_prepare($con, $query); mysqli_stmt_execute($result); mysqli_stmt_store_result($result); $value = mysqli_stmt_num_rows($result); $_SESSION['arr'] = range(1, $value); shuffle($_SESSION['arr']); $_SESSION['completed'] = 0; $_SESSION['id'] = 0; $_SESSION['ansarray'] = array(); $_SESSION['actualans'] = array(); $_SESSION['ques_id'] = array(); include "components/db_disconnect.php"; if ($logout_status) { echo "<script>self.location='resume.php?logout_stat=1&us={$username}'</script>"; } else { echo '<script>self.location="resume.php?logout_stat=0"</script>'; } }