function find_user_with_ip($ip) { global $dbh; $query = "SELECT ip FROM users WHERE ip=?"; return $result = prepared_query($dbh, $query, array(inet_pton($ip))); }
</div> <div class="container"> <div class="blog-header"> <?php echo "<h1 class='blog-title'>{$user}'s Profile</h1>"; ?> </div> <br> <?php //Get the user's current profile and // print a form pre-filled with the current profile $preparedquery = "SELECT * from profile where user = ?"; $resultset = prepared_query($dbh, $preparedquery, $user); while ($row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC)) { $fullname = $row['fullname']; $birthdate = $row['birthdate']; $city = $row['city']; $state = $row['state']; $country = $row['country']; $interests = $row['interests']; $aboutme = $row['profile']; } print <<<EOT \t\t\t\t<form class="form-horizontal" method="post" enctype = "multipart/form-data" action = "myprofile.php"> \t\t\t\t\t<div class="row"> \t\t\t\t\t\t<div class="col-md-3"><h4><strong>Full Name</strong></h4></div> \t \t\t\t\t\t\t<input type='text' name = 'fullname' value = {$fullname}> \t\t\t\t\t\t</div>
$resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user)); $resultset4check = $resultset4->numRows(); // only allow a post to be liked once by each user if ($resultset4check == 0) { $insert = "insert into likes(entry_id, liking_user) values(?,?)"; $rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user)); } } header("Location: toBlog.php?user={$posting_user}"); } else { if (isset($_POST['blogComment'])) { $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; // the current user should remain on the blog page of the user who created the post, which must be determined $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $loggedInUser, $_POST['blogComment'])); $preparedquery = "SELECT user FROM blog_entry where entry_id = ?"; $resultset = prepared_query($dbh, $preparedquery, $_POST['entryId']); $row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC); $posting_user = $row['user']; header("Location: toBlog.php?user={$posting_user}"); } else { $user = $_GET['user']; $result = $user == $loggedInUser; if ($result == 1) { printBlog($dbh, $user); } else { showBlog($dbh, $user, $loggedInUser); } } } } }
function add_pi1_row($userResponse) { global $dbh; $query = "INSERT INTO privacy_index1 VALUES (DEFAULT,?,?,?,?,?,?,?,?)"; return $result = prepared_query($dbh, $query, $userResponse); }
function add_vis_row($userResponse) { global $dbh; $query = "INSERT INTO visQ VALUES (DEFAULT,?,?,?,?,?,?)"; return $result = prepared_query($dbh, $query, $userResponse); }
if (isset($_POST['blogComment'])) { // insert comment into the database $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, $_POST['blogComment'])); } // if a user is liking a post if (isset($_GET['entry_id'])) { $entry_id = $_GET['entry_id']; // id of the entry that was liked $liking_user = $poster; // the user who liked the post $posting_user = $_GET['posting_user']; // the suthor of the post // do not allow a user to like their own post if (strcmp($liking_user, $posting_user)) { $preparedquery4 = "select * from likes where entry_id = ? and liking_user = ?"; $resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user)); $resultset4check = $resultset4->numRows(); // only allow a post to be liked once by each user if ($resultset4check == 0) { $insert = "insert into likes(entry_id, liking_user) values(?,?)"; $rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user)); } } header("Location: viewAllPage.php"); } printAllPosts($dbh); ?> </body> </html>
$insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, htmlspecialchars($_POST['blogComment']))); header("Location: blog-ex-comment-user.php"); } else { if (isset($_GET['entry_id'])) { $entry_id = $_GET['entry_id']; //id of the entry that was liked $posting_user = $_GET['posting_user']; // the author of the post // delete the post, as well as any comments and likes that have been made on that post // to make sure that no one can alter the GET values to delete someone else's post, // make sure that the supposed author of the post matches the logged-in user if (!strcmp($posting_user, $poster)) { $preparedquery = "delete from likes where entry_id = ?"; $resultset = prepared_query($dbh, $preparedquery, array($entry_id)); $preparedquery2 = "delete from comments where entry_id = ?"; $resultset2 = prepared_query($dbh, $preparedquery2, array($entry_id)); $preparedquery3 = "delete from blog_entry where entry_id = ?"; $resultset3 = prepared_query($dbh, $preparedquery3, array($entry_id)); } header("Location: blog-ex-comment-user.php"); } } printBlog($dbh, $poster); ?> </body> </html>
function add_efficacy_row($userResponse) { global $dbh; $query = "INSERT INTO efficacy_scale VALUES (DEFAULT,?,?,?,?,?,?,?,?,?,?,?,?)"; return $result = prepared_query($dbh, $query, $userResponse); }
function saveInfo($dbh, $user) { if (isset($_POST['birthdate'])) { $fullname = htmlspecialchars($_POST['fullname']); $birthdate = htmlspecialchars($_POST['birthdate']); $city = htmlspecialchars($_POST['city']); $state = htmlspecialchars($_POST['state']); $country = htmlspecialchars($_POST['country']); $interests = htmlspecialchars($_POST['interests']); $profile = htmlspecialchars($_POST['aboutme']); // update the database prepared_query($dbh, "UPDATE profile SET fullname=? WHERE user= ?", array($fullname, $user)); prepared_query($dbh, "UPDATE profile SET birthdate=? WHERE user= ?", array($birthdate, $user)); prepared_query($dbh, "UPDATE profile SET city=? WHERE user= ?", array($city, $user)); prepared_query($dbh, "UPDATE profile SET state=? WHERE user= ?", array($state, $user)); prepared_query($dbh, "UPDATE profile SET country=? WHERE user= ?", array($country, $user)); prepared_query($dbh, "UPDATE profile SET interests=? WHERE user= ?", array($interests, $user)); prepared_query($dbh, "UPDATE profile SET profile=? WHERE user= ?", array($profile, $user)); } }