Example #1
0
 /**
  * sets pvausearchterms for user ID
  *
  *@throws MySQLConnectionException if a problem with MySQL happened
  */
 function SetSearchterms($uid, $searchterms)
 {
     $searchterms = str_replace('"', '\'', $searchterms);
     if (isset($uid)) {
         if ($this->existsEntry("ID", $uid)) {
             parent::alterEntry($uid, 'searchterms', sql_prev_inj($searchterms));
         } else {
             $this->addEntry("ID", $uid, "searchterms", sql_prev_inj($searchterms));
             return false;
         }
     }
 }
Example #2
0
 /**
  * Gives the book ID from a given isbn (!) barcode
  */
 function getBookIDByISBN($isbn)
 {
     require_once PATH_ACCESS . '/DBConnect.php';
     $query = sql_prev_inj(sprintf('isbn = "%s"', $isbn));
     $result = parent::searchEntry($query);
     if (!$result) {
         /**
          * @todo Proper Errorhandling here, not this: (wouldnt even execute)
          * throw DB_QUERY_ERROR.$this->db->error;
          */
     }
     return $result;
 }
Example #3
0
 /**
  * Returns all Orders of soli_orders sorted by date
  */
 function getSortedOrders()
 {
     $orders = array();
     $query = sql_prev_inj(sprintf('SELECT * FROM %s ORDER BY %s', $this->tablename, 'date'));
     $result = $this->db->query($query);
     if (!$result) {
         throw new MySQLConnectionException($this->db->error);
     }
     while ($order = $result->fetch_assoc()) {
         $orders[] = $order;
     }
     if (!$orders || !count($orders)) {
         throw new MySQLVoidDataException('No Orders found in getSortedOrers');
     }
     return $orders;
 }
Example #4
0
 /** Sorts the lending list for a UserID it gets from MySQL-table and returns them
  * Used by mod_retour !!
  */
 function getLoanlistByUID($uid)
 {
     require_once PATH_ACCESS . '/DBConnect.php';
     $res_array = array();
     $query = sql_prev_inj(sprintf('SELECT * FROM %s WHERE user_id = "%s"', $this->tablename, $uid));
     $result = $this->db->query($query);
     if (!$result) {
         /**
          * @todo Proper Errorhandling here, not this: (wouldnt even execute)
          * throw DB_QUERY_ERROR.$this->db->error;
          */
     }
     while ($buffer = $result->fetch_assoc()) {
         $res_array[] = $buffer;
     }
     return $res_array;
 }
Example #5
0
 /**
  * Deletes all Orders which dates are smaller than the given timestamp
  * (yesterday or earlier, not involving hours, minutes, seconds)
  * @param string $timestamp
  * @throws MySQLConnectionException
  */
 function deleteOrdersBeforeDate($timestamp)
 {
     $query = sql_prev_inj(sprintf('DELETE FROM %s WHERE date < "%s"', $this->tablename, date('Y-m-d', $timestamp)));
     $result = $this->db->query($query);
     if (!$result) {
         throw new MySQLConnectionException($this->db->error);
     }
 }
Example #6
0
/**
 * Enter description here...
 */
function navBar($showPage, $table, $headmod, $mod, $action, $filter)
{
    require_once 'sql_access/DBConnect.php';
    $dbObject = new DBConnect();
    $dbObject->initDatabaseFromXML();
    $db = $dbObject->getDatabase();
    $db->query('set names "utf8";');
    $query = sql_prev_inj(sprintf('SELECT COUNT(*) AS total FROM %s', $table));
    $result = $db->query($query);
    if (!$result) {
        throw new Exception('Fehler: Nichts gefunden!');
    }
    $row = $result->fetch_array(MYSQLI_ASSOC);
    $maxPages = ceil($row['total'] / 10);
    $string = "";
    if ($showPage > 1) {
        $string .= '<a href="?sitePointer=1&section=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '"><<</a>&nbsp;&nbsp;';
        $string .= '<a href="?sitePointer=' . ($showPage - 1) . '&section=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '"><</a>&nbsp;&nbsp;';
    }
    for ($x = $showPage - 5; $x <= $showPage + 5; $x++) {
        if ($x > 0 && $x < $showPage || $x > $showPage && $x <= $maxPages) {
            $string .= '<a href="?sitePointer=' . $x . '&section=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '">' . $x . '</a>&nbsp;&nbsp;';
        }
        if ($x == $showPage) {
            $string .= $x . '&nbsp;&nbsp;';
        }
    }
    if ($showPage < $maxPages) {
        $string .= '<a href="?sitePointer=' . ($showPage + 1) . '&section=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '">></a>&nbsp;&nbsp;';
        $string .= '<a href="?sitePointer=' . $maxPages . '&section=' . $headmod . '|' . $mod . '&filter=' . $filter . '&action=' . $action . '">>></a>&nbsp;&nbsp;';
    }
    return $string;
}
Example #7
0
 /**
  * Returns every Element that has the same value as one of the values in the valuearray of the column-key $key
  * @param string $keyName The Key of the Column in the MySQL-table
  * @param array($value) $valueArray
  */
 public function getMultipleEntriesByArray($keyName, $valueArray)
 {
     $valueStr = '';
     if (!count($valueArray)) {
         throw new BadMethodCallException('valueArray is void!');
     }
     foreach ($valueArray as $value) {
         $valueStr .= sprintf('"%s", ', $value);
     }
     $valueStr = rtrim($valueStr, ', ');
     $query = sql_prev_inj(sprintf('SELECT * FROM %s WHERE %s IN (%s);', $this->tablename, $keyName, $valueStr));
     $result = $this->executeQuery($query);
     return $this->getResultArrayContent($result);
 }
Example #8
0
 /**
  * 
  */
 public function getPriceclass($mid)
 {
     $query = sql_prev_inj(sprintf('SELECT price_class FROM %s WHERE ID="%s"', $this->tablename, $mid));
     $result = $this->db->query($query);
     if (!$result) {
         throw new MySQLConnectionException($this->db->error);
     }
     return $result->fetch_assoc()['price_class'];
 }
Example #9
0
 function getInvIDByBarcode($barcode)
 {
     require_once PATH_ACCESS . '/DBConnect.php';
     $bookmanager = new BookManager();
     $barcode = str_replace("-", "/", $barcode);
     // replace - with /
     $barcode = preg_replace("/\\/([0-9])/", "/ \$1", $barcode);
     //add space after / when it's missing
     $barcode = str_replace("  ", " ", $barcode);
     // remove two empty spaces
     $bookData = $bookmanager->getBookDataByBarcode($barcode);
     try {
         $barcode_exploded = explode(' ', $barcode);
     } catch (Exception $e) {
     }
     if (isset($bookData["id"]) && isset($barcode_exploded[5])) {
         $query = sql_prev_inj(sprintf('book_id = %s AND year_of_purchase = %s AND exemplar = %s', $bookData["id"], $barcode_exploded[1], $barcode_exploded[5]));
         $result = parent::searchEntry($query);
         return $result['id'];
     }
 }
Example #10
0
    public function updateLastLoginToNow($userId)
    {
        /**
         * @todo In database: set type of last_login to DATETIME
         * because SUBSTRING(CAST(NOW() AS char), 0, 11) is ugly.
         */
        $query = sql_prev_inj(sprintf('UPDATE %s
				SET last_login = SUBSTRING(CAST(NOW() AS char), 0, 11)
				WHERE ID = %s', $this->tablename, $userId));
        $this->executeQuery($query);
    }
Example #11
0
 /**
  * This function returns the ID of the Card which has the given UserID
  * Enter description here ...
  * @param numeric_string $ID The ID of the User
  * @throws MySQLVoidDataException If there is no card with this UserID
  * @throws UnexpectedValueException If MySQL found a User with multiple Cardnumbers
  * @return numeric_string the CardID
  */
 function getCardIDByUserID($ID)
 {
     require PATH_ACCESS . '/databaseDistributor.php';
     $query = sql_prev_inj(sprintf('SELECT * FROM %s WHERE UID=%s', $this->tablename, $ID));
     $result = $this->db->query($query);
     $card = $result->fetch_assoc();
     if (!$card) {
         throw new MySQLVoidDataException('MySQL returned no data!');
     }
     if ($result->fetch_assoc() && $result != NULL) {
         //MySQL found two entries with the same user. Bad!
         throw new UnexpectedValueException('The User has two or more cardnumbers! fix it first!');
     }
     return $card['ID'];
 }