public static function queryToArray($sql) { global $my_user, $my_pass, $my_host, $my_db, $config_enable_cache; $link = Database::getLink(); $db_selected = mysqli_select_db($link, $my_db); if (!$db_selected) { die('Can\'t use ' . $my_db . ' : ' . mysqli_error($link)); } // Perform Query $result = mysqli_query($link, $sql); $id = mysqli_insert_id($link); if ($id > 0) { // we did an insert, just return the id return $id; } //echo ("\ndatabase qtoa before proc id is $id"); if (!$result) { $message = 'Invalid query: ' . mysqli_error($link) . "\n"; $message .= 'Whole query: ' . $sql; die($message); } if ($result === true) { // probably an insert.. return false; } $rows = array(); while ($row = mysqli_fetch_assoc($result)) { $rows[] = $row; } return $rows; }
if (isset($_POST['submit'])) { $title = $_POST['title']; $contents = htmlspecialchars($_POST['blogPost']); //htmlspecialchars converts contents from the editor to html code if (trim($title) == "") { $titleErr = "<font color ='red'>Title can not be blank</font>"; $sccess = false; } if (trim($contents) == "") { $contentErr = "<font color ='red'>Content area can not be blank</font>"; $sccess = false; } if ($sccess) { $query = 'INSERT INTO blogpost set Title = "' . $title . '", Content = "' . $contents . '", Author = "' . $_SESSION['username'] . '"'; $result = $database->sql_query($query); $id = mysqli_insert_id($database->getLink()); header('Location: readblog.php?id=' . $id . ''); exit; } } if (isset($_POST['exit'])) { $draft = true; if (trim($title) == "" && trim($contents) == "") { header('Location: blogview.php'); exit; } else { $query = 'INSERT INTO blogpost set Title = "' . $title . '", Content = "' . $contents . '", isDraft = "' . $draft . '", Author = "' . $_SESSION['username'] . '"'; $result = $database->sql_query($query); $query = 'INSERT INTO blogdraft set BlogPostID ="' . $id . '"'; $result = $database->sql_query($query); header('Location: myblogs.php');
function loginUserIntoSession() { $db = new Database(); $uid = (int) $_REQUEST['user_id']; $sid = $_REQUEST['session_id']; $csrf_token = md5(uniqid(rand(), TRUE)); $sql = "SELECT * FROM " . WS_SESSIONS . " WHERE session_id = '" . mysql_real_escape_string($sid, $db->getLink()) . "'"; $res = $db->query($sql); $session_data = "running|s:4:\"true\";"; $session_data .= "userid|s:" . strlen($uid) . ":\"" . $uid . "\";"; $session_data .= "username|s:" . strlen($_REQUEST['username']) . ":\"" . $_REQUEST['username'] . "\";"; $session_data .= "nickname|s:" . strlen($_REQUEST['nickname']) . ":\"" . $_REQUEST['nickname'] . "\";"; $session_data .= "admin|s:" . strlen($_REQUEST['admin']) . ":\"" . $_REQUEST['admin'] . "\";"; $session_data .= "csrf_token|s:" . strlen($csrf_token) . ":\"" . $csrf_token . "\";"; if (mysql_num_rows($res) > 0) { $sql = "UPDATE " . WS_SESSIONS . " SET " . "session_data = '" . mysql_real_escape_string($session_data, $db->getLink()) . "' " . "WHERE session_id = '" . mysql_real_escape_string($sid, $db->getLink()) . "';"; $db->query($sql); } else { $expires = time() + SESSION_EXPIRE; $db->insert(WS_SESSIONS, array("session_id" => $sid, "session_expires" => $expires, "session_data" => $session_data), array("%s", "%d", "%s")); } }