function DisplayFullText()
{
$conn = connectToDB();
$FeedbackID = $_GET['FeedbackID'];
SanitizeIn($FeedbackID);
$sql = "SELECT `Text` FROM `Feedbacks` WHERE `FeedbackID`='" . $FeedbackID . "'";
$feedback = GetSingleDbValue($sql, $conn);
if (!$feedback) {
echo 'No such feedback found.';
} else {
echo SanitizeOut($feedback['Text']);
}
$conn->close();
}
function GetMySubscriptions()
{
$user = getUser();
$conn = connectToDB();
$sql = "SELECT `TName` FROM `Subscriptions` WHERE `UserID`='" . $user->userID . "'";
$tags = CheckedQuery($sql, $conn);
$retVal = array();
if ($tags) {
while ($tag = $tags->fetch_assoc()) {
$retVal[SanitizeOut($tag['TName'])] = true;
}
}
$conn->close();
return $retVal;
}
<h6><center>Each line is a single link. Format: Link Displayed Text, Link URL. Example:</center></h6>
<h6><center>Very Relevant Test Item, http://tvtropes.org/pmwiki/pmwiki.php/Main/Rickroll</center></h6>
<div class="container white z-depth-2">
<div class="row">
<form class="col s12">
<div class="row">
<div class="input-field s12">
<?php
include_once "Backend/Sanitize.php";
//Link editing
$contents = file_get_contents("Links.csv");
if (!$contents) {
$contents = "";
echo '<center><h6>Warning: links not loaded.</h6></center>';
}
echo '<textarea name="Links" class="materialize-textarea">' . SanitizeOut($contents) . '</textarea>';
?>
</div>
</div>
<div class="row center">
<button class="btn waves-effect waves-light red lighten-1" type="submit" name="action" onclick="history.go(-1);">Cancel</button>
<button class="btn waves-effect waves-light " type="submit" name="action" formmethod="POST">Save
<i class="mdi-content-send right"></i>
</button>
</div>
</form>
</div>
</div>
<!--<table class="hoverable centered white responsive-table z-depth-2 sortable">-->
<table class="hoverable centered white responsive-table z-depth-2 sortable">
<thead>
<tr>
<th data-field="Lname">Last Name</th>
<th data-field="Fname">First Name</th>
<th data-field="Major">Major</th>
<th data-field="Minor">Minor</th>
<th data-field="Year">Year</th>
<th data-field="Employer">Employer</th>
</tr>
</thead>
<tbody>
<?php
require_once "Common.php";
require_once "Sanitize.php";
$conn = connectToDB();
$result = $conn->query("SELECT UserID, " . "case when LENGTH(FirstName)>30 then CONCAT(LEFT(FirstName, 27), '...') else FirstName end FirstName, " . "case when LENGTH(LastName)>30 then CONCAT(LEFT(LastName, 27), '...') else LastName end LastName, " . "GradYear FROM `Users` " . "WHERE NOT EXISTS (SELECT * FROM `Permissions` WHERE `Permissions`.UserID = `Users`.UserID)");
//$result = $conn->query('SELECT UserID, FirstName, LastName, GradYear FROM `Users` ' .
// 'WHERE NOT EXISTS (SELECT * FROM `Permissions` WHERE `Permissions`.UserID = `Users`.UserID)');
if (!$result) {
die('Invalid query: ' . $conn->error);
}
while ($row = $result->fetch_assoc()) {
echo '<tr><td style="word-wrap: break-word">' . SanitizeOut($row['LastName']) . '</td><td style="word-wrap: break-word">' . SanitizeOut($row['FirstName']) . '</td><td>' . getDegreeFor($row['UserID'], $conn, 1) . '</td><td>' . getDegreeFor($row['UserID'], $conn, 0) . '</td><td>' . SanitizeOut($row['GradYear']) . '</td><td>' . getEmployerFor($row['UserID'], $conn) . '</td></tr>';
}
$conn->close();
?>
</tbody>
</table>
function getTagsArray()
{
$conn = connectToDB();
SanitizeIn($FeedbackID);
$sql = "SELECT * FROM `Tags`";
$tags = CheckedQuery($sql, $conn);
$retVal = array();
if ($tags) {
while ($tag = $tags->fetch_assoc()) {
$retVal[SanitizeOut($tag['CName'])][SanitizeOut($tag['TName'])] = SanitizeOut($tag['TEntryAdvice']);
}
}
$conn->close();
return $retVal;
}
