public function getValueEncoded($field)
{
return htmlspecialcharacters($this->getValue($field));
}
public function createPlan()
{
$errormsg = "";
$showform = 1;
// Cleanse title on submission
$formfield['title'] = htmlspecialcharacters(stripslashes(trim($_POST['title'])));
// Check if title name is empty
if (empty($formfield['title'])) {
$errormsg .= "<p>Title is empty</p>";
}
// Check for duplicate title
if ($formfield['title'] != $_POST['origtitle']) {
try {
// Pulls titles from the database & binds
// value to variable to be used
$sqltitle = 'SELECT * FROM ' . DBNAME . ' WHERE title = :title';
$stmttitle = $this->conn->prepare($sqltitle);
$stmttitle->bindValue(':title', $formfield['title']);
$stmttitle->execute();
$count = $stmttitle->rowCount();
//fix counttitle not declared???
// if ($counttitle > 0) {
// $errormsg .= "<p>Duplicate plan name.</p>";
// }
} catch (PDOException $e) {
echo 'Unable to fetch title to check for existing. ' . '<br />ERROR: <br />' . exit;
}
}
// Update if no errors exist
if ($errormsg != "") {
echo $errormsg;
echo "<p>Try again.</p>";
} else {
try {
// Insert data into database
$sqlupdate = 'UPDATE ' . DBNAME . ' SET title = :title WHERE ID = :ID';
$stmtupdate = $this->conn->prepare($sqlupdate);
$stmtupdate->bindValue(':title', $formfield['title']);
$stmtupdate->bindValue(':ID', $_POST['x']);
$stmtupdate->execute();
// Hide form
$showform = 0;
} catch (PDOException $e) {
echo 'Error updating title <br />ERROR: <br />' . $e->getMessage();
exit;
}
}
if ($showform == 1) {
try {
// Pull data from database for existing plans
$sql = 'SELECT * FROM ' . DBNAME . ' WHERE ID = :ID';
$stmt = $this->conn->prepare($sql);
$stmt->bindValue(':ID', $_GET['x']);
$stmt->execute();
$row = $stmt->fetch();
?>
<!-- Form for changing plan title -->
<form action="#" id="titleForm" method="post" name="titleForm">
<input id="titleName" name="name" placeholder="Name" type="text">
<input type="submit" id="changeTitle" onclick="titleSubmit();" value="Submit">
</form>
<!-- End form -->
<?php
} catch (PDOException $e) {
echo 'Error fetching plans. <br />ERROR: </br>' . $e->getMessage();
exit;
}
}
}
function perform($action, $input)
{
global $vars;
$matches = array();
$actions = array();
$output = isset($vars[$input]) ? $vars[$input] : null;
while (preg_match("#(\\w+)(\\s){0,1}(\\.*\\d*)(.*)#", $action, $actions) > 0) {
if (preg_match("#(\\w+) (\\.*\\d+)#", $action, $matches)) {
if ($matches[1] == "format") {
$output = number_format($output, $matches[2]);
}
if ($matches[1] == "add") {
$output = $output + $matches[2];
}
if ($matches[1] == "sub") {
$output = $output - $matches[2];
}
if ($matches[1] == "div") {
$output = $output / $matches[2];
}
if ($matches[1] == "mult") {
$output = $output * $matches[2];
}
} else {
if ($actions[1] == "format") {
$output = number_format($output);
}
if ($actions[1] == "escape") {
$output = htmlspecialcharacters($output);
}
}
if ($matches) {
$action = substr($action, strlen($matches[1] . " " . $matches[2]));
} else {
$action = substr($action, strlen($actions[1]));
}
}
return $output;
}
