function add_course($course_name, $course_short_name, $course_desc, $teacher_id, $course_nbr, $room, $course_type_cde)
{
global $db;
$query = 'INSERT INTO course
(course_name, course_short_name, course_desc, teacher_id,
course_nbr, room, course_type_cde, active)
VALUES
(:course_name, :course_short_name, :course_desc, :teacher_id,
:course_nbr, :room, :course_type_cde, 1)';
try {
$statement = $db->prepare($query);
$statement->bindValue(':course_name', $course_name);
$statement->bindValue(':course_short_name', $course_short_name);
$statement->bindValue(':course_desc', $course_desc);
$statement->bindValue(':teacher_id', $teacher_id);
$statement->bindValue(':course_nbr', $course_nbr);
$statement->bindValue(':room', $room);
$statement->bindValue(':course_type_cde', $course_type_cde);
$statement->execute();
$statement->closeCursor();
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function add_payment($payment)
{
global $db;
$query = 'INSERT INTO payments
(orderID, amount, paymentDateTime, cardTypeID, cardNumber, cardExpMonth, cardExpYear)
VALUES
(:orderID, :amount, sysdate(), :cardTypeID, :cardNumber, :cardExpMonth, :cardExpYear)';
try {
$statement = $db->prepare($query);
$statement->bindValue(':orderID', $payment['orderID']);
$statement->bindValue(':amount', $payment['amount']);
$statement->bindValue(':cardTypeID', $payment['cardTypeID']);
$statement->bindValue(':cardNumber', $payment['cardNumber']);
$statement->bindValue(':cardExpMonth', $payment['cardExpMonth']);
$statement->bindValue(':cardExpYear', $payment['cardExpYear']);
$statement->execute();
$statement->closeCursor();
// Get the last product ID that was automatically generated
$payment_id = $db->lastInsertId();
return $payment_id;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function get_category($category_id)
{
global $db;
$category_id_esc = $db->escape_string($category_id);
$query = "SELECT * FROM categories\n WHERE categoryID = '{$category_id_esc}'";
$result = $db->query($query);
if ($result == false) {
display_db_error($db->error);
}
$category = $result->fetch_assoc();
$result->free();
return $category;
}
function is_valid_admin_login($email, $password)
{
global $db;
try {
$password = sha1($email . $password);
$query = "SELECT userID FROM jobs_user\n WHERE email = '{$email}' AND password = '******'";
$statement = $db->query($query);
$valid = $statement->rowcount();
return $statement;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function delete_category($category_id)
{
global $db;
$query = 'DELETE FROM categories WHERE categoryID = :category_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':category_id', $category_id);
$statement->execute();
$statement->closeCursor();
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function get_user($userName)
{
global $db;
$query = 'SELECT * FROM users WHERE userName = :userName';
try {
$statement = $db->prepare($query);
$statement->bindValue(':userName', $userName);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function get_category($category_id)
{
global $db;
$query = 'SELECT * FROM categories
WHERE categoryID = :category_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':category_id', $category_id);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_product($product_id)
{
global $db;
$query = '
SELECT * FROM Products p';
try {
$statement = $db->prepare($query);
$statement->bindValue(':product_id', $product_id);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function update_card_type($type)
{
global $db;
$query = 'UPDATE cardtypes
SET description = :description
WHERE cardTypeId = :type_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':type_id', $type['cardTypeID']);
$statement->bindValue(':description', $type['description']);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
/**
* Maps the implementations in this file (smf_db_function_name)
* to the $smcFunc['db_function_name'] variable.
* @see Subs-Db-mysql.php#smf_db_initiate
*/
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, &$db_prefix, $db_options = array())
{
global $smcFunc, $mysql_set_mode;
// Map some database specific functions, only do this once.
if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'postg_fetch_assoc') {
$smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_fetch_assoc' => 'smf_db_fetch_assoc', 'db_fetch_row' => 'smf_db_fetch_row', 'db_free_result' => 'pg_free_result', 'db_num_rows' => 'pg_num_rows', 'db_data_seek' => 'smf_db_data_seek', 'db_num_fields' => 'pg_num_fields', 'db_escape_string' => 'pg_escape_string', 'db_unescape_string' => 'smf_db_unescape_string', 'db_server_info' => 'smf_db_version', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'pg_last_error', 'db_select_db' => 'smf_db_select_db', 'db_title' => 'PostgreSQL', 'db_sybase' => true, 'db_case_sensitive' => true, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string');
}
if (!empty($db_options['persist'])) {
$connection = @pg_pconnect('host=' . $db_server . ' dbname=' . $db_name . ' user=\'' . $db_user . '\' password=\'' . $db_passwd . '\'');
} else {
$connection = @pg_connect('host=' . $db_server . ' dbname=' . $db_name . ' user=\'' . $db_user . '\' password=\'' . $db_passwd . '\'');
}
// Something's wrong, show an error if its fatal (which we assume it is)
if (!$connection) {
if (!empty($db_options['non_fatal'])) {
return null;
} else {
display_db_error();
}
}
return $connection;
}
/**
* Maps the implementations in this file (smf_db_function_name)
* to the $smcFunc['db_function_name'] variable.
*/
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array())
{
global $smcFunc, $mysql_set_mode, $db_in_transact, $sqlite_error;
// Map some database specific functions, only do this once.
if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'sqlite_fetch_array') {
$smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_fetch_assoc' => 'sqlite_fetch_array', 'db_fetch_row' => 'smf_db_fetch_row', 'db_free_result' => 'smf_db_free_result', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_num_rows' => 'sqlite_num_rows', 'db_data_seek' => 'sqlite_seek', 'db_num_fields' => 'sqlite_num_fields', 'db_escape_string' => 'sqlite_escape_string', 'db_unescape_string' => 'smf_db_unescape_string', 'db_server_info' => 'smf_db_libversion', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'smf_db_last_error', 'db_select_db' => '', 'db_title' => 'SQLite', 'db_sybase' => true, 'db_case_sensitive' => true, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string');
}
if (substr($db_name, -3) != '.db') {
$db_name .= '.db';
}
if (!empty($db_options['persist'])) {
$connection = @sqlite_popen($db_name, 0666, $sqlite_error);
} else {
$connection = @sqlite_open($db_name, 0666, $sqlite_error);
}
// Something's wrong, show an error if its fatal (which we assume it is)
if (!$connection) {
if (!empty($db_options['non_fatal'])) {
return null;
} else {
display_db_error();
}
}
$db_in_transact = false;
// This is frankly stupid - stop SQLite returning alias names!
@sqlite_query('PRAGMA short_column_names = 1', $connection);
// Make some user defined functions!
sqlite_create_function($connection, 'unix_timestamp', 'smf_udf_unix_timestamp', 0);
sqlite_create_function($connection, 'inet_aton', 'smf_udf_inet_aton', 1);
sqlite_create_function($connection, 'inet_ntoa', 'smf_udf_inet_ntoa', 1);
sqlite_create_function($connection, 'find_in_set', 'smf_udf_find_in_set', 2);
sqlite_create_function($connection, 'year', 'smf_udf_year', 1);
sqlite_create_function($connection, 'month', 'smf_udf_month', 1);
sqlite_create_function($connection, 'dayofmonth', 'smf_udf_dayofmonth', 1);
sqlite_create_function($connection, 'concat', 'smf_udf_concat');
sqlite_create_function($connection, 'locate', 'smf_udf_locate', 2);
sqlite_create_function($connection, 'regexp', 'smf_udf_regexp', 2);
return $connection;
}
function get_course_list()
{
global $db;
$query = 'SELECT course.course_id, course_name, course_short_name, course_desc, course_type_desc, teacher.display_name, course_section.section_nbr, GET_SCHEDULE_TIMES_LIST (course_section.section_id) as times
from course
inner join course_type
on course.course_type_cde = course_type.course_type_cde
inner join course_section
on course.course_id = course_section.course_id
inner join teacher
on teacher.teacher_id = course_section.teacher_id
where course.active = 1
and course_section.active = 1';
try {
$statement = $db->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function add_data3($id, $answer)
{
global $db;
try {
$query = 'insert into `RMproject`.`set7`(id,Answer) values (:id, :answer)';
$statement = $db->prepare($query);
$statement->bindValue(':id', $id);
$statement->bindValue(':answer', $answer);
$statement->execute();
$statement->closeCursor();
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function delete_location($locationID)
{
global $db;
$query = 'UPDATE locations SET status=\'R\' WHERE locationID = :location_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':location_id', $locationID);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function get_teacher($teacher_id)
{
global $db;
$query = 'SELECT teacher_id, last_name, first_name, display_name
from teacher
where teacher_id = :teacher_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':teacher_id', $teacher_id);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
/**
* Callback for preg_replace_callback on the query.
* It allows to replace on the fly a few pre-defined strings, for
* convenience ('query_see_board', 'query_wanna_see_board'), with
* their current values from $user_info.
* In addition, it performs checks and sanitization on the values
* sent to the database.
*
* @param mixed[] $matches
*/
public function replacement__callback($matches)
{
global $db_callback, $user_info, $db_prefix;
list($values, $connection) = $db_callback;
// Connection gone?
if (!is_resource($connection)) {
display_db_error();
}
if ($matches[1] === 'db_prefix') {
return $db_prefix;
}
if ($matches[1] === 'query_see_board') {
return $user_info['query_see_board'];
}
if ($matches[1] === 'query_wanna_see_board') {
return $user_info['query_wanna_see_board'];
}
if (!isset($matches[2])) {
$this->error_backtrace('Invalid value inserted or no type specified.', '', E_USER_ERROR, __FILE__, __LINE__);
}
if (!isset($values[$matches[2]])) {
$this->error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8'), '', E_USER_ERROR, __FILE__, __LINE__);
}
$replacement = $values[$matches[2]];
switch ($matches[1]) {
case 'int':
if (!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) {
$this->error_backtrace('Wrong value type sent to the database. Integer expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
return (string) (int) $replacement;
break;
case 'string':
case 'text':
return sprintf('\'%1$s\'', pg_escape_string($replacement));
break;
case 'array_int':
if (is_array($replacement)) {
if (empty($replacement)) {
$this->error_backtrace('Database error, given array of integer values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
foreach ($replacement as $key => $value) {
if (!is_numeric($value) || (string) $value !== (string) (int) $value) {
$this->error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
$replacement[$key] = (string) (int) $value;
}
return implode(', ', $replacement);
} else {
$this->error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'array_string':
if (is_array($replacement)) {
if (empty($replacement)) {
$this->error_backtrace('Database error, given array of string values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
foreach ($replacement as $key => $value) {
$replacement[$key] = sprintf('\'%1$s\'', pg_escape_string($value));
}
return implode(', ', $replacement);
} else {
$this->error_backtrace('Wrong value type sent to the database. Array of strings expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'date':
if (preg_match('~^(\\d{4})-([0-1]?\\d)-([0-3]?\\d)$~', $replacement, $date_matches) === 1) {
return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
} else {
$this->error_backtrace('Wrong value type sent to the database. Date expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'float':
if (!is_numeric($replacement)) {
$this->error_backtrace('Wrong value type sent to the database. Floating point number expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
return (string) (double) $replacement;
break;
case 'identifier':
return '`' . strtr($replacement, array('`' => '', '.' => '')) . '`';
break;
case 'raw':
return $replacement;
break;
default:
$this->error_backtrace('Undefined type used in the database query. (' . $matches[1] . ':' . $matches[2] . ')', '', false, __FILE__, __LINE__);
break;
}
}
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
$page_security = 'SA_BANKTRANSVIEW';
$path_to_root = "../..";
include $path_to_root . "/includes/session.inc";
page(_($help_context = "View Bank Transfer"), true);
include_once $path_to_root . "/includes/date_functions.inc";
include_once $path_to_root . "/includes/ui.inc";
include_once $path_to_root . "/gl/includes/gl_db.inc";
if (isset($_GET["trans_no"])) {
$trans_no = $_GET["trans_no"];
}
$result = get_bank_trans(ST_BANKTRANSFER, $trans_no);
if (db_num_rows($result) != 2) {
display_db_error("Bank transfer does not contain two records");
}
$trans1 = db_fetch($result);
$trans2 = db_fetch($result);
if ($trans1["amount"] < 0) {
$from_trans = $trans1;
// from trans is the negative one
$to_trans = $trans2;
} else {
$from_trans = $trans2;
$to_trans = $trans1;
}
$company_currency = get_company_currency();
$show_currencies = false;
$show_both_amounts = false;
if ($from_trans['bank_curr_code'] != $company_currency || $to_trans['bank_curr_code'] != $company_currency) {
function delete_product($product_id)
{
global $db;
$query = "DELETE FROM products\n WHERE productID = ?";
$statement = $db->prepare($query);
if ($statement == false) {
display_db_error($db->error);
}
$statement->bind_param("i", $product_id);
$success = $statement->execute();
if ($success) {
$count = $db->affected_rows;
$statement->close();
return $count;
} else {
display_db_error($db->error);
}
}
function add_order($order, $orderLines)
{
global $db;
try {
$db->beginTransaction();
$orderQuery = 'INSERT INTO orders
(customerID, locationID, orderDateTime, pickupType, fulfillmentDateTime, orderComment,
shippingStreet, shippingCity, shippingState, shippingZipCode, status, created)
VALUES
(:customerID, :locationID, sysdate(), :pickupType, sysdate(), :orderComment,
:shippingStreet, :shippingCity, :shippingState, :shippingZipCode, :status, sysdate())';
$statement = $db->prepare($orderQuery);
$statement->bindValue(':customerID', $order['customerID']);
$statement->bindValue(':locationID', $order['locationID']);
$statement->bindValue(':pickupType', $order['pickupType']);
$statement->bindValue(':orderComment', $order['orderComment']);
$statement->bindValue(':shippingStreet', $order['shippingStreet']);
$statement->bindValue(':shippingCity', $order['shippingCity']);
$statement->bindValue(':shippingState', $order['shippingState']);
$statement->bindValue(':shippingZipCode', $order['shippingZipCode']);
$statement->bindValue(':status', 'P');
$statement->execute();
$statement->closeCursor();
$orderID = $db->lastInsertId();
$orderLineQuery = 'INSERT INTO orderlines
(orderID, itemID, unitPrice, quantity, status) VALUES (:orderID, :itemID, :unitPrice, :quantity, 0)';
foreach ($orderLines as $orderLine) {
$statement = $db->prepare($orderLineQuery);
$statement->bindValue(':orderID', $orderID);
$statement->bindValue(':itemID', $orderLine['itemID']);
$statement->bindValue(':unitPrice', $orderLine['unitPrice']);
$statement->bindValue(':quantity', $orderLine['quantity']);
$statement->execute();
$statement->closeCursor();
}
$db->commit();
return $orderID;
} catch (Exception $e) {
$error_message = $e->getMessage();
$db->rollBack();
display_db_error($error_message);
}
}
function smc_compat_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array())
{
global $mysql_set_mod, $sourcedir, $db_connection, $db_prefix, $smcFunc;
if (!empty($db_options['persist'])) {
$db_connection = @mysql_pconnect($db_server, $db_user, $db_passwd);
} else {
$db_connection = @mysql_connect($db_server, $db_user, $db_passwd);
}
// Something's wrong, show an error if its fatal (which we assume it is)
if (!$db_connection) {
if (!empty($db_options['non_fatal'])) {
return null;
} else {
if (file_exists($sourcedir . '/Errors.php')) {
require_once $sourcedir . '/Errors.php';
display_db_error();
}
exit('Sorry, SMF was unable to connect to database.');
}
}
// Select the database, unless told not to
if (empty($db_options['dont_select_db']) && !@mysql_select_db($db_name, $connection) && empty($db_options['non_fatal'])) {
if (file_exists($sourcedir . '/Errors.php')) {
require_once $sourcedir . '/Errors.php';
display_db_error();
}
exit('Sorry, SMF was unable to connect to database.');
} else {
$db_prefix = is_numeric(substr($db_prefix, 0, 1)) ? $db_name . '.' . $db_prefix : '`' . $db_name . '`.' . $db_prefix;
}
// Some core functions, but only once, yes?
if (!function_exists('smf_db_replacement__callback')) {
function smf_db_replacement__callback($matches)
{
global $db_callback, $user_info, $db_prefix;
list($values, $connection) = $db_callback;
if ($matches[1] === 'db_prefix') {
return $db_prefix;
}
if ($matches[1] === 'query_see_board') {
return $user_info['query_see_board'];
}
if ($matches[1] === 'query_wanna_see_board') {
return $user_info['query_wanna_see_board'];
}
if (!isset($matches[2])) {
smf_db_error_backtrace('Invalid value inserted or no type specified.', '', E_USER_ERROR, __FILE__, __LINE__);
}
if (!isset($values[$matches[2]])) {
smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__);
}
$replacement = $values[$matches[2]];
switch ($matches[1]) {
case 'int':
if (!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) {
smf_db_error_backtrace('Wrong value type sent to the database. Integer expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
return (string) (int) $replacement;
break;
case 'string':
case 'text':
return sprintf('\'%1$s\'', mysql_real_escape_string($replacement, $connection));
break;
case 'array_int':
if (is_array($replacement)) {
if (empty($replacement)) {
smf_db_error_backtrace('Database error, given array of integer values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
foreach ($replacement as $key => $value) {
if (!is_numeric($value) || (string) $value !== (string) (int) $value) {
smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
$replacement[$key] = (string) (int) $value;
}
return implode(', ', $replacement);
} else {
smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'array_string':
if (is_array($replacement)) {
if (empty($replacement)) {
smf_db_error_backtrace('Database error, given array of string values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
foreach ($replacement as $key => $value) {
$replacement[$key] = sprintf('\'%1$s\'', mysql_real_escape_string($value, $connection));
}
return implode(', ', $replacement);
} else {
smf_db_error_backtrace('Wrong value type sent to the database. Array of strings expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'date':
if (preg_match('~^(\\d{4})-([0-1]?\\d)-([0-3]?\\d)$~', $replacement, $date_matches) === 1) {
return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
} else {
smf_db_error_backtrace('Wrong value type sent to the database. Date expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
break;
case 'float':
if (!is_numeric($replacement)) {
smf_db_error_backtrace('Wrong value type sent to the database. Floating point number expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__);
}
return (string) (double) $replacement;
break;
case 'identifier':
// Backticks inside identifiers are supported as of MySQL 4.1. We don't need them for SMF.
return '`' . strtr($replacement, array('`' => '', '.' => '')) . '`';
break;
case 'raw':
return $replacement;
break;
default:
smf_db_error_backtrace('Undefined type used in the database query. (' . $matches[1] . ':' . $matches[2] . ')', '', false, __FILE__, __LINE__);
break;
}
}
}
// Because this is just compat mode, this is good enough.
if (!function_exists('smf_db_query')) {
function smf_db_query($execute = true, $db_string, $db_values)
{
global $db_callback, $db_connection;
// Only bother if there's something to replace.
if (strpos($db_string, '{') !== false) {
// This is needed by the callback function.
$db_callback = array($db_values, $db_connection);
// Do the quoting and escaping
$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', 'smf_db_replacement__callback', $db_string);
// Clear this global variable.
$db_callback = array();
}
// We actually make the query in compat mode.
if ($execute === false) {
return $db_string;
}
return mysql_query($db_string, $db_connection);
}
}
// Insert some data...
if (!function_exists('smf_db_insert')) {
function smf_db_insert($method = 'replace', $table, $columns, $data, $keys, $disable_trans = false)
{
global $smcFunc, $db_connection, $db_prefix;
// With nothing to insert, simply return.
if (empty($data)) {
return;
}
// Replace the prefix holder with the actual prefix.
$table = str_replace('{db_prefix}', $db_prefix, $table);
// Inserting data as a single row can be done as a single array.
if (!is_array($data[array_rand($data)])) {
$data = array($data);
}
// Create the mold for a single row insert.
$insertData = '(';
foreach ($columns as $columnName => $type) {
// Are we restricting the length?
if (strpos($type, 'string-') !== false) {
$insertData .= sprintf('SUBSTRING({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName);
} else {
$insertData .= sprintf('{%1$s:%2$s}, ', $type, $columnName);
}
}
$insertData = substr($insertData, 0, -2) . ')';
// Create an array consisting of only the columns.
$indexed_columns = array_keys($columns);
// Here's where the variables are injected to the query.
$insertRows = array();
foreach ($data as $dataRow) {
$insertRows[] = smf_db_query(false, $insertData, array_combine($indexed_columns, $dataRow));
}
// Determine the method of insertion.
$queryTitle = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT');
// Do the insert.
$smcFunc['db_query'](true, '
' . $queryTitle . ' INTO ' . $table . '(`' . implode('`, `', $indexed_columns) . '`)
VALUES
' . implode(',
', $insertRows), array('security_override' => true));
}
}
// This function tries to work out additional error information from a back trace.
if (!function_exists('smf_db_error_backtrace')) {
function smf_db_error_backtrace($error_message, $log_message = '', $error_type = false, $file = null, $line = null)
{
if (empty($log_message)) {
$log_message = $error_message;
}
// A special case - we want the file and line numbers for debugging.
if ($error_type == 'return') {
return array($file, $line);
}
// Is always a critical error.
if (function_exists('log_error')) {
log_error($log_message, 'critical', $file, $line);
}
if ($error_type) {
trigger_error($error_message . ($line !== null ? '<em>(' . basename($file) . '-' . $line . ')</em>' : ''), $error_type);
} else {
trigger_error($error_message . ($line !== null ? '<em>(' . basename($file) . '-' . $line . ')</em>' : ''));
}
}
}
// Returns all tables
if (!function_exists('smf_db_list_tables')) {
function smf_db_list_tables($db = false, $filter = false)
{
global $db_name, $smcFunc;
$db = $db == false ? $db_name : $db;
$db = trim($db);
$filter = $filter == false ? '' : ' LIKE \'' . $filter . '\'';
$request = $smcFunc['db_query'](true, '
SHOW TABLES
FROM `{raw:db}`
{raw:filter}', array('db' => $db[0] == '`' ? strtr($db, array('`' => '')) : $db, 'filter' => $filter));
$tables = array();
while ($row = $smcFunc['db_fetch_row']($request)) {
$tables[] = $row[0];
}
$smcFunc['db_free_result']($request);
return $tables;
}
}
// Now, go functions, spread your love.
$smcFunc['db_free_result'] = 'mysql_free_result';
$smcFunc['db_fetch_row'] = 'mysql_fetch_row';
$smcFunc['db_fetch_assoc'] = 'mysql_fetch_assoc';
$smcFunc['db_num_rows'] = 'mysql_num_rows';
$smcFunc['db_insert'] = 'smf_db_insert';
$smcFunc['db_query'] = 'smf_db_query';
$smcFunc['db_quote'] = 'smf_db_query';
$smcFunc['db_error_backtrace'] = 'smf_db_error_backtrace';
$smcFunc['db_list_tables'] = 'smf_db_list_tables';
return $db_connection;
}
function get_course($course_id)
{
global $db;
$query = 'SELECT course_id, course_name, course_nbr, course_short_name,
course_desc, teacher_id, course_type_cde, room
from course
where course_id = :course_id
order by course_nbr';
try {
$statement = $db->prepare($query);
$statement->bindValue(':course_id', $course_id);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function change_status($customer_id, $status)
{
global $db;
$query = 'UPDATE users SET status=:status WHERE userID = :user_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':status', $status);
$statement->bindValue(':user_id', $customer_id);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
include 'product_view.php';
}
break;
case 'list_categories':
$categories = get_categories();
include 'category_list.php';
break;
case 'add_category':
$name = filter_input(INPUT_POST, 'name');
// Validate inputs
if ($name === NULL) {
$error = "Invalid category name. Check name and try again.";
include 'view/error.php';
} else {
add_category($name);
header('Location: .?action=list_categories');
// display the Category List page
}
break;
case 'delete_category':
$category_id = filter_input(INPUT_POST, 'category_id', FILTER_VALIDATE_INT);
$product_count = get_product_count($category_id);
if ($product_count > 0) {
display_db_error("This category can't be deleted because it contains products.");
} else {
delete_category($category_id);
header('Location: .?action=list_categories');
// display the Category List page
}
break;
}
function get_DailySalesReport($date, $location)
{
global $db;
$counter = 0;
$where = '';
$params = array();
$conn = ' WHERE ';
if (!empty($date)) {
$where = $where . $conn . "cast(orderDateTime AS DATE)=?";
$conn = " AND ";
$params[$counter++] = $date;
}
if (!empty($location)) {
$where = $where . $conn . "locationID=?";
$params[$counter++] = $location;
}
$query = 'SELECT itemID, menuitems.name as itemName, menucategories.name AS category, SUM(quantity) AS totalQuantity, menuitems.unitPrice, SUM(orderlines.unitprice*orderlines.quantity) totalPrice
FROM orderlines
JOIN menuitems USING(itemID)
JOIN menucategories ON menuitems.categoryID=menucategories.categoryID
WHERE orderID IN
(SELECT orderID
FROM orders
' . $where . ')
GROUP BY itemID';
try {
$statement = $db->prepare($query);
for ($count = 1; $count <= $counter; ++$count) {
$statement->bindValue($count, $params[$count - 1]);
}
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function alter_table_customers()
{
global $db;
$queryStreet = 'ALTER TABLE customers MODIFY COLUMN billingStreet VARCHAR(60) NULL';
$queryCity = 'ALTER TABLE customers MODIFY COLUMN billingCity VARCHAR(40) NULL';
$queryState = 'ALTER TABLE customers MODIFY COLUMN billingState VARCHAR(2) NULL';
$queryZipCode = 'ALTER TABLE customers MODIFY COLUMN billingZipCode VARCHAR(10) NULL';
try {
$db->exec($queryStreet);
$db->exec($queryCity);
$db->exec($queryState);
$db->exec($queryZipCode);
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
/**
* Initialize a database connection.
*/
function loadDatabase()
{
global $db_persist, $db_server, $db_user, $db_passwd, $db_port;
global $db_type, $db_name, $ssi_db_user, $ssi_db_passwd, $db_prefix;
// Database stuffs
require_once SOURCEDIR . '/database/Database.subs.php';
// Figure out what type of database we are using.
if (empty($db_type) || !file_exists(SOURCEDIR . '/database/Db-' . $db_type . '.class.php')) {
$db_type = 'mysql';
}
// If we are in SSI try them first, but don't worry if it doesn't work, we have the normal username and password we can use.
if (ELK == 'SSI' && !empty($ssi_db_user) && !empty($ssi_db_passwd)) {
$connection = elk_db_initiate($db_server, $db_name, $ssi_db_user, $ssi_db_passwd, $db_prefix, array('persist' => $db_persist, 'non_fatal' => true, 'dont_select_db' => true, 'port' => $db_port), $db_type);
}
// Either we aren't in SSI mode, or it failed.
if (empty($connection)) {
$connection = elk_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, array('persist' => $db_persist, 'dont_select_db' => ELK == 'SSI', 'port' => $db_port), $db_type);
}
// Safe guard here, if there isn't a valid connection lets put a stop to it.
if (!$connection) {
display_db_error();
}
// If in SSI mode fix up the prefix.
$db = database();
if (ELK == 'SSI') {
$db_prefix = $db->fix_prefix($db_prefix, $db_name);
}
// Case sensitive database? Let's define a constant.
if ($db->db_case_sensitive()) {
DEFINE('DB_CASE_SENSITIVE', '1');
}
}
function delete_item($itemID)
{
global $db;
$query = 'DELETE FROM menuitems WHERE itemID = :item_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':item_id', $itemID);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function delete_product($product_id)
{
global $db;
$query = 'DELETE FROM sanpham WHERE idsanpham = :product_id';
try {
$statement = $db->prepare($query);
$statement->bindValue(':product_id', $product_id);
$statement->execute();
$statement->closeCursor();
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
<?php
$page_security = 'SA_BANKTRANSVIEW';
$path_to_root = "../..";
include $path_to_root . "/includes/session.inc";
page(_($help_context = "View Bank Deposit"), true);
include_once $path_to_root . "/includes/date_functions.inc";
include_once $path_to_root . "/includes/ui.inc";
include_once $path_to_root . "/gl/includes/gl_db.inc";
if (isset($_GET["trans_no"])) {
$trans_no = $_GET["trans_no"];
}
// get the pay-to bank payment info
$result = get_bank_trans(ST_BANKDEPOSIT, $trans_no);
if (db_num_rows($result) != 1) {
display_db_error("duplicate payment bank transaction found", "");
}
$to_trans = db_fetch($result);
$company_currency = get_company_currency();
$show_currencies = false;
if ($to_trans['bank_curr_code'] != $to_trans['settle_curr']) {
$show_currencies = true;
}
echo "<center>";
display_heading(_("GL Deposit") . " #{$trans_no}");
echo "<br>";
start_table(TABLESTYLE, "width=80%");
if ($show_currencies) {
$colspan1 = 1;
$colspan2 = 7;
} else {
function add_member($firstname, $lastname, $email, $phone, $date, $level)
{
global $db;
$query = 'INSERT INTO member
(firstname, lastname, email, phonenumber, date,
level)
VALUES
(:firstname, :lastname, :email, :phone, :date,
:level)';
try {
$statement = $db->prepare($query);
$statement->bindValue(':firstname', $firstname);
$statement->bindValue(':lastname', $lastname);
$statement->bindValue(':email', $email);
$statement->bindValue(':phone', $phone);
$statement->bindValue(':date', $date);
$statement->bindValue(':level', $level);
$statement->execute();
$statement->closeCursor();
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}