コード例 #1
1
function authenticate_user($data)
{
    global $db;
    $email = $data['email'];
    $password = $data['password'];
    //getting the salt
    $stmt = mysqli_prepare($db, "SELECT salt FROM users WHERE email = ? LIMIT 1");
    mysqli_stmt_bind_param($stmt, "s", $email);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_store_result($stmt);
    mysqli_stmt_bind_result($stmt, $salt);
    if (mysqli_stmt_num_rows($stmt)) {
        mysqli_stmt_fetch($stmt);
        $password = hash('sha256', "{$password}" . "{$salt}");
        //adding salt to given pass hashing and checking if the resulting hash is the same as the original
        mysqli_stmt_close($stmt);
        $stmt = mysqli_prepare($db, "SELECT uid, username, email FROM users WHERE email = ? AND password = ?");
        mysqli_stmt_bind_param($stmt, "ss", $email, $password);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_store_result($stmt);
        mysqli_stmt_bind_result($stmt, $uid, $username, $email);
        if (mysqli_stmt_num_rows($stmt)) {
            mysqli_stmt_fetch($stmt);
            mysqli_stmt_close($stmt);
            $user = ['userid' => $uid, 'username' => $username, 'email' => $email];
            return $user;
        } else {
            return false;
        }
    } else {
        return false;
    }
}
コード例 #2
1
ファイル: register.php プロジェクト: ncs-jss/newMCQ-
function checkrows()
{
    include "components/db_connect.php";
    $username = $_POST['email'];
    $x = "select * from details where email='{$username}'";
    $result = mysqli_prepare($con, $x);
    mysqli_stmt_execute($result);
    mysqli_stmt_store_result($result);
    $y = mysqli_stmt_num_rows($result);
    include "components/db_disconnect.php";
    return $y;
}
コード例 #3
1
if (mysqli_stmt_prepare($stmt, 'SELECT unknown_column FROM this_table_does_not_exist') || mysqli_stmt_execute($stmt)) {
    printf("[041] The invalid SELECT statement is issued on purpose\n");
}
if (-1 !== ($tmp = mysqli_stmt_affected_rows($stmt))) {
    printf("[042] Expecting int/-1, got %s/%s\n", gettype($tmp), $tmp);
}
if ($IS_MYSQLND) {
    if (false !== ($tmp = mysqli_stmt_store_result($stmt))) {
        printf("[043] Expecting boolean/false, got %s\\%s\n", gettype($tmp), $tmp);
    }
} else {
    if (true !== ($tmp = mysqli_stmt_store_result($stmt))) {
        printf("[043] Libmysql does not care if the previous statement was bogus, expecting boolean/true, got %s\\%s\n", gettype($tmp), $tmp);
    }
}
if (0 !== ($tmp = mysqli_stmt_num_rows($stmt))) {
    printf("[044] Expecting int/0, got %s/%s\n", gettype($tmp), $tmp);
}
if (-1 !== ($tmp = mysqli_stmt_affected_rows($stmt))) {
    printf("[045] Expecting int/-1, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_stmt_close($stmt);
$stmt = mysqli_stmt_init($link);
if (!mysqli_stmt_prepare($stmt, "DROP TABLE IF EXISTS test_mysqli_stmt_affected_rows_table_1") || !mysqli_stmt_execute($stmt)) {
    printf("[046] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
mysqli_stmt_close($stmt);
if (!is_null($tmp = mysqli_stmt_affected_rows($stmt))) {
    printf("[047] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_close($link);
コード例 #4
0
ファイル: login.php プロジェクト: lowjiayou/YearTwoWebOne
function login()
{
    include_once 'database_conn.php';
    // check is form filled
    if (isFormFilled()) {
        // if not filled, stop
        return;
    }
    $uid = sanitizeData($_POST['username']);
    $pswd = sanitizeData($_POST['password']);
    $columnLengthSql = "\n\t\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\t\tWHERE TABLE_NAME =  'te_users'\n\t\t\tAND (column_name =  'username'\n\t\t\tOR column_name =  'passwd')";
    $COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql);
    $isError = false;
    $errMsg[] = validateStringLength($uid, $COLUMN_LENGTH['username']);
    //uid
    $errMsg[] = validateStringLength($pswd, $COLUMN_LENGTH['passwd']);
    //pswd
    for ($i = 0; $i < count($errMsg); $i++) {
        if (!($errMsg[$i] === true)) {
            echo "{$errMsg[$i]}";
            $isError = true;
        }
    }
    //if contain error, halt continue executing the code
    if ($isError) {
        return;
    }
    // check is uid exist
    $checkUIDSql = "SELECT passwd, salt FROM te_users WHERE username = ?";
    $stmt = mysqli_prepare($conn, $checkUIDSql);
    mysqli_stmt_bind_param($stmt, "s", $uid);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_store_result($stmt);
    if (mysqli_stmt_num_rows($stmt) <= 0) {
        echo "Sorry we don't seem to have that username.";
        return;
    }
    mysqli_stmt_bind_result($stmt, $getHashpswd, $getSalt);
    while (mysqli_stmt_fetch($stmt)) {
        $hashPswd = $getHashpswd;
        $salt = $getSalt;
    }
    // if exist, then get salt and db hashed password
    // create hash based on password
    // hash pswd using sha256 algorithm
    // concat salt in db by uid
    // hash using sha256 algorithm
    $pswd = hash("sha256", $salt . hash("sha256", $pswd));
    // check does it match with hased password from db
    if (strcmp($pswd, $hashPswd) === 0) {
        echo "Success login<br/>";
        // add session
        $_SESSION['logged-in'] = $uid;
        // go to url
        $url = $_SERVER['REQUEST_URI'];
        header("Location: {$url}");
    } else {
        echo "Fail login<br/>";
    }
}
コード例 #5
0
function evalLoggedUser($con, $id, $u, $p)
{
    $sql = "SELECT lastlogin FROM users WHERE id=? AND name=? AND pass=? LIMIT 1";
    if ($stmt = mysqli_prepare($con, $sql)) {
        mysqli_stmt_bind_param($stmt, "iss", $id, $u, $p);
        mysqli_stmt_execute($stmt);
        //  $query = mysqli_query($conx, $sql);
        $numrows = mysqli_stmt_num_rows($stmt);
        if ($numrows > 0) {
            return true;
        }
    }
}
コード例 #6
0
function verificaMesGrafico($string)
{
    include "conf-conexao.php";
    include "script-time.php";
    // selecione o total de meses quando ano for igua a anoCorrente
    $consultaSqlVerificaMes = "SELECT MES FROM tab_dados_grafico WHERE MES LIKE  '%{$string}%' AND ANO = {$anoCorrente}";
    $stmt = mysqli_prepare($conexao, $consultaSqlVerificaMes);
    if ($stmt) {
        mysqli_stmt_execute($stmt);
        mysqli_stmt_store_result($stmt);
        echo mysqli_stmt_num_rows($stmt);
    }
}
コード例 #7
0
function obtenerCantidadPorDNI($dni)
{
    $conect = conectar();
    $sql = "SELECT COUNT(prod.id) as cantidad\n            FROM persona as per\n            INNER JOIN producto as prod ON (prod.persona_id = per.id)\n            WHERE per.dni = ?\n            GROUP BY per.dni";
    $stmt = $conect->prepare($sql);
    $stmt->bind_param('i', $dni);
    $stmt->execute();
    $stmt->bind_result($cantidad);
    $stmt->store_result();
    if (mysqli_stmt_num_rows($stmt) > 0) {
        $row = mysqli_stmt_fetch($stmt);
        $result = array('estado' => true, 'cantidad' => $cantidad);
    } else {
        $result = array('estado' => false);
    }
    return $result;
}
コード例 #8
0
ファイル: queries.php プロジェクト: Calcio/CursoPHPBasico
function getAllActivitiesByUser($params)
{
    $connection = dbConnect();
    $options = ['columns' => 'a.id, ud.nome as demandante, s.sigla,
        sa.status, a.titulo, a.data, a.tempo_gasto, a.id_status', 'join' => [['type' => 'INNER JOIN', 'table' => 'setores s', 'columns' => 's.id = a.id_setor'], ['type' => 'INNER JOIN', 'table' => 'status_atividade sa', 'columns' => 'sa.id = a.id_status'], ['type' => 'INNER JOIN', 'table' => 'usuarios ud', 'columns' => 'ud.id = a.id_demandante']], 'where' => ['a.id_responsavel' => $_SESSION['id']], 'order_by' => 'a.data DESC', 'limit' => $params['limit'] . ', ' . $params['offset']];
    $sql = buildSelect('atividades a', $options);
    $stmt = mysqli_prepare($connection, $sql);
    mysqli_stmt_bind_param($stmt, 'i', $_SESSION['id']);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_store_result($stmt);
    mysqli_stmt_bind_result($stmt, $id, $demandante, $sigla, $status, $titulo, $data, $tempo_gasto, $id_status);
    $result = [];
    while (mysqli_stmt_fetch($stmt)) {
        array_push($result, ["id" => $id, "demandante" => $demandante, "sigla" => $sigla, "status" => $status, "titulo" => $titulo, "data" => $data, "tempo_gasto" => $tempo_gasto, "id_status" => $id_status]);
    }
    $numRows = mysqli_stmt_num_rows($stmt);
    mysqli_stmt_close($stmt);
    dbClose($connection);
    return ['result' => $result, 'numRows' => $numRows];
}
コード例 #9
0
function func_test_mysqli_stmt_num_rows($stmt, $query, $expected, $offset)
{
    if (!mysqli_stmt_prepare($stmt, $query)) {
        printf("[%03d] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
        return false;
    }
    if (!mysqli_stmt_execute($stmt)) {
        printf("[%03d] [%d] %s\n", $offset + 1, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
        return false;
    }
    if (!mysqli_stmt_store_result($stmt)) {
        printf("[%03d] [%d] %s\n", $offset + 2, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
        return false;
    }
    if ($expected !== ($tmp = mysqli_stmt_num_rows($stmt))) {
        printf("[%03d] Expecting %s/%d, got %s/%d\n", $offset + 3, gettype($expected), $expected, gettype($tmp), $tmp);
    }
    mysqli_stmt_free_result($stmt);
    return true;
}
コード例 #10
0
ファイル: download.php プロジェクト: jreinstra/dragonfly-main
function getDocID($url)
{
    $con = $GLOBALS["con"];
    $sql = "SELECT docID FROM documents WHERE URL=?";
    $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
    mysqli_stmt_bind_param($stmt, 's', $url) or die(mysqli_stmt_error($stmt));
    mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
    mysqli_stmt_store_result($stmt);
    if (mysqli_stmt_num_rows($stmt) < 1) {
        mysqli_stmt_close($stmt);
        $sql = "INSERT INTO documents (URL) VALUES (?)";
        $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
        mysqli_stmt_bind_param($stmt, 's', $url) or die(mysqli_stmt_error($stmt));
        mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
        mysqli_stmt_bind_result($stmt, $docID);
        mysqli_stmt_fetch($stmt);
        return getDocID($url);
    } else {
        mysqli_stmt_bind_result($stmt, $docID);
        mysqli_stmt_fetch($stmt);
        return $docID;
    }
}
コード例 #11
0
function get_key($dbh, $config, $key)
{
    $data = array();
    $result = 0;
    $stmt = mysqli_prepare($dbh, "SELECT name,try_interval,last_try FROM " . $config['table_prefix'] . "keys WHERE `key` = ? LIMIT 0,1");
    mysqli_stmt_bind_param($stmt, "s", $key);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_store_result($stmt);
    $result = mysqli_stmt_num_rows($stmt);
    mysqli_stmt_bind_result($stmt, $name, $try_interval, $last_try);
    while (mysqli_stmt_fetch($stmt)) {
        $data['name'] = $name;
        $data['try_interval'] = $try_interval;
        $data['last_try'] = $last_try;
    }
    mysqli_stmt_close($stmt);
    unset($stmt);
    if ($result) {
        return $data;
    } else {
        return 0;
    }
}
コード例 #12
0
ファイル: homepage.php プロジェクト: RayM4/DB-Project
//var_dump($_POST);
$lifetime = 86400;
session_set_cookie_params($lifetime, $httponly = true);
if ($link->connect_error) {
    die("Connection failed: " . $link->connect_error);
}
//&& $username != $_SESSION['username']
if (!isset($_SESSION['username'])) {
    //echo "2";
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $query = mysqli_prepare($link, "SELECT username, password FROM member WHERE username = ? ");
    mysqli_stmt_bind_param($query, 's', $username);
    mysqli_stmt_execute($query);
    mysqli_stmt_store_result($query);
    $rows = mysqli_stmt_num_rows($query);
    mysqli_stmt_bind_result($query, $user, $pass);
    mysqli_stmt_fetch($query);
    if ($rows == 1) {
        if ($password == $pass) {
            $_SESSION['username'] = $username;
        } else {
            //password is just wrong or something went wrong with the hashing
            echo "wrong hash or pass";
            header("location:index.php?invalidcredA");
            exit;
        }
    } else {
        //wrong username or multiple entries
        header("location:index.php?invalidcredB");
        exit;
コード例 #13
0
ファイル: parse.php プロジェクト: jreinstra/dragonfly-main
function logSubject($title)
{
    $con = $GLOBALS["con"];
    $sql = "SELECT subjectID FROM subjects WHERE Name=?";
    //$title
    $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
    mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt));
    mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
    mysqli_stmt_store_result($stmt);
    $rows = mysqli_stmt_num_rows($stmt);
    mysqli_stmt_close($stmt);
    if ($rows < 1) {
        $sql = "INSERT INTO subjects (Name) VALUES (?)";
        //$title
        $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
        mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt));
        mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
        mysqli_stmt_close($stmt);
    }
}
コード例 #14
0
ファイル: userStats.php プロジェクト: rturi/I244
$pass = "******";
$db = "test";
$connection = mysqli_connect($host, $user, $pass, $db) or die("ei saa ühendust mootoriga");
mysqli_query($connection, "SET CHARACTER SET UTF8") or die("Ei saanud baasi utf-8-sse - " . mysqli_error($connection));
// php and mysql datetime compatibility http://stackoverflow.com/questions/2215354/php-date-format-when-inserting-into-datetime-in-mysql
$visitTime = date("Y-m-d H:i:s");
$visitorAddress = $_SERVER['REMOTE_ADDR'];
// Insert visitors IP ind current time to DB
$insertVisitQuery = "INSERT INTO rturi_stats (ip, time) VALUES ('" . $visitorAddress . "', '" . $visitTime . "');";
mysqli_query($connection, $insertVisitQuery) or die("Ei saanud kirjet lisatud - " . mysqli_error($connection));
// query how many visits there have been from users IP
$selectNumberOfVisitsQuery = "SELECT * FROM rturi_stats WHERE ip = '" . $visitorAddress . "';";
//row count code copied from http://php.net/manual/en/mysqli-stmt.num-rows.php
if ($stmt = mysqli_prepare($connection, $selectNumberOfVisitsQuery)) {
    /* execute query */
    mysqli_stmt_execute($stmt);
    /* store result */
    mysqli_stmt_store_result($stmt);
    $numberOfVisits = mysqli_stmt_num_rows($stmt);
    /* close statement */
    mysqli_stmt_close($stmt);
}
// get the earliest visit datetime from DB
// some help from mysqli tutorial http://codular.com/php-mysqli
$selectEarliestVisitQuery = "SELECT MIN(time) FROM rturi_stats WHERE ip ='88.196.181.145';";
$earliestVisitQueryResult = mysqli_query($connection, $selectEarliestVisitQuery) or die("Kõige varasema külstuse aja päring ebaõnnestus - " . mysqli_error($connection));
$resultRow = $earliestVisitQueryResult->fetch_assoc();
$earliestVisit = $resultRow['MIN(time)'];
echo "Sinu IP aadress on " . $_SERVER['REMOTE_ADDR'] . "<br><br>";
echo "See on sinu " . $numberOfVisits . ". külastus sellel lehel. Esimene külastus oli " . $earliestVisit;
mysqli_close($connection);
コード例 #15
0
 if (($tmp = count($fields_res_meta)) !== $num_fields) {
     printf("[015] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp);
 }
 if ($fields_res_meta != $fields) {
     printf("[016] Prepared Statement metadata differs from normal metadata, dumping\n");
     var_dump($fields_res_meta);
     var_dump($fields);
 }
 if (function_exists('mysqli_stmt_get_result') && $stmt->prepare('EXPLAIN SELECT t1.*, t2.* FROM test AS t1, test AS t2') && $stmt->execute()) {
     if (!($res_stmt = mysqli_stmt_get_result($stmt))) {
         printf("[017] Cannot fetch result from PS [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
     }
     if (($tmp = mysqli_num_rows($res_stmt)) !== $num_rows) {
         printf("[018] Expecting int/%d got %s/%s\n", $num_rows, gettype($tmp), $tmp);
     }
     if (mysqli_stmt_num_rows($stmt) !== 0) {
         printf("[019] Expecting int/0 got %s/%s\n", gettype($tmp), $tmp);
     }
     if (($tmp = mysqli_stmt_field_count($stmt)) !== $num_fields) {
         printf("[020] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp);
     }
     if (($tmp = $res_stmt->field_count) !== $num_fields) {
         printf("[021] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp);
     }
     $fields_stmt = mysqli_fetch_fields($res_stmt);
     if (($tmp = count($fields_stmt)) !== $num_fields) {
         printf("[022] Expecting int/%d got %s/%s\n", $num_fields, gettype($tmp), $tmp);
     }
     reset($fields);
     foreach ($fields_stmt as $fields_stmt_val) {
         list(, $fields_val) = each($fields);
コード例 #16
0
ファイル: market.php プロジェクト: clmpgd/business_plan_app
}
?>


	<br><br><h1 class='blue'>Competitive Analysis</h1><br>
	<?php 
/* run prepared queries to see if any data is already present in intellectual_property table */
/* create a prepared statement */
if ($stmt = mysqli_prepare($link, "SELECT * FROM competitive_analysis WHERE id=?")) {
    /* bind variables to marker */
    mysqli_stmt_bind_param($stmt, 's', $_SESSION['id']);
    /* execute query */
    mysqli_stmt_execute($stmt);
    /* store result */
    mysqli_stmt_store_result($stmt);
    printf("%d results<br>", mysqli_stmt_num_rows($stmt));
    /* bind result variables */
    mysqli_stmt_bind_result($stmt, $id, $entry, $behavior, $advantage);
    /* print table headers */
    echo "<table><thead><tr><th></th><th>Current Behavior</th><th>Our Competitive Advantage</tr></thead>";
    while (mysqli_stmt_fetch($stmt)) {
        /* print output */
        ?>
				<form action="marketUpdate.php" method="POST">
					<input type="hidden" name="table" value="competitiveAnalysis">
					<input type="hidden" name="id" value="<?php 
        echo $id;
        ?>
">
					<input type="hidden" name="entry" value="<?php 
        echo $entry;
コード例 #17
0
    mysqli_stmt_close($stmt);
}
$sqlsongs = "SELECT title,artist,weight FROM songs WHERE pkg=1";
$sql = "SELECT pid FROM buypackages WHERE uid=?";
$pkglist = "";
if ($stmt = mysqli_prepare($con, $sql)) {
    mysqli_stmt_bind_param($stmt, "s", $uid);
    mysqli_stmt_execute($stmt);
    if (mysqli_stmt_error($stmt)) {
        echo 'SQL Error: ' . mysqli_stmt_error($stmt);
    }
    mysqli_stmt_bind_result($stmt, $pid);
    while (mysqli_stmt_fetch($stmt)) {
        $sqlsongs = $sqlsongs . " OR pkg=" . $pid;
    }
    $n = mysqli_stmt_num_rows($stmt);
    mysqli_stmt_close($stmt);
}
if ($sb == "sbn") {
    $sqlsongs = $sqlsongs . " ORDER BY title";
} else {
    if ($sb == "sbp") {
        $sqlsongs = $sqlsongs . " ORDER BY weight";
    }
}
//echo "<select id=\"songpick\">";
//echo $sqlsongs;
echo "<form>";
if ($stmt = mysqli_prepare($con, $sqlsongs)) {
    mysqli_stmt_execute($stmt);
    if (mysqli_stmt_error($stmt)) {
コード例 #18
0
ファイル: DataRetrieval.php プロジェクト: zehe/nextDoor
function isWaiting($conn, $UserId, $BlockId)
{
    $stmt = mysqli_prepare($conn, "select * from WaitingList where WUserid = ? and Blockid = ?");
    mysqli_stmt_bind_param($stmt, "ii", $UserId, $BlockId);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_store_result($stmt);
    $num = mysqli_stmt_num_rows($stmt);
    mysqli_stmt_free_result($stmt);
    mysqli_stmt_close($stmt);
    if ($num > 0) {
        return true;
    }
    return false;
}
コード例 #19
0
ファイル: results.php プロジェクト: nelsonomuto/lamp
include "header.php";
?>

	<?php 
$conn = new mysqli("localhost", "my_user", "my*password", "mgabriel");
if (mysqli_connect_errno()) {
    echo 'Cannot connect to database: ' . mysqli_connect_error($conn);
} else {
    $query = mysqli_prepare($conn, "SELECT profileinfo.firstname, profileinfo.lastname, profileinfo.email, profileinfo.day, profileinfo.time FROM profileinfo inner join services_provided ON services_provided.id=profileinfo.id WHERE services_provided.service_id = ?;") or die("Error: " . mysqli_error($conn));
    // bind parameters "s" - string
    mysqli_stmt_bind_param($query, "i", $_POST['service_description']);
    //run the query mysqli_stmt_execute returns true if the
    //query was successful
    mysqli_stmt_execute($query) or die("Error. Could not insert into the table." . mysqli_error($conn));
    mysqli_stmt_store_result($query);
    if (mysqli_stmt_num_rows($query) == 0) {
        echo "No entries found";
    } else {
        // bind variables to prepared statement
        mysqli_stmt_bind_result($query, $firstname, $lastname, $email, $day, $time);
        // fetch values
        $dataArr = [];
        while (mysqli_stmt_fetch($query)) {
            $dataArr[] = $firstname . ' ' . $lastname . ' ' . $email . ' ' . $day . ' ' . $time;
        }
        foreach ($dataArr as $profileinfo) {
            echo $profileinfo . '<br/>';
        }
    }
    mysqli_stmt_close($query);
    //for prepared stmts only
コード例 #20
0
ファイル: richness.tet.data.php プロジェクト: jayontraps/boc
// print '<li>Possible :'.' '. $tetradinfo['Possible'].'</li>';
// print '<li>Probable :'.' '. $tetradinfo['Probable'].'</li>';
// print '<li>Confirmed :'. ' '.$tetradinfo['Confirmed'].'</li></ul>';
if ($table === "bredstat_1989") {
    $query = "SELECT Tetrad FROM {$table} WHERE {$tetradid} > 1";
} else {
    $query = "SELECT Tetrad FROM {$table} WHERE {$tetradid} >= 1";
}
// $query = "SELECT Tetrad FROM $table WHERE $tetradid >= 1";
if ($stmt = mysqli_prepare($link, $query)) {
    /* execute query */
    mysqli_stmt_execute($stmt);
    /* store result */
    mysqli_stmt_store_result($stmt);
    print "<div class='myCount'>";
    printf("Total Number of Species: %d\n", mysqli_stmt_num_rows($stmt));
    printf("<span class='caret'></span>");
    print "</div>";
    /* close statement */
    mysqli_stmt_close($stmt);
}
if ($table === "bredstat_1989") {
    $stmt = "SELECT Tetrad FROM {$table} WHERE {$tetradid} > 1 ORDER BY Tetrad ASC";
} else {
    $stmt = "SELECT Tetrad FROM {$table} WHERE {$tetradid} >= 1 ORDER BY Tetrad ASC";
}
// $stmt = "SELECT Tetrad FROM $table WHERE $tetradid >= 1 ORDER BY Tetrad ASC";
if ($res = mysqli_query($link, $stmt)) {
    echo '<ol class="rich_species_List group" style="display: none;">';
    /* fetch associative array */
    while ($row = mysqli_fetch_assoc($res)) {
コード例 #21
0
function generate_common($graphType, $beginningQuery, $endQuery, $label1Column, $label2Column, $valueColumn)
{
    global $rType, $sDate, $eDate, $days, $sTime, $eTime;
    $link = retrieve_mysqli();
    $query = $beginningQuery . " WHERE ";
    $query .= generate_conditional() . $endQuery;
    if ($stmt = mysqli_prepare($link, $query)) {
        mysqli_stmt_bind_param($stmt, "ssss", $sDate, $eDate, $sTime, $eTime);
        mysqli_stmt_execute($stmt);
        $stmt->store_result();
        $resultrow = array();
        stmt_bind_assoc($stmt, $resultrow);
        $numRows = mysqli_stmt_num_rows($stmt);
        if ($numRows != 0) {
            $isEmployee = FALSE;
            if (isset($label2Column)) {
                $isEmployee = TRUE;
            }
            $labels = array();
            $values = array();
            while (mysqli_stmt_fetch($stmt)) {
                $label1 = NULL;
                $label2 = NULL;
                // label2 is lastname if isEmployee, otherwise NULL
                $value = NULL;
                foreach ($resultrow as $key => $data) {
                    if ($label1Column == $key) {
                        $label1 = $data;
                    } else {
                        if ($valueColumn == $key) {
                            $value = $data;
                        } else {
                            if ($isEmployee) {
                                if ($label2Column == $key) {
                                    $label2 = $data;
                                }
                            } else {
                                if (isset($label1) && isset($value)) {
                                    break;
                                }
                            }
                        }
                    }
                    if (isset($label1) && isset($value) && isset($label2)) {
                        break;
                    }
                }
                $label = $label1;
                if ($isEmployee) {
                    $label .= ' ' . $label2;
                }
                array_push($labels, $label);
                array_push($values, $value);
            }
            mysqli_stmt_close($stmt);
            echo json_encode(array('graphType' => $graphType, 'labels' => $labels, 'values' => $values));
            exit;
        }
        echo '0 results returned.';
        exit;
    }
}
コード例 #22
0
ファイル: login.php プロジェクト: HardSkript/upld
if (empty($_POST['email']) || empty($_POST['password'])) {
    exit_message('Please make sure you enter both an email address and password');
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
    exit_message('Please enter a valid email address');
}
// user has entered a valid email and a password
$email = $_POST['email'];
$password = $_POST['password'];
require 'db.php';
$user = mysqli_prepare($db, 'SELECT `id`, `admin`, `banned` FROM `users` WHERE `email` = ? AND `password` = SHA2(CONCAT(`salt`, ?), 256)');
mysqli_stmt_bind_param($user, 'ss', $email, $password);
mysqli_stmt_execute($user);
++$db_queries;
mysqli_stmt_store_result($user);
if (mysqli_stmt_num_rows($user) === 0) {
    exit_message('Sorry, no account exists with this email and password');
}
mysqli_stmt_bind_result($user, $id, $admin, $banned);
mysqli_stmt_fetch($user);
mysqli_stmt_close($user);
mysqli_close($db);
if ($banned === '1') {
    // user is banned ($banned will return 1);
    exit_message('This account has been banned');
}
$_SESSION['user'] = $id;
if ($admin === '1') {
    // ONLY set this variable if user is an admin ($admin will return 1)
    $_SESSION['admin'] = true;
}
コード例 #23
0
 //echo "strDo= " . $strDo;
 //Get Form Post Data
 $strEmailForgotForm = funct_GetandCleanVariables($_POST["forgot_email"]);
 if ($DB_MYSQLI->connect_errno) {
     echo "Failed to connect to MySQL: (" . $DB_MYSQLI->connect_errno . ") " . $DB_MYSQLI->connect_error;
 }
 if ($stmt = $DB_MYSQLI->prepare("SELECT id FROM " . TBL_USERS . " WHERE email = ? ")) {
     $stmt->bind_param("s", $strEmailForgotForm);
     //Bind parameters s - string, b - blob, i - int, etc
     $stmt->execute();
     //Execute it
     $stmt->bind_result($intUserID);
     //bind results
     //$stmt -> fetch(); //fetch the value
     mysqli_stmt_store_result($stmt);
     $intTotalRowsFound = mysqli_stmt_num_rows($stmt);
     //echo "totalrows: $intTotalRowsFound <br>";
     if ($intTotalRowsFound < 1) {
         $errorMSG = "Sorry, the  email: " . $strEmailForgotForm . " is not in our records";
         //No Such Email in Database
     } else {
         //Email found so ...
         while ($stmt->fetch()) {
             //echo " $intUserID, $strFirstName, $strLastName, $strEmail <br>";
             //generate temp password
             $strPasswordTemp = createRandomKey_Num(12);
             //hash it
             $strPassword_hash = password_hash($strPasswordTemp, PASSWORD_DEFAULT);
             //PASSWORD_BCRYPT
             //update database
             //$query = "UPDATE ".TBL_USERS." SET password='******' WHERE id = $intUserID " ;
コード例 #24
0
}
assert(mysqli_stmt_affected_rows($stmt) === $stmt->affected_rows);
printf("stmt->affected_rows = '%s'\n", $stmt->affected_rows);
assert(mysqli_stmt_errno($stmt) === $stmt->errno);
printf("stmt->errno = '%s'\n", $stmt->errno);
assert(mysqli_stmt_error($stmt) === $stmt->error);
printf("stmt->error = '%s'\n", $stmt->error);
assert(mysqli_stmt_error_list($stmt) === $stmt->error_list);
var_dump("stmt->error = ", $stmt->error_list);
assert(mysqli_stmt_field_count($stmt) === $stmt->field_count);
printf("stmt->field_count = '%s'\n", $stmt->field_count);
assert($stmt->id > 0);
printf("stmt->id = '%s'\n", $stmt->id);
assert(mysqli_stmt_insert_id($stmt) === $stmt->insert_id);
printf("stmt->insert_id = '%s'\n", $stmt->insert_id);
assert(mysqli_stmt_num_rows($stmt) === $stmt->num_rows);
printf("stmt->num_rows = '%s'\n", $stmt->num_rows);
assert(mysqli_stmt_param_count($stmt) === $stmt->param_count);
printf("stmt->param_count = '%s'\n", $stmt->param_count);
assert(mysqli_stmt_sqlstate($stmt) === $stmt->sqlstate);
printf("stmt->sqlstate = '%s'\n", $stmt->sqlstate);
printf("\nAccess to undefined properties:\n");
printf("stmt->unknown = '%s'\n", @$stmt->unknown);
@($stmt->unknown = 13);
printf("stmt->unknown = '%s'\n", @$stmt->unknown);
printf("\nPrepare using the constructor:\n");
$stmt = new mysqli_stmt($link, 'SELECT id FROM test_mysqli_class_mysqli_stmt_interface_table_1 ORDER BY id');
if (!$stmt->execute()) {
    printf("[002] [%d] %s\n", $stmt->errno, $stmt->error);
}
$stmt->close();
コード例 #25
0
}
if (!is_null($tmp = mysqli_stmt_data_seek($stmt, 2))) {
    printf("[009] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
if (!mysqli_stmt_fetch($stmt)) {
    printf("[010] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
var_dump($id);
if (!is_null($tmp = mysqli_stmt_data_seek($stmt, 0))) {
    printf("[011] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
if (!mysqli_stmt_fetch($stmt)) {
    printf("[012] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
var_dump($id);
if (!is_null($tmp = mysqli_stmt_data_seek($stmt, mysqli_stmt_num_rows($stmt) + 100))) {
    printf("[013] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
if (mysqli_stmt_fetch($stmt)) {
    printf("[014] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
var_dump($id);
if (false !== ($tmp = mysqli_stmt_data_seek($stmt, -1))) {
    printf("[015] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
if (mysqli_stmt_fetch($stmt)) {
    printf("[016] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
var_dump($id);
mysqli_stmt_close($stmt);
if (NULL !== ($tmp = mysqli_stmt_data_seek($stmt, 0))) {
コード例 #26
0
ファイル: parseOne.php プロジェクト: jreinstra/dragonfly-main
function logSubject($title, $factsExist)
{
    $con = $GLOBALS["con"];
    $sql = "SELECT subjectID FROM subjects WHERE Name=?";
    //$title
    $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
    mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt));
    mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
    mysqli_stmt_store_result($stmt);
    $rows = mysqli_stmt_num_rows($stmt);
    mysqli_stmt_close($stmt);
    if ($rows < 1) {
        echo "logged " . $title;
        $valid = 1;
        if ($factsExist == false) {
            $valid = 0;
        }
        $sql = "INSERT INTO subjects (Name, Valid) VALUES (?, {$valid})";
        //$title
        $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
        mysqli_stmt_bind_param($stmt, 's', $title) or die(mysqli_stmt_error($stmt));
        mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
        mysqli_stmt_close($stmt);
        if ($title != $GLOBALS["originalSubject"]) {
            echo "logged " . $GLOBALS["originalSubject"];
            $sql = "INSERT INTO subjects (Name, Valid) VALUES (?, 0)";
            //$title
            $stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
            mysqli_stmt_bind_param($stmt, 's', $GLOBALS["originalSubject"]) or die(mysqli_stmt_error($stmt));
            mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
            mysqli_stmt_close($stmt);
        }
    }
}
コード例 #27
0
ファイル: receipt.php プロジェクト: raynaldmo/php-education
// Require the database connection:
require MYSQL;
// Set the page title and include the header:
include './includes/plain_header.html';
// Fetch the order information:
$q = 'SELECT FORMAT(total/100, 2) AS total, FORMAT(shipping/100,2) AS shipping, credit_card_number, DATE_FORMAT(order_date, "%a %b %e, %Y at %h:%i%p") AS od, email, CONCAT(last_name, ", ", first_name) AS name, CONCAT_WS(" ", address1, address2, city, state, zip) AS address, phone, CONCAT_WS(" - ", ncc.category, ncp.name) AS item, quantity, FORMAT(price_per/100,2) AS price_per FROM orders AS o INNER JOIN customers AS c ON (o.customer_id = c.id) INNER JOIN order_contents AS oc ON (oc.order_id = o.id) INNER JOIN non_coffee_products AS ncp ON (oc.product_id = ncp.id AND oc.product_type="goodies") INNER JOIN non_coffee_categories AS ncc ON (ncc.id = ncp.non_coffee_category_id) WHERE o.id=? AND SHA1(email)=?
UNION 
SELECT FORMAT(total/100, 2), FORMAT(shipping/100,2), credit_card_number, DATE_FORMAT(order_date, "%a %b %e, %Y at %l:%i%p"), email, CONCAT(last_name, ", ", first_name), CONCAT_WS(" ", address1, address2, city, state, zip), phone, CONCAT_WS(" - ", gc.category, s.size, sc.caf_decaf, sc.ground_whole) AS item, quantity, FORMAT(price_per/100,2)  FROM orders AS o INNER JOIN customers AS c ON (o.customer_id = c.id) INNER JOIN order_contents AS oc ON (oc.order_id = o.id) INNER JOIN specific_coffees AS sc ON (oc.product_id = sc.id AND oc.product_type="coffee") INNER JOIN sizes AS s ON (s.id=sc.size_id) INNER JOIN general_coffees AS gc ON (gc.id=sc.general_coffee_id) WHERE o.id=? AND SHA1(email)=?';
// Prepare the statement:
$stmt = mysqli_prepare($dbc, $q);
// Bind the variables:
mysqli_stmt_bind_param($stmt, 'isis', $order_id, $email_hash, $order_id, $email_hash);
// Execute the query:
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) > 0) {
    // Display the order info:
    echo '<h3>Your Order</h3>';
    // Bind the result:
    mysqli_stmt_bind_result($stmt, $total, $shipping, $cc_num, $order_date, $email, $name, $address, $phone, $item, $quantity, $price);
    // Get the first row:
    mysqli_stmt_fetch($stmt);
    // Display the order and customer information:
    echo '<p><strong>Order ID</strong>: ' . $order_id . '</p><p><strong>Order Date</strong>: ' . $order_date . '</p><p><strong>Customer Name</strong>: ' . htmlspecialchars($name) . '</p><p><strong>Shipping Address</strong>: ' . htmlspecialchars($address) . '</p><p><strong>Customer Email</strong>: ' . htmlspecialchars($email) . '</p><p><strong>Customer Phone</strong>: ' . htmlspecialchars($phone) . '</p><p><strong>Credit Card Number Used</strong>: *' . $cc_num . '</p>';
    // Create the table:
    echo '<table border="0" cellspacing="3" cellpadding="3">
	<thead>
		<tr>
	    <th align="center">Item</th>
	    <th align="center">Quantity</th>
	    <th align="right">Price</th>
コード例 #28
0
function display_data($link, $sql)
{
    $param = "%{$_POST['text']}%";
    if ($_POST['region'] == "sport") {
        echo "<thead>\r\n                               <tr>\r\n                                 \r\n\t\t\t\t\t\t          <th>League</th>\r\n\t\t\t\t\t\t          <th>Sports</th>\r\n\t\t\t\t\t          </tr>\r\n\t\t\t\t          </thead>";
        if ($stmt = mysqli_prepare($link, $sql)) {
            //prepare successful
            mysqli_stmt_bind_param($stmt, "s", $param) or die("bind param");
            mysqli_stmt_execute($stmt);
            //show number of rows
            mysqli_stmt_store_result($stmt);
            $row_count = mysqli_stmt_num_rows($stmt);
            printf("Number of rows: %d  <br>", $row_count);
            mysqli_stmt_bind_result($stmt, $leagueName, $sport);
            while (mysqli_stmt_fetch($stmt)) {
                echo "<form action='delete.php' method='POST'>\r\n\t\t\t\t\t           <input type='hidden' name='table' value='sport'>";
                echo "<tr>";
                //echo "<td><input class='btn btn-danger' type='submit' name='delete' value='Delete'></td>";
                echo '<td><input type="hidden" name="League" value="' . $leagueName . '">' . $leagueName . '</td>';
                echo '<td><input type="hidden" name="Sports" value="' . $sport . '">' . $sport . '</td>';
                echo "</tr>";
                echo "</form>";
            }
            mysqli_stmt_close($stmt);
        }
    }
    if ($_POST['region'] == "team") {
        echo "<thead>\r\n                               <tr>\r\n                                  <th></th>\r\n\t\t\t\t\t\t          <th>TeamName</th>\r\n\t\t\t\t\t\t          <th>League</th>\r\n\t\t\t\t\t          </tr>\r\n\t\t\t\t          </thead>";
        if ($stmt = mysqli_prepare($link, $sql)) {
            //prepare successful
            mysqli_stmt_bind_param($stmt, "s", $param) or die("bind param");
            mysqli_stmt_execute($stmt);
            //show number of rows
            mysqli_stmt_store_result($stmt);
            $row_count = mysqli_stmt_num_rows($stmt);
            printf("Number of rows: %d  <br>", $row_count);
            mysqli_stmt_bind_result($stmt, $teamName, $league);
            while (mysqli_stmt_fetch($stmt)) {
                echo "<form action='delete.php' method='POST'>\r\n\t\t\t\t\t         <input type='hidden' name='table' value='team'>";
                echo "<tr>";
                echo "<td><input class='btn btn-danger' type='submit' name='delete' value='Delete'></td>";
                echo '<td><input type="hidden" name="TeamName" value="' . $teamName . '">' . $teamName . '</td>';
                echo '<td><input type="hidden" name="League" value="' . $league . '">' . $league . '</td>';
                echo "</tr>";
                echo "</form>";
            }
            mysqli_stmt_close($stmt);
        }
    }
    if ($_POST['region'] == "game") {
        echo "<thead>\r\n                               <tr>\r\n                               <th></th>\r\n\t\t\t\t\t\t          <th>GameID</th>\r\n\t\t\t\t\t\t          <th>Home</th>\r\n\t\t\t\t\t\t          <th>Guest</th>\r\n\t\t\t\t\t\t          <th>GameTime</th>\r\n\t\t\t\t\t          </tr>\r\n\t\t\t\t          </thead>";
        if ($stmt = mysqli_prepare($link, $sql)) {
            //prepare successful
            mysqli_stmt_bind_param($stmt, "ss", $param, $param) or die("bind param");
            mysqli_stmt_execute($stmt);
            //show number of rows
            mysqli_stmt_store_result($stmt);
            $row_count = mysqli_stmt_num_rows($stmt);
            printf("Number of rows: %d  <br>", $row_count);
            mysqli_stmt_bind_result($stmt, $gameID, $home, $guest, $gameTime);
            while (mysqli_stmt_fetch($stmt)) {
                echo "<form action='delete.php' method='POST'>\r\n\t\t\t\t\t         <input type='hidden' name='table' value='game'>";
                echo "<tr>";
                echo "<td><input class='btn btn-danger' type='submit' name='delete' value='Delete'></td>";
                echo '<td><input type="hidden" name="GameID" value="' . $gameID . '">' . $gameID . '</td>';
                echo '<td><input type="hidden" name="Home" value="' . $home . '">' . $home . '</td>';
                echo '<td><input type="hidden" name="Guest" value="' . $guest . '">' . $guest . '</td>';
                echo '<td><input type="hidden" name="GameTime" value="' . $gameTime . '">' . $gameTime . '</td>';
                echo "</tr>";
                echo "</form>";
            }
            mysqli_stmt_close($stmt);
        }
    }
}
コード例 #29
0
 public function count()
 {
     return \mysqli_stmt_num_rows($this->res);
 }
コード例 #30
0
ファイル: login.php プロジェクト: ncs-jss/newMCQ-
function content()
{
    include "components/db_connect.php";
    $username = $_SESSION['username'];
    $query = "SELECT * FROM details WHERE email ='{$username}'";
    $result = mysqli_query($con, $query);
    $value = mysqli_fetch_array($result);
    $_SESSION['name'] = $value['name'];
    $logout_status = $value['Logout_status'];
    $query = "SELECT * FROM time_and_questions WHERE serial_num='1'";
    $result = mysqli_query($con, $query);
    $value = mysqli_fetch_array($result);
    setcookie("timer", $value['timer'], time() + 3600 * 24);
    $_SESSION['no_of_ques'] = $value['no_of_questions'];
    $query = "SELECT * FROM questions";
    $result = mysqli_prepare($con, $query);
    mysqli_stmt_execute($result);
    mysqli_stmt_store_result($result);
    $value = mysqli_stmt_num_rows($result);
    $_SESSION['arr'] = range(1, $value);
    shuffle($_SESSION['arr']);
    $_SESSION['completed'] = 0;
    $_SESSION['id'] = 0;
    $_SESSION['ansarray'] = array();
    $_SESSION['actualans'] = array();
    $_SESSION['ques_id'] = array();
    include "components/db_disconnect.php";
    if ($logout_status) {
        echo "<script>self.location='resume.php?logout_stat=1&us={$username}'</script>";
    } else {
        echo '<script>self.location="resume.php?logout_stat=0"</script>';
    }
}