function mysql_escape_string($string = NULL) { return pdo_escape_string(func_get_args()); }
function language__multiselectfield_item($content_type, $ptablevarname, $formfieldvarname, $selected, $language = "", $existing = false, $where = '', $show_count = false, $multi = true, $mpoptions = array()) { if (!$language) { global $lang; $language = lang('lang'); } $items = array(); $pars = array(':content_type' => $content_type); $query = "SELECT *, " . lang('lang') . " AS item\n FROM " . table('lang') . "\n WHERE content_type= :content_type\n ORDER BY " . pdo_escape_string($language); $result = or_query($query, $pars); while ($line = pdo_fetch_assoc($result)) { $items[$line['content_name']] = stripslashes($line['item']); } $mylist = array(); if (!$existing) { $mylist = $items; } else { $query = "SELECT count(*) as tf_count, " . pdo_escape_string($ptablevarname) . " as tf_value\n FROM " . table('participants') . "\n WHERE " . table('participants') . ".participant_id IS NOT NULL "; if ($where) { $query .= " AND " . $where . " "; } $query .= " GROUP BY " . pdo_escape_string($ptablevarname) . "\n ORDER BY " . pdo_escape_string($ptablevarname); $result = or_query($query); while ($line = pdo_fetch_assoc($result)) { $thisname = ""; if (isset($items[$line['tf_value']])) { $thisname .= $items[$line['tf_value']]; } elseif ($line['tf_value'] == 0) { $thisname .= '-'; } else { $thisname .= $line['tf_value']; } if ($show_count) { $thisname .= ' (' . $line['tf_count'] . ')'; } $mylist[$line['tf_value']] = $thisname; } } $out = ""; if (!is_array($mpoptions)) { $mpoptions = array(); } if (!isset($mpoptions['picker_icon'])) { $mpoptions['picker_icon'] = 'bars'; } if ($multi) { $out .= get_multi_picker($formfieldvarname, $mylist, $selected, $mpoptions); } else { $out .= '<SELECT name="' . $formfieldvarname . '"> <OPTION value=""'; if (!is_array($selected) || count($selected) == 0) { $out .= ' SELECTED'; } $out .= '>-</OPTION> '; foreach ($mylist as $k => $v) { $out .= '<OPTION value="' . $k . '"'; if (is_array($selected) && $selected[0] == $out || $selected == $k) { $out .= ' SELECTED'; } $out .= '>' . $v . '</OPTION> '; } $out .= '</SELECT> '; } return $out; }
function or_nonparam_query($query, $pars = array()) { if (isset($pars[0]) && is_array($pars[0])) { $query = $query . ' with ' . count($pars) . ' sets of parameters'; } else { foreach ($pars as $k => $v) { $query = str_replace($k, pdo_escape_string($v), $query); } } return $query; }
//function setDeleteFlag(){ if (isset($_GET["w1"]) && isset($_GET["w2"])) { $deleteName = $_GET["w1"]; $deleteDescr = $_GET["w2"]; $host = 'dbserver.engr.scu.edu'; $username = '******'; $password = '******'; $database = 'sdb_pnguyen'; if (!($conn = pdo_connect("{$host}", $username, $password))) { die('Error connecting to ' . host . '. ' . pdo_error()); } if (!pdo_select_db($database, $conn)) { die('Error selecting ' . $database . '. ' . pdo_error()); } $deleteName = pdo_escape_string($deleteName); $deleteDescr = pdo_escape_string($deleteDescr); $newQuery = "UPDATE `enqueue` SET `isSolved` = '1', `TimeOut` = now() WHERE `reqDescrip` LIKE '%{$deleteDescr}%' AND `studentName` LIKE '%{$deleteName}%'"; if (pdo_query($newQuery)) { } else { echo 'update not complete'; die(pdo_error()); } // } } if (isset($_POST["savebutton"])) { $host = 'dbserver.engr.scu.edu'; $username = '******'; $password = '******'; $database = 'sdb_pnguyen'; if (!($conn = pdo_connect("{$host}", $username, $password))) { die('Error connecting to ' . host . '. ' . pdo_error());
$user = $_SESSION['tit']['username']; $now = date("Y-m-d H:i:s"); if (trim($description) != '') { $query = "INSERT INTO comments (issue_id, description, user, entrytime) values('{$issue_id}','{$description}','{$user}','{$now}')"; // create $db->exec($query); } if ($NOTIFY["COMMENT_CREATE"]) { notify($id, "[{$TITLE}] New Comment Posted", "New comment posted by {$user}\r\nTitle: " . get_col($id, "issues", "title") . "\r\nURL: http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}?id={$issue_id}"); } header("Location: {$_SERVER['PHP_SELF']}?id={$issue_id}"); } // Delete Comment if (isset($_GET["deletecomment"])) { $id = pdo_escape_string($_GET['id']); $cid = pdo_escape_string($_GET['cid']); // only comment poster or admin can delete comment if ($_SESSION['tit']['admin'] || $_SESSION['tit']['username'] == get_col($cid, "comments", "user")) { $db->exec("DELETE FROM comments WHERE id='{$cid}'"); } header("Location: {$_SERVER['PHP_SELF']}?id={$id}"); } // // FUNCTIONS // // PDO quote, but without enclosing single-quote function pdo_escape_string($str) { global $db; $quoted = $db->quote($str); return $db->quote("") == "''" ? substr($quoted, 1, strlen($quoted) - 2) : $quoted;
$host = 'dbserver.engr.scu.edu'; $username = '******'; $password = '******'; $database = 'sdb_pnguyen'; if (!($conn = pdo_connect("{$host}", $username, $password))) { die('Error connecting to ' . host . '.' . pdo_error()); } if (!pdo_select_db($database, $conn)) { die('Error selecting ' . $database . '. ' . pdo_error()); } // $studentName = $_POST['name']; $studentName = $_SESSION['userName']; $descr = $_POST['description']; $category = $_POST['category']; $classID = $_SESSION['classID']; $className = "COEN175"; $instrName = "Nate"; $isSolved = 1; $studentName = pdo_escape_string($studentName); $descr = pdo_escape_string($descr); $countQuery = "SELECT * FROM `enqueue` WHERE `classID` = '{$classID}'"; $getCountQuery = pdo_query($countQuery); $row_count = pdo_num_rows($getCountQuery); $NewRequestQuery = "INSERT INTO `enqueue` (`classID`, `reqCount`, `order`, `className`, `instructorName`, `studentName`,`reqDescrip`, `category`, `timeIn`, `timeSpent`, `isSolved`) VALUES ('{$classID}', '{$row_count}', '100', 'none','none', '{$studentName}', '{$descr}', '{$category}', now(),'0', '0')"; if (pdo_query($NewRequestQuery)) { } else { echo 'insert not completed'; die(pdo_error()); } header("Location:student_session_page.php?"); }
session_start(); include_once "pdo_mysql.php"; $username = '******'; $password = '******'; $host = 'dbserver.engr.scu.edu'; $database = 'sdb_pnguyen'; if (!($server = pdo_connect("{$host}", $username, $password))) { die('Error connecting to ' . $host . '.' . pdo_error()); } if (!($conn = pdo_select_db($database, $server))) { die('Error selecting ' . $database . '.' . pdo_error()); } $username = $_POST['login']; $password = $_POST['password']; $username = pdo_escape_string($username); $password = pdo_escape_string($password); $result = "SELECT `user` FROM `enqueue_login` WHERE `email` = '{$username}' AND `password` = '{$password}' AND `isInstructor` = 1"; //$instructorquery = pdo_query($result); $result2 = "SELECT `user` FROM `enqueue_login` WHERE `email` = '{$username}' AND `password` = '{$password}' AND `isInstructor` = 0"; //$studentquery = pdo_query($result2); /* if(pdo_num_rows($instructorquery)==0 && pdo_num_rows($studentquery) == 0){ header("Location: landing_page.php"); } else if(pdo_num_rows($studentquery > 0)){ header( "Location: student_landing_page.php" ); } else if(pdo_num_rows($instructorquery > 0)){ header( "Location: instructor_landing_page.html" ); }*/ $instructorquery = pdo_query($result); if (pdo_num_rows($instructorquery) > 0) {