function create_member($gatech_email, $first_name, $last_name, $password) { $insert_member = <<<SQL insert into tb_member ( first_name, last_name, gatech_email_address, display_email_address, password_hash ) values ( ?first_name?, ?last_name?, ?gatech_email?, ?gatech_email?, crypt( ?password?, gen_salt( 'bf' ) ) ) returning member SQL; $params = ['first_name' => $first_name, 'last_name' => $last_name, 'gatech_email' => $gatech_email, 'password' => $password]; begin_transaction(); $insert = query_execute($insert_member, $params); if (query_success($insert)) { $member_created = query_fetch_one($insert); $member_pk = $member_created['member']; $insert_role = <<<SQL insert into tb_member_role ( member, role ) values ( ?member?, ?role? ) SQL; $params = ['member' => $member_pk, 'role' => ROLE_MEMBER]; $result = query_execute($insert_role, $params); if (query_success($result)) { commit_transaction(); return $member_pk; } } rollback_transaction(); return false; }
loggedIn(); if (!isset($_POST["q1"]) || !isset($_POST["q2"]) || !isset($_POST["q3"]) || !isset($_POST["q4"]) || !isset($_POST["q5"]) || !isset($_POST["q6"]) || !isset($_POST["q7"]) || !isset($_POST["q8"]) || !isset($_POST["q9"]) || !isset($_POST["q10"])) { $_SESSION["SysMessage"] = "Please complete all the forms."; $_SESSION["SysDetails"] = "There is at least one question missing."; $_SESSION["SysType"] = 3; for ($i = 1; $i <= 10; $i++) { $_SESSION["q" . $i] = $_POST['q' . $i]; } go("../postnatal_depression_survey.php"); } //connect to db db_connect(); begin_transaction(); $query = sprintf("INSERT INTO Postnatal_Depression VALUES(%d,NOW(),'%s','%s','%s','%s','%s','%s','%s','%s','%s','%s');", $_SESSION['mid'], mysql_real_escape_string($_POST["q1"]), mysql_real_escape_string($_POST["q2"]), mysql_real_escape_string($_POST["q3"]), mysql_real_escape_string($_POST["q4"]), mysql_real_escape_string($_POST["q5"]), mysql_real_escape_string($_POST["q6"]), mysql_real_escape_string($_POST["q7"]), mysql_real_escape_string($_POST["q8"]), mysql_real_escape_string($_POST["q9"]), mysql_real_escape_string($_POST["q10"])); error_log($query); $result = mysql_query($query); if (!$result) { rollback_transaction(); error_log(mysql_error()); } $query = "UPDATE Mothers \n SET actions_required = (actions_required & ~" . ACTION_POSTNATAL_DEPRESSION . "),\n actions_completed = (actions_completed | " . ACTION_POSTNATAL_DEPRESSION . "),\n loginstep = 5\n WHERE mid = " . $_SESSION['mid'] . ";"; $result = mysql_query($query); if (!$result) { rollback_transaction(); error_log(mysql_error()); } commit_transaction(); $_SESSION["PerMessage"] = "Feedback entered correctly."; $_SESSION["PerDetails"] = ""; $_SESSION["PerType"] = 1; go("login.post.php");