function getPostInput() { $guessedCode = testInput($_POST["letter0"]); while (strlen($guessedCode) < 4) { $guessedCode = $guessedCode . "?"; } $guessedCode = substr($guessedCode, 0, 4); $guessedCode = strtoupper($guessedCode); return $guessedCode; }
function validate($postItem, $fName, $regex, $message) { var_dump($_POST); if (empty($_POST[$postItem]) || $_POST[$postItem] == " ") { $validationPassed = false; return $fName . " is required"; // If so, error } else { $data = testInput($_POST[$postItem]); if (!preg_match($regex, $data)) { $validationPassed = false; return $message; } preg_replace("/\\s{2,}/", " ", $_POST[$postItem]); //replace multiple spaces with a single space return $data; } }
function processCheckIn($rfid) { $errors = 0; $processCheckInMessage = ""; $rfid = testInput($rfid); $date = date('Y-m-d H:i:s'); if (getMemberInfoByRFID($rfid, 'k.serial')["serial"] != null) { if (getMemberInfoByRFID($rfid, "c.active")["active"] == 0) { // check if user is active if (!createLog(getMemberInfoByRFID($rfid, "c.cid")["cid"], $date)) { // create a log with the current date $errors = 1; $processCheckInMessage .= 'Could not create a new log in the database!'; die; } else { if (!updateContactCheckinStatus($date, getMemberInfoByRFID($rfid, "c.cid")["cid"], 1)) { // update user table, set active to 1 and insert last checkin time $errors = 1; $processCheckInMessage .= 'Could not update member status when checking in!'; die; } else { $processCheckInMessage .= "Checkin successful!"; } } } else { if (!updateContactCheckinStatus($date, getMemberInfoByRFID($rfid, "c.cid")["cid"], 0)) { // update user table, set active to 0 and insert last checkout time $errors = 1; $processCheckInMessage .= 'Could not update member status when checking out!'; die; } else { if (!updateLog(getMemberInfoByRFID($rfid, "c.cid")["cid"], $date, getMemberInfoByRFID($rfid, "c.last_checkin_time")["last_checkin_time"])) { // close log, insert checkout time (current date time) $errors = 1; $processCheckInMessage .= 'Could not close the log for user check out!'; die; } else { $processCheckInMessage .= "Checkout successful!"; } } } } else { $errors = 1; $processCheckInMessage .= "RFID key not found in the database!"; } if ($errors == 1) { $processCheckInMessage = 'ERROR: ' . $processCheckInMessage; // in case there are errors, add 'ERROR: ' at the beginning of a status message. $response['hasErrors'] = $errors; $response['message'] = $processCheckInMessage; } else { $response['hasErrors'] = $errors; $response['message'] = $processCheckInMessage; $response['firstName'] = getMemberInfoByRFID($rfid, 'c.firstName')["firstName"]; $response['lastName'] = getMemberInfoByRFID($rfid, 'c.lastName')["lastName"]; $response['lastCheckInTime'] = getMemberInfoByRFID($rfid, 'c.last_checkin_time')["last_checkin_time"]; $response['lastCheckOutTime'] = getMemberInfoByRFID($rfid, 'c.last_checkout_time')["last_checkout_time"]; } return $response; }
$new_target_file = $target_dir . $new_file_name; // Check if image file is a actual image or fake image if (isset($_POST["submit"])) { $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); if ($check !== false) { // echo "File is an image - " . $check["mime"] . "."; $uploadOk = 1; } else { // echo "File is not an image."; $uploadOk = 0; } } // define variables and set to empty values $product_id = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $product_id = testInput($_POST["product_id"]); } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { // echo "Sorry, your file was not uploaded."; header("Location: admin_product_view.php?id={$product_id}&success=false&command=upload&reason=0"); die; // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $new_target_file)) { // echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; } else { // echo "Sorry, there was an error uploading your file."; header("Location: admin_product_view.php?id={$product_id}&success=false&command=upload&reason=1"); die; }
<?php require "functions/config.php"; $column = testInput($_GET['column']); if (!empty($_SESSION)) { switch ($column) { case 'explore': $pageTitle = "发现 - 探索"; $pageRequired = "explore.php"; break; case 'setting': $pageTitle = "设置 - 探索"; $pageRequired = "setting.php"; break; case 'hotaeras': $pageTitle = "热门地区 - 探索"; $pageRequired = "hotaeras.php"; break; case 'notifications': $pageTitle = "消息通知 - 探索"; $pageRequired = "notifications.php"; break; default: $pageTitle = "探索"; header("Location:index.php"); break; } } else { header("Location:index.php"); } require "includes/header.php";
if (empty($_POST["email"])) { $emailErr = "Email is required"; $validationPassed = false; } else { $email = testInput($_POST["email"]); // check if e-email address syntax is valid if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) { $emailErr = "Invalid email format"; $validationPassed = false; } } if (empty($_POST["password"])) { $passwordErr = "Password is required"; $validationPassed = false; } else { $password = testInput($_POST["password"]); } /*if ($validationPassed == true) { echo "validation passed :)"; } else { echo "validation didn't pass :("; }*/ } include "colourapply.php"; function testInput($data) { $data = trim($data); $data = stripslashes($data);
if (strlen($_POST['location']) < 1) { $locationError = "Please enter your current location"; } else { $locationError = ""; $location = testInput($_POST['location']); } //Destination error check if (strlen($_POST['destination']) < 1) { $destinationError = "Please enter where you want to go"; } else { $destinationError = ""; $destination = testInput($_POST['destination']); } //Comments error check $commentsError = ""; $comments = testInput($_POST['comments']); //If errors are clear, send data to the database if ($eidError == "" & $commentsError == "" & $numInPartyError == "" & $locationError == "" & $destinationError == "" & $phoneNumberError == "") { date_default_timezone_set("America/Detroit"); $timeStamp = date("Y-m-d H:i:s"); $sql = "INSERT INTO escorts (DateTimeSubmitted, EID, NumberInParty, Location, Destination, Comments, PhoneNumber) \n VALUES ('" . $timeStamp . "', '" . $_SESSION['eid'] . "', '" . $numInParty . "', '" . $location . "', '" . $destination . "', '" . $comments . "', '" . $phoneNumber . "')"; //$sql = "INSERT INTO escorts (EID, FirstName, LastName, NumberInParty, Location, Destination, Comments, PhoneNumber, DateTimeSubmitted) //VALUES ('$_POST[eid]', '$_POST[firstName]', '$_POST[lastName]', '$_POST[numberInParty]', '$_POST[location]', '$_POST[destination]', '$_POST[comments]', '$_POST[phoneNumber]', '$timeStamp')"; $con->query($sql); } } ?> <!DOCTYPE html> <html> <head> <title>Welcome to SEEUS</title>
// If so, error $validationPassed = false; } else { $itemDescription = testInput($itemDescription); if (!preg_match($stringRegex, $itemDescription)) { $itemDescriptionErr = "Only text, whitespace and quotes!"; $validationPassed = false; } preg_replace("/\\s{2,}/", " ", $itemDescription); } if (empty($itemPrice) || $itemPrice == " ") { $itemPriceErr = "Item price is required"; // If so, error $validationPassed = false; } else { $itemPrice = testInput($itemPrice); if (!preg_match($decimalNumberRegex, $itemPrice)) { $itemPriceErr = "Incorrect format!"; $validationPassed = false; } preg_replace("/\\s{2,}/", " ", $itemPrice); } if ($validationPassed == true) { $connection = mysql_connect("exampleDBaddress", "exampleDBusername", "exampleDBpassword"); mysql_select_db("newport_takeaway") or die("cannot select DB"); $result = mysql_query("UPDATE items SET itemName='" . $itemName . "',itemDescription='" . $itemDescription . "',itemPrice='" . $itemPrice . "' WHERE itemID='" . $itemID . "';"); mysql_close($connection); $done = true; } } else { if (isset($_GET['ID'])) {
<?php include "include/include_pre.php"; requireSignin(TRUE); requireLevel(0); $conn = connect_db($db_server, $db_username, $db_password, $db_dbname); // define variables and set to empty values $photo_id = $product_id = $photo_name = ""; if ($_SERVER["REQUEST_METHOD"] == "GET") { $photo_id = testInput($_GET["photo_id"]); $product_id = testInput($_GET["product_id"]); $photo_name = testInput($_GET["photo_name"]); } unlink("photos/" . $photo_name); // die(); $sql = "DELETE FROM product_photos\n WHERE id={$photo_id};"; // echo $sql; if ($conn->query($sql) === TRUE) { header("Location: admin_product_view.php?id={$product_id}&success=true&command=delete"); die; } else { // echo "Error: " . $sql . "<br>" . $conn->error; if (strrpos($conn->error, "Duplicate") !== false) { echo "Duplicate"; } else { echo $conn->error; } }
<?php require '..\\functions\\config.php'; //getSharing.php?uid=15 $uid = testInput($_GET['uid']); $flag = 0; if (strlen($uid) == 0) { echo 'the value of uid can not be NULL'; $flag = $flag - 1; } if ($flag >= 0) { if (!$pdo) { echo '-1'; //链接数据库失败 } elseif (empty($_SESSION)) { echo '-2'; //用户没有登录 } else { $getSha = new sharingCls($pdo); $sharingList = $getSha->loadSharing($uid); $getUser = new userProfile($pdo); $userlist = $getUser->loadProfile($_SESSION['userid']); arsort($sharingList); foreach ($sharingList as $key => $value) { $jsonData = $jsonData . '{"face":"' . $userlist->getFace() . '","name":"' . $userlist->getName() . '","uid":"' . $value->getUid() . '","time":"' . $value->getTime() . '","sharingType":"' . $value->getSharingType() . '","img":"' . $value->getImg() . '","content":"' . $value->getContent() . '","commentNum":"' . $value->getCommentAmount() . '","likeNum":"' . $value->getLikeAmount() . '","dislikeNum":"' . $value->getDislikeAmount() . '"},'; } $jsonData = substr_replace($jsonData, "", -1, 1); echo "{sharing:[" . $jsonData . "]}"; } } session_write_close();
$name = testInput($_POST["name"]); } if (!empty($_POST["description"])) { $description = testInput($_POST["description"]); } if (!empty($_POST["price"])) { $price = testInput($_POST["price"]); } if (!empty($_POST["image"])) { $image = testInput($_POST["image"]); } if (!empty($_POST["is_active"])) { $is_active = testInput($_POST["is_active"]); } if (!empty($_POST["vendor"])) { $vendor = testInput($_POST["vendor"]); } } if ($user['role']) { echo "<h2>admin: " . $_SESSION['user_id'] . "</h2>"; } else { echo "<h2>user: "******"</h2>"; } ?> <link rel="stylesheet" href="style.css"> <a class="logout" href="/logout.php">Log out</a> <?php if ($user['role']) { ?> <form class="add" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);
$data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); $data = mysql_real_escape_string($data); return $data; } if ($_SERVER["REQUEST_METHOD"] == "POST") { if (isset($_SESSION['loggedInUserID'])) { $UID = $_SESSION['loggedInUserID']; $connection = mysql_connect("exampleDBaddress", "exampleDBusername", "exampleDBpassword"); mysql_select_db("newport_takeaway") or die("cannot select DB"); $result = mysql_query("SELECT Admin FROM users WHERE UserID = '{$UID}'"); $isAdmin = mysql_fetch_assoc($result); } if (!empty($_POST["searchBox"])) { $searchTerm = testInput($_POST["searchBox"]); // Use the testInput function below to strip any unwanted characters $connection = mysql_connect("exampleDBaddress", "exampleDBusername", "exampleDBpassword"); mysql_select_db("newport_takeaway") or die("cannot select DB"); $result = mysql_query("SELECT * FROM `items` WHERE itemName LIKE '%{$searchTerm}%' OR itemDescription LIKE '%{$searchTerm}%' ORDER BY itemName ASC;"); $searchResults = "<table id=\"basicTable\" style=\"margin:0 auto;width:800px;\" >"; $searchResults .= "<tr>"; $searchResults .= "<th>Name</th>"; $searchResults .= "<th>Description</th>"; $searchResults .= "<th>Price</th>"; if (isset($_SESSION['loggedInUserID'])) { $searchResults .= "<th>Add</th>"; if (isset($isAdmin['Admin']) && $isAdmin['Admin'] == 1) { $searchResults .= "<th>Edit</th>"; $searchResults .= "<th>Delete</th>"; }
<?php include "include/include_pre.php"; requireSignin(TRUE); requireLevel(0); $conn = connect_db($db_server, $db_username, $db_password, $db_dbname); // define variables and set to empty values $inputName = $inputType = $inputPrice = $inputType = $optionsActive = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $inputName = testInput($_POST["inputName"]); $inputType = testInput($_POST["inputType"]); $inputPrice = testInput($_POST["inputPrice"]); $inputUnit = testInput($_POST["inputUnit"]); $optionsActive = testInput($_POST["optionsActive"]); $barcode = "P" . date("YmdHis"); } $sql = "INSERT INTO products (name, price, unit, type, is_active, barcode, created_at, updated_at)\n VALUES ('{$inputName}', {$inputPrice}, '{$inputUnit}', '{$inputType}', {$optionsActive}, '{$barcode}', now(), now() )"; // echo $sql; if ($conn->query($sql) === TRUE) { header("Location: admin_products_view.php?success=true&command=add"); die; } else { // echo "Error: " . $sql . "<br>" . $conn->error; if (strrpos($conn->error, "Duplicate") !== false) { // echo "Duplicate"; header("Location: admin_products_view.php?success=false&command=add&reason=duplicate"); die; } else { echo $conn->error; } }
<?php require "functions/config.php"; $userAccount = testInput($_GET['people']); //初始化个人信息 $user = new userProfile($pdo); $usercls = $user->loadProfile($userID); if ($userID = $user->userIsExist($userAccount)) { //初始化关注/粉丝数据信息 $focls = new followCls($pdo); //初始化个人分享 $shacls = new sharingCls($pdo); $shalist = $shacls->loadSharing($userID[0]); if (!empty($_SESSION)) { $pageTitle = "{$userAccount} - 探索"; } else { header("Location:index.php"); } require "includes/header.php"; ?> <div class="people-user-background-detail"> <div class="people-user-heading"> <div class="people-user-heading-left"> <img src="user/ivydom/background-blur.jpg" alt="i<?php echo $usercls->getName(); ?> " width="260" height="265"> <div class="people-user-heading-left-detail"> <div class="people-user-photo"> <img src="<?php
static function insertProposal($props, $project_id) { if (!$props) { drupal_set_message(t('Insert requested with empty (filtered) data set'), 'error'); return false; } global $user; $txn = db_transaction(); try { $uid = $user->uid; if (!Users::isOfType(_STUDENT_TYPE, $uid)) { drupal_set_message(t('You must be a student to submit a proposal'), 'error'); return false; } $project = Project::getProjectById($project_id); $student_details = Users::getStudentDetails($uid); $props['owner_id'] = $uid; $props['org_id'] = $project['org_id']; $props['inst_id'] = $student_details->inst_id; $props['supervisor_id'] = altSubValue($props, 'supervisor_id', 0) ?: $student_details->supervisor_id; $props['pid'] = $project['pid']; if (!isset($props['state'])) { $props['state'] = 'draft'; } if (!testInput($props, array('owner_id', 'org_id', 'inst_id', 'supervisor_id', 'pid', 'title'))) { return FALSE; } try { // inserts where the field length is exceeded fails silently here // i.e. the date strinf is too long for the mysql field type $id = db_insert(tableName(_PROPOSAL_OBJ))->fields($props)->execute(); } catch (Exception $e) { drupal_set_message($e->getMessage(), 'error'); } if ($id) { //TODO: notify mentor??? drupal_set_message(t('Note that you have only saved your proposal: you can continue editing it later.')); return $id; } else { drupal_set_message(t('We could not add your proposal. ') . (_DEBUG ? '<br/>' . getDrupalMessages() : ""), 'error'); } return $result; } catch (Exception $ex) { $txn->rollback(); drupal_set_message(t('We could not add your proposal.') . (_DEBUG ? $ex->__toString() : ''), 'error'); } return FALSE; }
if (empty($_POST["email"])) { $emailErr = "Email is required"; $validationPassed = false; } else { $email = testInput($_POST["email"]); // check if e-email address syntax is valid if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) { $emailErr = "Invalid email format"; $validationPassed = false; } } if (empty($_POST["enquiry"])) { $enquiryErr = "Enquiry is required"; $validationPassed = false; } else { $enquiry = testInput($_POST["enquiry"]); } /* mail( '*****@*****.**', 'Works!', 'An email has been generated from your localhost, congratulations!');*/ if ($validationPassed == true) { require_once 'PHPMailer-master/class.phpmailer.php'; $mail = new PHPMailer(); // create a new object $mail->IsSMTP(); // enable SMTP $mail->SMTPDebug = 0; // debugging: 1 = errors and messages, 2 = messages only $mail->SMTPAuth = true;
$newEmail = testInput($_POST['newEmail']); if (strlen($newEmail) == 0) { echo '邮箱不能为空'; } else { if (!$logUser->changeEmail($_SESSION['userid'], $newEmail)) { echo '修改失败'; } else { echo '修改成功'; } } } //修改密码 if ($_POST['alterPw'] == 'alterPw') { $oldPw = testInput($_POST['originalPw']); $newPw = testInput($_POST['newPw']); $pwConfirmed = testInput($_POST['pwConfirmed']); if (strlen($oldPw) == 0 || strlen($newPw) == 0 || strlen($pwConfirmed) == 0) { echo '请认真填写所需信息'; } else { if (!$logUser->checkPassword($_SESSION['userid'], $oldPw)) { echo $_SESSION['userid']; echo '旧密码不符合'; } elseif (!($newPw == $pwConfirmed)) { echo '两次输入密码不一致'; } else { if (!$logUser->changePassword($_SESSION['userid'], $newPw)) { echo '更改失败'; } else { //成功 } }
<?php include "include/include_pre.php"; requireSignin(TRUE); requireLevel(0); $conn = connect_db($db_server, $db_username, $db_password, $db_dbname); // define variables and set to empty values $inputFirstname = $inputLastname = $inputTel = $inputLine = $inputEmail = $inputAddress = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $inputFirstname = testInput($_POST["inputFirstname"]); $inputLastname = testInput($_POST["inputLastname"]); $inputTel = testInput($_POST["inputTel"]); $inputLine = testInput($_POST["inputLine"]); $inputEmail = testInput($_POST["inputEmail"]); $inputAddress = testInput($_POST["inputAddress"]); $source = testInput($_POST["source"]); $inputFirstname = $conn->real_escape_string($inputFirstname); $inputLastname = $conn->real_escape_string($inputLastname); $inputTel = $conn->real_escape_string($inputTel); $inputLine = $conn->real_escape_string($inputLine); $inputEmail = $conn->real_escape_string($inputEmail); $inputAddress = $conn->real_escape_string($inputAddress); $source = $conn->real_escape_string($source); } $sql = "INSERT INTO customers (firstname, lastname, tel, line_id, email, address, created_at, updated_at)\n VALUES ('{$inputFirstname}', '{$inputLastname}', '{$inputTel}', '{$inputLine}', '{$inputEmail}', '{$inputAddress}', now(), now() )"; // echo $sql; if ($conn->query($sql) === TRUE) { header("Location: {$source}?success=true&command=add"); die; } else { // echo "Error: " . $sql . "<br>" . $conn->error;
if (empty($_POST['eid'])) { $eidError = "Your EID is required"; } elseif (strlen($_POST['eid']) != 8 | !is_numeric($_POST['eid'])) { $eidError = "Invalid EID"; } elseif ($con->query("SELECT EID from users WHERE EID = '" . $_POST['eid'] . "' LIMIT 1")->num_rows == 1) { $eidError = "This EID is already registered."; } else { $eidError = ""; $eid = testInput($_POST['eid']); } //Phone number error check if (!is_numeric($_POST['phoneNumber']) & !empty($_POST['phoneNumber']) | !empty($_POST['phoneNumber']) & strlen($_POST['phoneNumber']) != 10) { $phoneNumberError = "Invalid phone number"; } else { $phoneNumberError = ""; $phoneNumber = testInput($_POST['phoneNumber']); } //If errors are clear, send data to the database if ($emailError == "" & $passwordError == "" & $firstNameError == "" & $lastNameError == "" & $eidError == "" & $phoneNumberError == "") { date_default_timezone_set("America/Detroit"); $timeStamp = date("Y-m-d H:i:s"); $sql = "INSERT INTO users (EID, email, Password, FirstName, LastName, PhoneNumber, DateTimeCreated) \n VALUES ('" . $eid . "', '" . $email . "', '" . $password . "', '" . $firstName . "', '" . $lastName . "', '" . $phoneNumber . "', '" . $timeStamp . "')"; $con->query($sql); } } ?> <!DOCTYPE html> <html> <head> <title>Welcome to SEEUS</title>
<?php include "include/include_pre.php"; requireSignin(TRUE); requireLevel(0); $conn = connect_db($db_server, $db_username, $db_password, $db_dbname); // define variables and set to empty values $inputId = ""; if ($_SERVER["REQUEST_METHOD"] == "GET") { $inputId = testInput($_GET["id"]); } // die(); $sql = "DELETE FROM users\n WHERE id={$inputId};"; // echo $sql; if ($conn->query($sql) === TRUE) { header("Location: admin_users_view.php?success=true&command=delete"); die; } else { // echo "Error: " . $sql . "<br>" . $conn->error; if (strrpos($conn->error, "Duplicate") !== false) { echo "Duplicate"; } else { echo $conn->error; } }
} else { $logUser = $accEx->loginIn($email, $password); if (!$logUser) { echo '登录失败'; } else { $_SESSION['username'] = $name; $_SESSION['useremail'] = $email; $_SESSION['userid'] = $logUser->getUid(); header('Location:index.php'); } } } if ($_POST['eReg'] == 'eReg') { $email = testInput($_POST['eEmail']); $name = testInput($_POST['eName']); $password = testInput($_POST['ePassword']); if (strlen($email) == 0 || strlen($name) == 0 || strlen($password) == 0) { echo '邮箱,名字或密码不能为空'; } else { $regResult = $accEx->regExplore($email, $name, $password); if (!$regResult) { echo '注册失败'; } elseif ($regResult === -1) { echo '名字重复'; } elseif ($regResult === -2) { echo '邮箱重复'; } else { //配置SESSION,用户登录记录 $_SESSION['username'] = $name; $_SESSION['useremail'] = $email; $_SESSION['userid'] = $pdo->lastInsertId() + 4;
<?php include "include/include_pre.php"; requireSignin(TRUE); requireLevel(0); $conn = connect_db($db_server, $db_username, $db_password, $db_dbname); // define variables and set to empty values $inputName = $inputEmail = $inputPassword = $optionsPermission = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $inputName = testInput($_POST["inputName"]); $inputEmail = testInput($_POST["inputEmail"]); $inputPassword = testInput($_POST["inputPassword"]); $optionsPermission = testInput($_POST["optionsPermission"]); } $sql = "INSERT INTO users (name, email, password, level, created_at, updated_at)\n VALUES ('{$inputName}', '{$inputEmail}', '{$inputPassword}', {$optionsPermission}, now(), now() )"; // echo $sql; if ($conn->query($sql) === TRUE) { header("Location: admin_users_view.php?success=true&command=add"); die; } else { // echo "Error: " . $sql . "<br>" . $conn->error; if (strrpos($conn->error, "Duplicate") !== false) { // echo "Duplicate"; header("Location: admin_users_view.php?success=false&command=add&reason=duplicate"); die; } else { echo $conn->error; } }
<?php require '..\\functions\\config.php'; //newSharing.php?method=new&uid=15&content=2333333&type=public&img=0&sharingID=0 $method = testInput($_GET['method']); //delete||new $uid = testInput($_GET['uid']); $content = testInput($_GET['content']); $type = testInput($_GET['type']); //public||private $img = testInput($_GET['img']); //没有写0 $sharingID = testInput($_GET['sharingID']); $requestQueue = array('method' => $method, 'uid' => $uid, 'content' => $content, 'type' => $type, 'img' => $img, 'sharingID' => $sharingID); $flag = 0; foreach ($requestQueue as $key => $value) { if (strlen($value) == 0) { echo "the value of {$key} can not be NULL<br>"; $flag = $flag - 1; } } if ($flag >= 0) { if (!$pdo) { echo '-1'; //链接数据库失败 } elseif (empty($_SESSION)) { echo '-2'; //用户没有登录 } else { $newSha = new sharingCls($pdo); switch ($method) {