/** * Create a new collection using an uri or a pattern * * f.ex. tag:foo, category:bar, title:*, *, user:bob * */ public function __construct($selection, Paginator $paginator = null) { // Create a collection from a tag, category, title, user etc. $db = new DatabaseConnection(); $sql = $db->quote('SELECT * FROM galleryitems'); $count = $db->quote('SELECT COUNT(*) AS numitems FROM galleryitems'); // If we have a paginator, make use of it if ($paginator) { $sql .= ' ' . $paginator->getSqlLimit(); } // Then select the rows and the total count $rs = $db->getRows($sql); $rsc = $db->getSingleRow($count); }
public function submitComment() { $conn = new DatabaseConnection(); if (!isset($_GET['replyid'])) { $sentence = 'CALL addComment(' . $_SESSION['bookid'] . ',' . $_SESSION['id'] . ",'" . $_POST['comment'] . "')"; } else { $sentence = 'CALL addReply(' . $_SESSION['bookid'] . ',' . $_SESSION['id'] . ',' . $conn->quote($_POST['reply']) . ',' . $_GET['replyid'] . ')'; } $conn->query($sentence); }
public function register($username, $city, $sex, $mail, $pass, $ver_pass) { if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) { return 'badmail'; } else { if ($pass != $ver_pass) { return 'passdontmatch'; } else { if (sizeof($username) < 1) { return 'nameerror'; } else { $conn = new DatabaseConnection(); $username = $conn->quoteConcat($username); $city = $conn->quoteConcat($city); $sex = $conn->quoteConcat($sex); $mail = $conn->quoteConcat($mail); $pass = $conn->quote($pass); $sentence = 'SELECT registro(' . $username . $city . $sex . $mail . $pass . ")"; $conn->singleton($sentence); return 'good'; } } } }
function getAutor($idAutor) { $conn = new DatabaseConnection(); $idAutor = $conn->quote($idAutor); return $conn->query('CALL datosAutor(' . $idAutor . ')'); }
public function add() { switch ($_GET['type']) { case 'book': $conn = new DatabaseConnection(); // Define the upload img directory $upload_dir = 'view/img/books/'; $def_book_pic = 'view/img/icon-default-book.png'; // If there's no picture selected if ($_FILES['picture']['error'] == 4) { if ($_POST['def_pic'] == $def_book_pic) { // If the picurl is the same as that of default picurl $sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($def_book_pic) . ')'; } else { // Else, it means that it already has a default picture, so it keeps it $sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($_POST['def_pic']) . ')'; } } else { // Now we define the name of the file $filename = $upload_dir . basename($_FILES['picture']['name']); // nombre del archivo // If the name of the picture is different if ($filename != $_POST['def_pic']) { // Erase the stored picture unlink($_POST['def_pic']); } move_uploaded_file($_FILES['picture']['tmp_name'], $filename); $sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($filename) . ')'; } $conn->query($sentence); break; case 'author': $conn = new DatabaseConnection(); // Define the upload img directory $upload_dir = 'view/img/authors/'; $def_user_pic = 'view/img/authors/icon-user-default.png'; // If no file is selected if ($_FILES['picture']['error'] == 4) { if ($_POST['def_pic'] == $def_user_pic) { $sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($def_user_pic) . ')'; } else { $sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($_POST['def_pic']) . ')'; } } else { // Now we define the name of the file $filename = $upload_dir . basename($_FILES['picture']['name']); // Name of the file $sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($filename) . ')'; move_uploaded_file($_FILES['picture']['tmp_name'], $filename); } $conn->query($sentence); break; case 'editorial': $conn = new DatabaseConnection(); $sentence = 'INSERT INTO editorial (nombre_editorial, pais_editorial, fundador, fundacion) VALUE (' . $conn->quoteConcat($_POST['nombre_editorial']) . $conn->quoteConcat($_POST['pais_editorial']) . $conn->quoteConcat($_POST['fundador']) . $_POST['fundacion'] . ')'; $conn->query($sentence); break; case 'genre': $conn = new DatabaseConnection(); $conn->query('INSERT INTO genero (descripcion_genero) VALUE (' . $conn->quote($_POST['descripcion_genero']) . ')'); break; case 'reader': $conn = new DatabaseConnection(); // Define the upload img directory $upload_dir = 'view/img/users/'; $def_user_pic = 'view/img/icon-user-default.png'; // If there's no picture selected if ($_FILES['picture']['error'] == 4) { $sentence = 'CALL agregaUsuario(' . $conn->quote($_POST['nombre_lector']) . ',' . $conn->quote($_POST['ciudad_lector']) . ',' . $conn->quote($_POST['sexo']) . ',' . $conn->quote($_POST['email']) . ',' . $conn->quote($_POST['password']) . ',' . $conn->quote($_POST['def_pic']) . ',' . $_POST['id_tipo_usuario'] . ')'; } else { // Now we define the name of the file $filename = $upload_dir . $_SESSION['id_lector'] . '.' . pathinfo($_FILES['picture']['name'], PATHINFO_EXTENSION); // nombre del archivo // If the name of the picture is different if ($filename != $_POST['def_pic'] && $_POST['def_pic'] != $def_user_pic) { // Erase the stored picture unlink($_POST['def_pic']); } move_uploaded_file($_FILES['picture']['tmp_name'], $filename); $sentence = 'CALL agregaUsuario(' . $conn->quote($_POST['nombre_lector']) . ',' . $conn->quote($_POST['ciudad_lector']) . ',' . $conn->quote($_POST['sexo']) . ',' . $conn->quote($_POST['email']) . ',' . $conn->quote($_POST['password']) . ',' . $conn->quote($filename) . ',' . $_POST['id_tipo_usuario'] . ')'; } $conn->query($sentence); break; } }
public function quote($string, $parameter_type = \PDO::PARAM_STR) { return $this->connection->quote($string, $parameter_type); }
function logout() { $conn = new DatabaseConnection(); $conn->singleton('SELECT logout(' . $conn->quote($_SESSION['mail']) . ')'); }
private function geoLocationInsertBatch($batch) { $db = new DatabaseConnection(); $sql = 'REPLACE INTO geonames VALUES '; $rowdata = array(); foreach ($batch as $row) { foreach ($row as $id => $data) { $row[$id] = $db->quote($data); } $rowdata[] = "(" . join(",", $row) . ")"; } $this->records += count($rowdata); $sql .= join(',', $rowdata); try { $db->exec($sql); } catch (Exception $e) { echo $e; die; } }
public function searchBook($searchstring) { $conn = new DatabaseConnection(); $searchstring = $conn->quote('.*' . $searchstring . '.*'); return $conn->query('CALL searchBook(' . $searchstring . ')'); }