<?php
$iniArray = parse_ini_file("nextsurvey.ini.php");
$db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']);
$action = !empty($_POST['action']) ? $_POST['action'] : '';
switch ($action) {
case 'saveResponses':
$dbUserId = !empty($_POST['dbUserId']) ? $_POST['dbUserId'] : '';
$dbSurveyId = !empty($_POST['dbSurveyId']) ? $_POST['dbSurveyId'] : '';
$userId = $db->real_escape_string($dbUserId);
$surveyId = $db->real_escape_string($dbSurveyId);
$questionsArray = !empty($_POST['dbQuestionsArray']) ? $_POST['dbQuestionsArray'] : '';
foreach ($questionsArray as $response) {
$questionId = $response['questionId'];
$selectedAnswerId = $db->real_escape_string($response['selectedAnswer']);
$freeResponseText = $db->real_escape_string($response['freeResponseText']);
if ($selectedAnswerId == "null" && $freeResponseText != "null") {
// check to see if free response question
$test = $db->query("SELECT COUNT(*) as x, freeResponseId FROM freeResponse WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'");
$result = $test->fetch_array();
if ($result[0] == 0) {
$db->query("INSERT INTO freeResponse (userId, surveyId, questionId, responseText, datetime) VALUES ('{$userId}', '{$surveyId}', '{$questionId}', '{$freeResponseText}', NOW())");
} else {
$db->query("UPDATE freeResponse SET responseText = '{$freeResponseText}', datetime = NOW() WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'");
}
} else {
if ($selectedAnswerId != "null") {
$test = $db->query("SELECT COUNT(*) as x, responseId FROM response WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'");
$result = $test->fetch_array();
if ($result[0] == 0) {
$db->query("INSERT INTO response (userId, surveyId, questionId, answerId, datetime) VALUES ('{$userId}', '{$surveyId}', '{$questionId}', '{$selectedAnswerId}', NOW())");
<?php
$iniArray = parse_ini_file("../nextsurvey.ini.php");
$db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']);
$action = !empty($_POST['action']) ? $_POST['action'] : '';
switch ($action) {
case 'insertAnswerTemplate':
$dbAnswerTemplate = !empty($_POST['dbAnswerTemplate']) ? $_POST['dbAnswerTemplate'] : '';
if (!empty($dbAnswerTemplate)) {
//note - use of $mysqli->real_escape_string() is to prevent SQL Injection attacks.
$answerTemplateName = $db->real_escape_string($dbAnswerTemplate);
$db->query("INSERT INTO answertemplate (answerTemplateName, locked) VALUES ('{$answerTemplateName}',0)");
echo $db->insert_id;
//last insert id
}
break;
case 'saveAnswers':
$answersArray = !empty($_POST['dbAnswersArray']) ? $_POST['dbAnswersArray'] : '';
foreach ($answersArray as $answer) {
$answerId = $answer['answerId'];
$answerOrder = $answer['answerOrder'];
$answerText = $db->real_escape_string($answer['answerText']);
$answerTemplateId = $db->real_escape_string($answer['answerTemplateId']);
$test = $db->query("SELECT COUNT(*) as x, answerId FROM answer WHERE answerId = '{$answerId}' and answerTemplateId = '{$answerTemplateId}'");
$result = $test->fetch_array();
if ($result[0] == 0) {
$db->query("INSERT INTO answer (answerId, answerText, answerOrder, answerTemplateId) VALUES ('{$answerId}', '{$answerText}', '{$answerOrder}', '{$answerTemplateId}')");
} else {
$db->query("UPDATE answer SET answerOrder = '{$answerOrder}', answerText = '{$answerText}' WHERE answerId = '{$answerId}' and answerTemplateId = '{$answerTemplateId}'");
}
}
<?php
$iniArray = parse_ini_file("../nextsurvey.ini.php");
$db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']);
$action = !empty($_POST['action']) ? $_POST['action'] : '';
switch ($action) {
case 'insertSurvey':
$dbSurvey = !empty($_POST['dbSurvey']) ? $_POST['dbSurvey'] : '';
if (!empty($dbSurvey)) {
//note - use of $mysqli->real_escape_string() is to prevent SQL Injection attacks.
//$surveyId = $db->real_escape_string($dbSurvey['surveyId']);
$surveyName = $db->real_escape_string($dbSurvey['surveyName']);
$surveyDescription = $db->real_escape_string($dbSurvey['surveyDescription']);
$locked = $db->real_escape_string($dbSurvey['locked']);
$published = $db->real_escape_string($dbSurvey['published']);
//$db->query("INSERT INTO survey (surveyid, surveyname, surveydescription, locked) VALUES ('$surveyId', '$surveyName', '$surveyDescription', '$locked')");
$db->query("INSERT INTO survey (surveyname, surveydescription, locked, published) VALUES ('{$surveyName}', '{$surveyDescription}', {$locked}, {$published})");
echo $db->insert_id;
//last insert id
}
break;
case 'updateSurvey':
$dbSurvey = !empty($_POST['dbSurvey']) ? $_POST['dbSurvey'] : '';
if (!empty($dbSurvey)) {
$surveyId = $db->real_escape_string($dbSurvey['surveyId']);
$surveyName = $db->real_escape_string($dbSurvey['surveyName']);
$surveyDescription = $db->real_escape_string($dbSurvey['surveyDescription']);
$published = $db->real_escape_string($dbSurvey['published']);
$db->query("UPDATE survey SET surveyName = '{$surveyName}'," . " surveyDescription = '{$surveyDescription}', published = {$published} " . "WHERE surveyId = '{$surveyId}'");
}
break;
