<?php $iniArray = parse_ini_file("nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { case 'saveResponses': $dbUserId = !empty($_POST['dbUserId']) ? $_POST['dbUserId'] : ''; $dbSurveyId = !empty($_POST['dbSurveyId']) ? $_POST['dbSurveyId'] : ''; $userId = $db->real_escape_string($dbUserId); $surveyId = $db->real_escape_string($dbSurveyId); $questionsArray = !empty($_POST['dbQuestionsArray']) ? $_POST['dbQuestionsArray'] : ''; foreach ($questionsArray as $response) { $questionId = $response['questionId']; $selectedAnswerId = $db->real_escape_string($response['selectedAnswer']); $freeResponseText = $db->real_escape_string($response['freeResponseText']); if ($selectedAnswerId == "null" && $freeResponseText != "null") { // check to see if free response question $test = $db->query("SELECT COUNT(*) as x, freeResponseId FROM freeResponse WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'"); $result = $test->fetch_array(); if ($result[0] == 0) { $db->query("INSERT INTO freeResponse (userId, surveyId, questionId, responseText, datetime) VALUES ('{$userId}', '{$surveyId}', '{$questionId}', '{$freeResponseText}', NOW())"); } else { $db->query("UPDATE freeResponse SET responseText = '{$freeResponseText}', datetime = NOW() WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'"); } } else { if ($selectedAnswerId != "null") { $test = $db->query("SELECT COUNT(*) as x, responseId FROM response WHERE surveyId = '{$surveyId}' and userId = '{$userId}' and questionId = '{$questionId}'"); $result = $test->fetch_array(); if ($result[0] == 0) { $db->query("INSERT INTO response (userId, surveyId, questionId, answerId, datetime) VALUES ('{$userId}', '{$surveyId}', '{$questionId}', '{$selectedAnswerId}', NOW())");
<?php $iniArray = parse_ini_file("../nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { case 'insertAnswerTemplate': $dbAnswerTemplate = !empty($_POST['dbAnswerTemplate']) ? $_POST['dbAnswerTemplate'] : ''; if (!empty($dbAnswerTemplate)) { //note - use of $mysqli->real_escape_string() is to prevent SQL Injection attacks. $answerTemplateName = $db->real_escape_string($dbAnswerTemplate); $db->query("INSERT INTO answertemplate (answerTemplateName, locked) VALUES ('{$answerTemplateName}',0)"); echo $db->insert_id; //last insert id } break; case 'saveAnswers': $answersArray = !empty($_POST['dbAnswersArray']) ? $_POST['dbAnswersArray'] : ''; foreach ($answersArray as $answer) { $answerId = $answer['answerId']; $answerOrder = $answer['answerOrder']; $answerText = $db->real_escape_string($answer['answerText']); $answerTemplateId = $db->real_escape_string($answer['answerTemplateId']); $test = $db->query("SELECT COUNT(*) as x, answerId FROM answer WHERE answerId = '{$answerId}' and answerTemplateId = '{$answerTemplateId}'"); $result = $test->fetch_array(); if ($result[0] == 0) { $db->query("INSERT INTO answer (answerId, answerText, answerOrder, answerTemplateId) VALUES ('{$answerId}', '{$answerText}', '{$answerOrder}', '{$answerTemplateId}')"); } else { $db->query("UPDATE answer SET answerOrder = '{$answerOrder}', answerText = '{$answerText}' WHERE answerId = '{$answerId}' and answerTemplateId = '{$answerTemplateId}'"); } }
<?php $iniArray = parse_ini_file("../nextsurvey.ini.php"); $db = new MySqli($iniArray['host'], $iniArray['username'], $iniArray['password'], $iniArray['database']); $action = !empty($_POST['action']) ? $_POST['action'] : ''; switch ($action) { case 'insertSurvey': $dbSurvey = !empty($_POST['dbSurvey']) ? $_POST['dbSurvey'] : ''; if (!empty($dbSurvey)) { //note - use of $mysqli->real_escape_string() is to prevent SQL Injection attacks. //$surveyId = $db->real_escape_string($dbSurvey['surveyId']); $surveyName = $db->real_escape_string($dbSurvey['surveyName']); $surveyDescription = $db->real_escape_string($dbSurvey['surveyDescription']); $locked = $db->real_escape_string($dbSurvey['locked']); $published = $db->real_escape_string($dbSurvey['published']); //$db->query("INSERT INTO survey (surveyid, surveyname, surveydescription, locked) VALUES ('$surveyId', '$surveyName', '$surveyDescription', '$locked')"); $db->query("INSERT INTO survey (surveyname, surveydescription, locked, published) VALUES ('{$surveyName}', '{$surveyDescription}', {$locked}, {$published})"); echo $db->insert_id; //last insert id } break; case 'updateSurvey': $dbSurvey = !empty($_POST['dbSurvey']) ? $_POST['dbSurvey'] : ''; if (!empty($dbSurvey)) { $surveyId = $db->real_escape_string($dbSurvey['surveyId']); $surveyName = $db->real_escape_string($dbSurvey['surveyName']); $surveyDescription = $db->real_escape_string($dbSurvey['surveyDescription']); $published = $db->real_escape_string($dbSurvey['published']); $db->query("UPDATE survey SET surveyName = '{$surveyName}'," . " surveyDescription = '{$surveyDescription}', published = {$published} " . "WHERE surveyId = '{$surveyId}'"); } break;