$stmt->bindValue(3, htmlspecialchars($end), SQLITE3_TEXT); $stmt->bindValue(4, htmlspecialchars($where), SQLITE3_TEXT); $result = $stmt->execute(); return $result; } if (isset($_POST) && isset($_POST['action'])) { $dbConnection = connectDB(); $action = $_POST['action']; if ($dbConnection) { switch ($action) { case 'getParties': $retarr = getParties($dbConnection); break; case 'deleteParty': $retarr = deleteParty($dbConnection, $_POST['party']); break; case 'addParty': $retarr = addParty($dbConnection, $_POST['partyname'], $_POST['partystart'], $_POST['partyend'], $_POST['partyplace']); break; default: $retarr['error'] = 'Unknown action'; break; } disconnectDB($dbConnection); } else { $retarr = getErrorArray("Couldn't connect database"); } } else { $retarr['error'] = 'Unknown method'; } echo json_encode($retarr);
report(2, "Internal server error."); $flag = 1; break; } } } if ($flag == 0) { report(0, "OK"); } } else { if ($action == "addparty") { $name = htmlspecialchars(@$_POST['name'], ENT_HTML5, 'utf-8'); $place = htmlspecialchars(@$_POST['place'], ENT_HTML5, 'utf-8'); $host = htmlspecialchars(@$_POST['host'], ENT_HTML5, 'utf-8'); $datetime = htmlspecialchars(@$_POST['datetime'], ENT_HTML5, 'utf-8'); $code = addParty($mysqli, $name, $place, $host, $datetime); if ($code == 0) { report(0, "OK"); } else { report(1, "Internal server error."); } } else { if ($action == "delparty") { $pid_array = $_REQUEST['parties']; $flag = 0; foreach ($pid_array as $pid) { $code = delParty($mysqli, $pid); if ($code == 1) { report(1, "One of the parties you have attempted to delete is not in the database. Please refresh your page. If this happens again, please contact Big Green Snake and report this incident."); $flag = 1; break;