/** * @param $userid * @return object * */ function generateInvoiceNumber($userid) { $userid = convertForInsert($userid); $sql = "INSERT INTO `tbl_invoices` (InvoiceID, UserID) VALUES (NULL, " . $userid . ");"; $mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname); $mysqli->query($sql); $insertid = $mysqli->insert_id; $mysqli->close(); $data = array("success" => true, "invoiceid" => $insertid); return json_encode($data); }
<?php session_start(); require 'lib/db.php'; function convertForInsert($str) { if ($str != "") { $str = "\"" . $str . "\""; } else { $str = "NULL"; } return $str; } $ip = convertForInsert($_SERVER["REMOTE_ADDR"]); $vote = convertForInsert($_GET["vote"]); $sql = "\n INSERT INTO tbl_Votes\n (VoteID, IP_Address, Vote)\n VALUES\n (NULL, {$ip}, {$vote});\n"; $result = mysql_query($sql); if (!$result) { echo mysql_error($result); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>BUMC Scrapbook Crop Registratrion</title> <link href="registration.css" rel="stylesheet" type="text/css" /> <link rel="shortcut icon" href="images/site.ico">
if (!isset($_SESSION['authUser'])) { $cancelProcess = true; header("Location: login.php"); } if (isset($_POST['getSettings']) && !$cancelProcess) { $userid = $_SESSION['UserID']; $mysqli = new mysqli(db::dbserver, db::dbuser, db::dbpass, db::dbname); $sql = "SELECT * FROM tbl_Settings WHERE UserID='" . $userid . "'"; $rs = $mysqli->query($sql); while ($row = $rs->fetch_assoc()) { $settingid = $row['SettingID']; $email = $row['Email']; $friendlyemail = $row['FriendlyEmail']; $bcc = $row['bcc']; } $data = array("success" => true, "message" => "Success!", "id" => $settingid, "email" => $email, "friendlyemail" => $friendlyemail, "bcc" => $bcc); echo json_encode($data); $rs->free(); $mysqli->close(); } //getSettings if (isset($_POST['newEventID']) && !$cancelProcess) { $userid = convertForInsert($_SESSION['UserID']); $eventid = convertForInsert($_POST['newEventID']); $mysqli = new mysqli(db::dbserver, db::dbuser, db::dbpass, db::dbname); $sql = "UPDATE tblLastEvent SET EventID = " . $eventid . " WHERE UserID = " . $userid; $mysqli->query($sql); $mysqli->close(); $data = array("success" => true, "message" => "Success!"); echo json_encode($data); }
function getPaymentPlan($eventid, $userid) { $data = ""; $dataArray = array(); $mysqli = new mysqli(db::dbserver, db::dbuser, db::dbpass, db::dbname); $eventid = convertForInsert($eventid); $sql = "SELECT\n tbl_payment_timeframes.*,\n tbl_payment_type.*\n FROM `tbl_payment_timeframes`\n LEFT JOIN `tbl_payment_type` ON `tbl_payment_timeframes`.PaymentTypeID = `tbl_payment_type`.PaymentTypeID\n WHERE `tbl_payment_timeframes`.EventID = {$eventid} AND `tbl_payment_timeframes`.UserID = {$userid}"; $rs = $mysqli->query($sql); try { while ($row = $rs->fetch_assoc()) { $data['TimeFrameID'] = convertNullToBlank($row['TimeFrameID']); $data['EventID'] = convertNullToBlank($row['EventID']); $data['Note'] = convertNullToBlank($row['Note']); $data['StartDate'] = convertNullToBlank($row['StartDate']); $data['EndDate'] = convertNullToBlank($row['EndDate']); $data['Amount'] = convertNullToBlank($row['Amount']); $data['Form'] = convertNullToBlank($row['Form']); $dataArray[] = $data; } return $dataArray; } catch (Exception $e) { return false; //something went wrong } }
$_SESSION['requestedtablebuddies'] = $_POST['requestedtablebuddies']; $_SESSION['notetohostess'] = $_POST['notetohostess']; //$_SESSION['typeOfFood'] = $_POST['typeOfFood']; $userid = getUserID($eventid); $name = convertForInsert($mysqli->real_escape_string($_SESSION['name'])); $emailaddress = convertForInsert($mysqli->real_escape_string($_SESSION['emailaddress'])); $streetaddress = convertForInsert($mysqli->real_escape_string($_SESSION['streetaddress'])); $csz = convertForInsert($mysqli->real_escape_string($_SESSION['csz'])); $phone = convertForInsert($mysqli->real_escape_string($_SESSION['phone'])); $payby = convertForInsert($mysqli->real_escape_string($_SESSION['payby'])); $returningguest = convertForInsert($mysqli->real_escape_string($_SESSION['returningguest'])); //$food = convertForInsert($mysqli->real_escape_string($_SESSION['food'])); $heardabout = convertForInsert($mysqli->real_escape_string($_SESSION['heardabout'])); $referredby = convertForInsert($mysqli->real_escape_string($_SESSION['referredby'])); $requestedtablebuddies = convertForInsert($mysqli->real_escape_string($_SESSION['requestedtablebuddies'])); $notetohostess = convertForInsert($mysqli->real_escape_string($_SESSION['notetohostess'])); //$typeOfFood = convertForInsert($mysqli->real_escape_string($_SESSION['typeOfFood'])); //build e-mail string //send email and sql statement if (!$cancelProcess) { $sql = "INSERT INTO registration (UserID, EventID, Name, EmailAddress, StreetAddress, CSZ, Phone, PayBy, ReturningGuest, Food, HeardAbout, ReferredBy, EnteredBy, RequestedTableBuddies, NoteToHostess, Paid, FoodCategory, CustomMessageBdySent) "; //$sql = $sql."VALUES ('".$userid."','".$eventid."','".$_SESSION['name']."','".$_SESSION['emailaddress']."','".$_SESSION['streetaddress']."','".$_SESSION['csz']."','".$_SESSION['phone']."','".$_SESSION['payby']."','".$_SESSION['returningguest']."','','".$_SESSION['heardabout']."','".$_SESSION['referredby']."', 'Online','".$_SESSION['requestedtablebuddies']."','".$_SESSION['notetohostess']."', 'N', 'NULL', '0')"; $sql = $sql . "VALUES (" . $userid . "," . $eventid . "," . $name . "," . $emailaddress . "," . $streetaddress . "," . $csz . "," . $phone . "," . $payby . "," . $returningguest . ", NULL," . $heardabout . "," . $referredby . ", 'Online'," . $requestedtablebuddies . "," . $notetohostess . ", 'N', NULL, 0)"; $result = $mysqli->query($sql); if (!$result) { echo mysqli_error($mysqli); //TODO: This needs to be a better error layout for users $cancelProcess = true; } // multiple recipients $to = $_SESSION['emailaddress'];