public function getValueEncoded($field) { return htmlspecialcharacters($this->getValue($field)); }
public function createPlan() { $errormsg = ""; $showform = 1; // Cleanse title on submission $formfield['title'] = htmlspecialcharacters(stripslashes(trim($_POST['title']))); // Check if title name is empty if (empty($formfield['title'])) { $errormsg .= "<p>Title is empty</p>"; } // Check for duplicate title if ($formfield['title'] != $_POST['origtitle']) { try { // Pulls titles from the database & binds // value to variable to be used $sqltitle = 'SELECT * FROM ' . DBNAME . ' WHERE title = :title'; $stmttitle = $this->conn->prepare($sqltitle); $stmttitle->bindValue(':title', $formfield['title']); $stmttitle->execute(); $count = $stmttitle->rowCount(); //fix counttitle not declared??? // if ($counttitle > 0) { // $errormsg .= "<p>Duplicate plan name.</p>"; // } } catch (PDOException $e) { echo 'Unable to fetch title to check for existing. ' . '<br />ERROR: <br />' . exit; } } // Update if no errors exist if ($errormsg != "") { echo $errormsg; echo "<p>Try again.</p>"; } else { try { // Insert data into database $sqlupdate = 'UPDATE ' . DBNAME . ' SET title = :title WHERE ID = :ID'; $stmtupdate = $this->conn->prepare($sqlupdate); $stmtupdate->bindValue(':title', $formfield['title']); $stmtupdate->bindValue(':ID', $_POST['x']); $stmtupdate->execute(); // Hide form $showform = 0; } catch (PDOException $e) { echo 'Error updating title <br />ERROR: <br />' . $e->getMessage(); exit; } } if ($showform == 1) { try { // Pull data from database for existing plans $sql = 'SELECT * FROM ' . DBNAME . ' WHERE ID = :ID'; $stmt = $this->conn->prepare($sql); $stmt->bindValue(':ID', $_GET['x']); $stmt->execute(); $row = $stmt->fetch(); ?> <!-- Form for changing plan title --> <form action="#" id="titleForm" method="post" name="titleForm"> <input id="titleName" name="name" placeholder="Name" type="text"> <input type="submit" id="changeTitle" onclick="titleSubmit();" value="Submit"> </form> <!-- End form --> <?php } catch (PDOException $e) { echo 'Error fetching plans. <br />ERROR: </br>' . $e->getMessage(); exit; } } }
function perform($action, $input) { global $vars; $matches = array(); $actions = array(); $output = isset($vars[$input]) ? $vars[$input] : null; while (preg_match("#(\\w+)(\\s){0,1}(\\.*\\d*)(.*)#", $action, $actions) > 0) { if (preg_match("#(\\w+) (\\.*\\d+)#", $action, $matches)) { if ($matches[1] == "format") { $output = number_format($output, $matches[2]); } if ($matches[1] == "add") { $output = $output + $matches[2]; } if ($matches[1] == "sub") { $output = $output - $matches[2]; } if ($matches[1] == "div") { $output = $output / $matches[2]; } if ($matches[1] == "mult") { $output = $output * $matches[2]; } } else { if ($actions[1] == "format") { $output = number_format($output); } if ($actions[1] == "escape") { $output = htmlspecialcharacters($output); } } if ($matches) { $action = substr($action, strlen($matches[1] . " " . $matches[2])); } else { $action = substr($action, strlen($actions[1])); } } return $output; }