<?php
header("Content-Type:application/json; ");
require_once('loader.php');
if( $_POST['s_no']!='' ){
$sql = "DELETE FROM schedule WHERE s_no = ?";
$ans = sql_i( $sql,array( $_POST['s_no'] ) );
if( $ans ){
echo json_encode( 'SUCCESS !' );
}
else
echo json_encode('行程表新增失敗,確認參數是否設置成功 ?');
}
<?php
header("Content-Type:application/json; ");
require_once('loader.php');
if( $_POST['account']!='' ){
// $sql = "INSERT INTO `accounts`(`ac_no`, `account`, `password`, `name`, `picture`, `type`, `level`) VALUES (?,?,?,?,?,?,?)";
// $ans = sql_i( $sql,array( 'null',$_POST['account'],$_POST['password'],$_POST['name'],'1','traveler','1' ) );
$sql = "INSERT INTO `account`(`account_no`, `account`, `password`, `name`,`type`, `picture_name`,`sign`,`birthday`,`level`) VALUES (?,?,?,?,?,?,?,?,?)";
$ans = sql_i( $sql,array( 'null',$_POST['account'],'none',$_POST['name'],$_POST['type'],$_POST['picture_name'],$_POST['sign'],$_POST['birthday'],'1' ) );
if( $ans ){
echo json_encode( 'SUCCESS !' );
}
else
echo json_encode('帳號新增失敗 ?');
}
echo 'Success !! ';
}
}
else{
$sql_arr = array();
array_push( $sql_arr,'null' );
array_push( $sql_arr,$url[$i]['title'] );
array_push( $sql_arr,$url[$i]['descriptionFilterHtml'] );
array_push( $sql_arr,$url[$i]['showInfo'][0]['longitude'] );
array_push( $sql_arr,$url[$i]['showInfo'][0]['latitude'] );
array_push( $sql_arr,'opendata' );
array_push( $sql_arr,$url[$i]['showInfo'][0]['time'] );
array_push( $sql_arr,$url[$i]['showInfo'][0]['endTime'] );
array_push( $sql_arr,$url[$i]['sourceWebName'] );
array_push( $sql_arr,'parent' );
array_push( $sql_arr,$url[$i]['showInfo'][0]['location'].$url[$i]['showInfo'][0]['locationName'] );
sql_i($sql,$sql_arr);
echo 'Success !! ';
}
}else{
echo 'Error !! ';
}
}
break;
default:
echo 'Action error!';
break;
}
<?php
header("Content-Type:application/json; ");
require_once('loader.php');
if( $_POST['setting_no']!='' ){
$sql = "INSERT INTO `schedule`(`s_no`, `setting_no`, `sort`, `data_no`) VALUES (?,?,?,?)";
$ans = sql_i( $sql,array( 'null',$_POST['setting_no'],$_POST['sort'],$_POST['data_no'] ) );
if( $ans ){
echo json_encode( 'SUCCESS !' );
}
else
echo json_encode('行程表新增失敗,確認參數是否設置成功 ?');
}
<?php
header("Content-Type:text/html; charset=utf-8");
require_once 'loader.php';
$sql = "SELECT * FROM rank WHERE ac_no=? AND se_no =?";
$ans_count = count(sql_q($sql, array($_POST['ac_no'], $_POST['se_no'])));
if ($ans_count == '0') {
$sql = "INSERT INTO `rank`(`rank_no`, `ac_no`, `se_no`, `score`) VALUES (?,?,?,?)";
$ans = sql_i($sql, array('null', $_POST['ac_no'], $_POST['se_no'], $_POST['score']));
} else {
$sql = "UPDATE rank SET score =? WHERE ac_no=? AND se_no =?";
$ans = sql_i($sql, array($_POST['score'], $_POST['ac_no'], $_POST['se_no']));
}
if ($ans) {
echo json_encode(array($_POST['score']));
} else {
echo json_encode('增加分數失敗 !');
}
$edi = $_POST;
$edi_base = array();
$sql = "UPDATE data SET ";
foreach ($edi as $key => $value) {
if( !strcmp( $key , "d_no" ) ){
$sql .= "WHERE ".$key."=? ";
array_push( $edi_base , $value );
$sql = substr_replace( $sql , " " , strrpos( $sql , ",") , "1" );
}
elseif( !empty($value) ){
$sql .= $key ."=? ,";
array_push( $edi_base , $value );//這邊邏輯要注意
}
}
if( sql_i( $sql,$edi_base ) ){
echo "<script language=javascript>
alert('編輯資料成功!!');
window:location.href='".$_SERVER["HTTP_REFERER"]."';
</script>";
}
else{
echo "<script language=javascript>
alert('編輯資料失敗!!');
window:location.href='".$_SERVER["HTTP_REFERER"]."';
</script>";
}
?>
<?php
header("Content-Type:application/json; ");
require_once('loader.php');
$nextWeek = time() + (7 * 24 * 60 * 60);
if( $_POST['title']!='' ){
$sql = "INSERT INTO `post`(`post_no`, `image_name`, `x`, `y`, `category`, `address`, `content`, `title`, `note`, `score`, `time`) VALUES (?,?,?,?,?,?,?,?,?,?,?)";
$ans = sql_i( $sql,array( 'null',$_POST['image_name'],$_POST['x'],$_POST['y'],$_POST['category'],$_POST['address'],$_POST['content'],$_POST['title'],$_POST['note'],'0',date("Y-m-d") ) );
if( $ans ){
echo json_encode( 'SUCCESS !' );
}
else
echo json_encode('default ?');
}
function update_record( $column ){
# SQL Injection examine
if ( strlen($column) > 8 )
return false;
for ( $i=0 ; $i<strlen($column) ; $i++ )
if ( ($column{$i} < 'a') || ($column{$i} > 'z') )
return false;
$sessionData = get_sessionData();
$sql = "UPDATE record SET ".$column."='1' WHERE record_id=? ";
return sql_i( $sql, array( $sessionData['record_id'] ) );
}
<?php
header("Content-Type:application/json; ");
require_once('loader.php');
if($_POST['account']!=''){
// $sql = "INSERT INTO `accounts`(`ac_no`, `account`, `password`, `name`, `picture`, `type`, `level`) VALUES (?,?,?,?,?,?,?)";
// $ans = sql_i( $sql,array( 'null',$_POST['account'],$_POST['password'],$_POST['name'],'1','traveler','1' ) );
$sql = "INSERT INTO `account`(`account_no`, `account`, `password`, `name`,`type`, `picture_name`,`sign`,`birthday`,`level`) VALUES (?,?,?,?,?,?,?,?,?)";
$ans = sql_i( $sql,array('NULL',$_POST['account'],$_POST['password'],$_POST['name'],$_POST['type'],$_POST['picture_name'],$_POST['sign'],$_POST['birthday'],'1' ) );
//$ans = sql_i( $sql,array('NULL',$_GET['account'],$_GET['password'],$_GET['name'],$_GET['type'],$_GET['picture_name'],$_GET['sign'],$_GET['birthday'],'1' ) );
}
if( $ans ){
echo json_encode( 'SUCCESS !' );
}else
echo json_encode('Fail!');
<?php
header("Content-Type:text/html; charset=utf-8");
require_once('loader.php');
$datetime = date ("YmdHis");
$file_path = "picture/";
$file_path = $file_path . basename( $_FILES['uploaded_file']['name'] );
move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path);
$sql = "INSERT INTO sch_setting(`se_no`, `se_title`, `picture_name`,`account_no`) VALUES (?, ?,?,? ) ";
$ans = sql_i( $sql,array( 'null',$_POST['title'],$_FILES['uploaded_file']['name'] ,$_POST['account_no']) );
if( $ans ){
$sql = "SELECT * FROM sch_setting WHERE se_title = ? AND account_no = ?";
$ans = sql_q( $sql,array( $_POST['title'],$_POST['account_no'] ) );
echo json_encode( $ans );
}
else
echo json_encode('標題新增失敗,確認參數是否設置成功 ?');
