public function __set($name, $value) { $s_name = db::escape($name); $s_val = db::escape($value); $s_uid = db::escape($this->_uid); return db::execute("REPLACE INTO 202_config (var_name, var_value, user_id)\n VALUES ('{$s_name}', '{$s_val}', '{$s_uid}')"); }
public function saveRule($rule_id, $start_ip, $end_ip, $rule_state) { $sql = "UPDATE\n firewall_rules\n SET\n start_ip='" . db::escapechars($start_ip) . "',\n end_ip='" . db::escapechars($end_ip) . "',\n rule_state='" . db::escapechars($rule_state) . "'\n date_modified=NOW()\n WHERE\n rule_id='" . db::escapechars($rule_id) . "'\n LIMIT 1"; $updateFirewall = db::execute($sql); if ($removeItem) { // Log activity $logType = "Firewall"; $logValue = db::escapechars($_SESSION['username']) . " updated a firewall rule - " . db::escapechars($ruleid); $this->logevent($logType, $logValue); return true; } else { // Log failure $logValue = db::escapechars($_SESSION['username']) . " Failed updating a firewall rule - " . db::escapechars($sql); $this->logfault($logValue); return false; } }
public function storeAppSettings($settingName, $settingValue) { $errors = 0; // For each of the provided settings store the associated value for ($i = 0; $i <= count($settingName); $i++) { $sql = "UPDATE\n framework_settings\n SET\n settingValue='" . db::escapechars($settingValue[$i]) . "'\n WHERE\n settingName='" . db::escapechars($settingName[$i]) . "'\n LIMIT 1"; $result = db::execute($sql); if ($result) { $this->logevent('Settings Update', $_SESSION['username'] . " updated setting " . db::escapechars($settingName[$i]) . " to " . db::escapechars($settingValue[$i])); } else { $errors++; $this->logerror("Error updating settings: " . $sql); } } if ($errors > 0) { return false; } else { return true; } }
function run($query, $param, $action = '', $db = null) { $response = false; $db = new db(null, $db); $db->query($query); $db->execute($param); switch ($action) { case 'fetch': $response = $db->fetch(); break; case 'update': $response = $db; break; case 'insert': $response = $db->lastInsertId(); break; default: $response = $db->fetchset(); break; } return $response; }
public static function importUser($affiliate_id, $install_db) { // Grab user from directtrack db. //$s_addcode = db::escape($pub); $user = db::getRow("select * from prosper_master.affiliates WHERE affiliate_id='{$affiliate_id}'"); //md5 the user pass with salt $user_pass = salt_user_pass($_SESSION['login_pass']); $mysql['user_pass'] = db::escape($user_pass); //insert this user $user_sql = " \tINSERT INTO {$install_db}.`202_users`\n\t\t\t\t\t \tSET\tuser_email='" . $user['email'] . "',\n\t\t\t\t\t \t\tuser_name='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t \t\taddCode='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_timezone='-5',\n\t\t\t\t\t \t\tuser_time_register=NOW()"; //die($user_sql); $user_result = db::execute($user_sql); $user_id = mysql_insert_id(db::$db_write); $mysql['user_id'] = db::escape($user_id); $mysql['affiliate_id'] = $user['affiliate_id']; $md5token = md5(serialize($user) . uniqid()); $_SESSION['authtoken'] = $md5token; db::execute("insert into prosper_master.login_tokens(affiliate_id, user_id, user_name, token)\n\t\t values ('" . $mysql['affiliate_id'] . "', '" . $mysql['user_id'] . "', '" . $user['addCode'] . "', '" . $md5token . "');"); //update user preference table $user_sql = "INSERT INTO {$install_db}.`202_users_pref` SET user_id='" . $mysql['user_id'] . "'"; $user_result = db::execute($user_sql); }
function getAverages($company_id) { $scores = []; $superaverage = 0; //create keys for scores and zero out any leftover data in the scores array $keys = ['company_id', 'WLBalance', 'Salary', 'Benefits', 'Opportunity', 'Fairness', 'Leadership', 'Loyalty', 'Morale', 'Communication']; foreach ($keys as $key) { $scores[$key] = 0; } //now I know I could replace all of this with a simple SQL query // $db = new DB; $sql = "SELECT * FROM Reviews WHERE company_id = {$company_id}"; $results = db::execute($sql); // $results = $db->execute($sql); //grab number of reviews for calculating average $count = $results->num_rows; //remove non-calculation columns and sum the rest into the scores array while ($row = $results->fetch_assoc()) { unset($row['review_id']); unset($row['person_id']); unset($row['ReviewText']); foreach ($row as $key => $value) { $scores[$key] += $value; } } //calculate average for each column and trim to two decimal places foreach ($scores as $key => $value) { $scores[$key] = substr($value / $count, 0, 4); } //sum the averages and get that average and add to the array foreach ($scores as $key => $value) { $superaverage += $value; } $superaverage /= count($keys); $superaverage = substr($superaverage, 0, 4); $scores['Average'] = $superaverage; return $scores; }
public function resetPassword($userid, $seededpassword, $newpasswd = '') { $userid = db::escapechars($userid); $newpasswd = db::escapechars($newpasswd); if (is_null($newpasswd)) { $newpassword = $this->generatePassword(); } else { $newpassword = $newpasswd; } $newpasswordmd5 = md5($newpassword . $seededpassword); $sql = "UPDATE\n users\n SET\n password='******'\n WHERE\n userid='{$userid}'\n LIMIT 1"; $resetpass = db::execute($sql); if ($resetpass) { // Log the activity $logType = "Reset Password"; $IPAddress = $_SERVER["REMOTE_ADDR"]; $myusername = $_SESSION['username']; $theirusername = $this->useridtoname($userid); $logValue = "{$myusername} reset user password for user ( {$theirusername} )"; $this->logevent($logType, $logValue); // Email user with reset notification $message = "<h2>Password Reset</h2><p>Hello, a reset password request was sent for your account ({$theirusername}).</p><p>Your new password is {$newpassword}</p><p>You should log on and change this as soon as possible</p>"; $this->emailUser($userid, 'Password Reset', $message); return true; } else { return false; } }
public static function logged_in() { $session_time_passed = time() - $_SESSION['session_time']; // Tricky logic for handing off authentication across subdomains. if (!isset($_SESSION['user_id']) && !isset($_SESSION['login_user']) && isset($_GET['auth'])) { $s_token = db::escape($_GET['auth']); $user_row = db::getRow("SELECT lt.*, a.addCode from prosper_master.login_tokens lt\r\n INNER JOIN prosper_master.affiliates a ON lt.affiliate_id=a.affiliate_id\r\n WHERE token='{$s_token}'"); $_SESSION['session_fingerprint'] = md5('session_fingerprint' . $_SERVER['HTTP_USER_AGENT'] . session_id()); $_SESSION['session_time'] = time(); $_SESSION['user_name'] = $user_row['user_name']; $_SESSION['user_id'] = $user_row['user_id']; $_SESSION['addCode'] = $user_row['addCode']; $_SESSION['user_api_key'] = @$user_row['user_api_key']; $_SESSION['user_stats202_app_key'] = @$user_row['user_stats202_app_key']; $_SESSION['user_timezone'] = @$user_row['user_timezone']; @db::execute("delete from prosper_master.login_tokens WHERE token='{$s_token}' LIMIT 1"); $uri = preg_replace('/auth=[a-zA-Z0-9]+/', '', $_SERVER['REQUEST_URI']); forward($uri); exit; } if (!isset($_SESSION['user_id']) && isset($_SESSION['login_user'])) { if (self::login($_SESSION['login_user'], $_SESSION['login_pass'])) { return true; } } if ($_SESSION['user_name'] and $_SESSION['user_id'] and $_SESSION['session_fingerprint'] == md5('session_fingerprint' . $_SERVER['HTTP_USER_AGENT'] . session_id()) and $session_time_passed < 50000) { $_SESSION['session_time'] = time(); return true; } else { return false; } }
public function purgeDiary($classid, $teacherid) { // Check if owner of the class or if an administrator $classInfo = $this->getClassInformation($classid); if ($classInfo['teacher_id'] == $teacherid || $_SESSION['utype'] >= 8) { $sql = "DELETE FROM\n class_diary\n WHERE\n class_id='" . db::escapechars($classid) . "'\n AND\n item_status='9'"; $purge = db::execute($sql); if ($purge) { // Log the activity $logType = "Classes"; $logValue = db::escapechars($_SESSION['username']) . " Purged class diary events - " . db::escapechars($classid); $this->logevent($logType, $logValue); return true; } else { // Log the activity $logValue = db::escapechars($_SESSION['username']) . " Failed Purging class diary events - " . db::escapechars($sql); $this->logfault($logValue); return false; } } else { return false; } }
public static function delete($where = array()) { $sql = "DELETE FROM %s%s;"; $sql = sprintf($sql, self::filter_table(self::$settings['table']), self::where_str($where)); debug::set('sql', self::$settings['class'] . '::' . __FUNCTION__, $sql); return parent::execute($sql) ? 1 : 0; return -1; }
<?php include_once BASE_PATH . 'admin/utils/initialize.php'; if (!empty($_POST)) { $db = new db(); $country_id = $db->escape_string($_POST['country_id']); $rss = $db->escape_string($_POST['rss']); $sql = $db->execute("INSERT INTO rss (country_id, link, active) VALUES ('{$country_id}', '{$rss}', '1')"); } echo $twig->render('add_rss.html', array('active_menu' => 'add_rss', 'msg' => $msg, 'title_part' => 'Adăugare rss', 'utils' => $utils, 'slugs' => get_slugs()));
$country_slug = $slug['slug']; $rsss = $db->array_select("SELECT * FROM rss WHERE country_id = '{$country_id}' AND active='1'"); foreach ($rsss as $rss) { $content = file_get_contents($rss['link']); $xmlfeed = new SimpleXmlElement($content); $author = $xmlfeed->channel->link; $first = strpos($author, '.'); $author = substr($author, $first + 1); $second = strpos($author, '/'); $author = substr($author, 0, $second); foreach ($xmlfeed->channel->item as $entry) { if (strpos($entry->pubDate, $today)) { $title = $db->escape_string($entry->title); $double = $db->num_rows("SELECT id FROM news WHERE title = '{$title}'"); if ($double == 0) { $link = $db->escape_string($entry->link); $pubDate = $entry->pubDate; $date = convert_date($pubDate); $description = prepare_description($entry->description); $site_link = prepare_link($title, $country_slug); $metakeywords = prepare_metakeywords($description); $metadescription = prepare_metadescription($description); $sql = $db->execute("INSERT INTO news (country_id, author, title, description, site_link, link, pubdate, metadescription, metakeywords) VALUES ('{$country_id}', '{$author}', '{$title}', '{$description}', '{$site_link}','{$link}', '{$date}', '{$metadescription}', '{$metakeywords}')"); } } } } } } //delete entries older than 2 days $sql = $db->execute("DELETE from news WHERE (pubdate NOT LIKE '%{$today2}%' AND pubdate NOT LIKE '%{$yesterday}%' AND pubdate NOT LIKE '%{$yesterday2}%')");
defined('WCROOT') or die('Access Denied'); require WCROOT . PS . "config" . PS . "config_" . $_SESSION['domain'] . ".php"; $db = new db(); $sqlfile = WCROOT . '/install/data/basic.sql'; file_exists($sqlfile) or die('<br /><font color="#F00">数据库安装文件丢失:' . $sqlfile . '</font>'); $sql = file_get_contents($sqlfile); $sql = str_replace("\r\n", "\n", $sql); if (empty($sql)) { die('无法获取安装数据。file_get_contents()'); } $sql = trim(str_replace("\r", "\n", str_replace(' `ws_', ' `' . $db_config['db_pre'], $sql))); $ret = explode(";\n", $sql); unset($sql); $result = true; foreach ($ret as $sql) { $sql = trim($sql); @$db->execute($sql) or $result = false; } if ($result) { msgbox('', 'index.php?step=6'); } else { echo '<div style="padding:30px 0 30px 20px; color:#F00;">系统模块安装失败,请重新安装或尝试跳过这一步。</div>'; } ?> <table width="100%"><tr> <td width="80" height="80"> </td> <td align="center"><a href="index.php?step=4" onfocus="this.blur()"><img src="images/button_prev.png" width="112" height="35" /></a></td> <td align="center"><a href="index.php?step=6" onfocus="this.blur()"><img src="images/button_next.png" width="112" height="35" /></a></td> <td width="80"> </td> </tr></table>
$db->beginTransaction(); if ($attach_id == 'e') { $db->query("SELECT IFNULL(MAX(attach_group_id),0) + 1 as max_id FROM attachments"); $res = $db->fetch(); if (!empty($res)) { $new_attach_id = $res['max_id']; } else { $new_attach_id = 1; } } else { $new_attach_id = $attach_id; } $db->query("INSERT INTO attachments (attach_group_id, attach_desc)\n\t\t\t\tVALUES (:attach_group_id, :attach_desc)"); $db->bind(":attach_group_id", $new_attach_id); $db->bind(":attach_desc", $file_name); $sq = $db->execute(); $db->endTransaction(); $flag = 1; } catch (Exception $e) { $flag = 2; $db->cancelTransaction(); } } else { $flag = 3; } } $db->query("SELECT * FROM attachments WHERE attach_group_id = :id"); $db->bind(":id", $new_attach_id); $getAttaches = $db->fetchAll(); if (!empty($getAttaches)) { foreach ($getAttaches as $row) {
/** * build the create table query */ private static function create($tableDef = array()) { try { $table = $tableDef['table']; $cols = $tableDef['columns']; $query = "create table " . $table['name'] . " ("; foreach ($cols as $col => $def) { $query .= $col . " " . $def['type'] . " (" . $def['length'] . ") ,"; } $query = rtrim($query, ","); $query .= ")"; if ($table['charset'] && $table['collate']) { $query .= "CHARACTER SET " . $table['charset'] . " COLLATE " . $table['collate']; } $db = new db(); echo $db->execute($query) ? "DB table " . $tableDef['table']['name'] . " migrated" : "Some error occured while migrating"; } catch (Exception $e) { echo $e->getMessage(); } }
public function deleteRegister($registerid) { $sql = "UPDATE class_register SET register_status='9' WHERE registerid='" . db::escapechars($registerid) . "' LIMIT 1"; $deleteRegister = db::execute($sql); if ($purgeMessage) { // Log the activity $logType = "Register"; $logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") deleted a register (" . db::escapechars($registerid) . ") "; $this->logevent($logType, $logValue); return true; } else { // Log the fault in the system $logValue = $this->usernametorealname($_SESSION['username']) . "(" . $_SESSION['username'] . ") failed deleting a register: " . db::escapechars($sql); $this->logfault($logValue); return faluse; } }
<?php include_once BASE_PATH . 'admin/utils/initialize.php'; if (!empty($_POST)) { $db = new db(); //get data $country = $_POST['country']; $slug = $_POST['slug']; $country2 = $_POST['country2']; $language = $_POST['language']; $timezone = $_POST['timezone']; //insert new country in database $sql = $db->execute("INSERT INTO slugs (country, slug, country2, language, timezone) VALUES ('{$country}', '{$slug}', '{$country2}', '{$language}', '{$timezone}')"); //create new country in locale table $sql = $db->execute("ALTER TABLE locale ADD " . $slug . " VARCHAR( 255 )"); } echo $twig->render('add_slug.html', array('active_menu' => 'add_slug', 'msg' => $msg, 'title_part' => 'Adăugare ţară', 'utils' => $utils));
defined('WCROOT') or die('Access Denied'); require WCROOT . PS . "config" . PS . "config_" . $_SESSION['domain'] . ".php"; if (isset($_POST['website'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); //$website = trim($_POST['website']); //$website = rtrim($website,'/').'/'; //strlen($website) < 10 && msgbox('网站访问地址填写不正确。'); //$config['url'] = $website; preg_match('/^[\\w_]{5,20}$/', $username) or msgbox('管理员帐号必须由5 - 20个字符组成,只能使用数字、字母或下划线!'); (preg_match('/[\'\\"\\\\\\/]/', $password) || strlen($password) < 5 || strlen($password) > 20) && msgbox('管理员密码必须为5 - 20个字符,不得使用特殊字符!'); $db = new db(); $count = $db->query("SELECT count(*) FROM `{$db_config['db_pre']}user`", 1, 0); $sql = "INSERT INTO `{$db_config['db_pre']}user` (nickname,loginname,loginpwd,lasttime,lastip) VALUES ('admin','{$username}','{$password}','" . date('Y-m-d H:i:s') . "','" . get_ip() . "');"; $db->execute($sql) ? msgbox('', 'index.php?step=7') : msgbox('添加管理员出错!'); /*if($count[0] == 0){ $encryption = random(8,0); //$password = md5(md5($password).md5($encryption)); $sql = "INSERT INTO `{$db_config['db_pre']}user` (nickname,loginname,loginpwd,lasttime,lastip) VALUES ('admin','{$username}','{$password}','".date('Y-m-d H:i:s')."','{get_ip()}');"; $db->execute($sql) ? msgbox('','index.php?step=7') : msgbox('添加管理员出错!'); } else { msgbox('','index.php?step=7'); } /*if(array2php($config,'config',MLEROOT.'/inc/config/globals.config.php')){ $keyfile = file_get_contents(MLEROOT.'/inc/config/version.config.php'); empty($keyfile) && die('无法获取配置文件。file_get_contents()'); $keyfile = str_replace('__{WEBKEY}__',random(38,0),$keyfile); if(@file_put_contents(MLEROOT.'/inc/config/version.config.php',$keyfile)){ $db = new db; $count = $db->query("SELECT count(*) FROM `{$DB['prefix']}admin`",1,0);
public function addHashtag($hashtag, $userid) { if ($hashtag) { $hashtagStripped = str_replace('@', '', $hashtag); $hashtagStripped = str_replace('#', '', $hashtagStripped); $sql = "INSERT INTO tweetSearch SET "; if (substr($hashtag, 0, 1) == "@") { $sql .= " accountID='" . db::escapechars($hashtagStripped) . "'"; } else { $sql .= " hashtag='" . db::escapechars($hashtagStripped) . "'"; } $sql .= " , userID='" . db::escapechars($userid) . "'"; $result = db::execute($sql); if ($result) { $logType = ""; $myusername = $this->useridtorealname($userid); $logValue = "{$myusername} created a hashtag or username (" . db::escapechars($hashtagStripped) . ")"; $this->logevent($logType, $logValue); return true; } else { $this->logfault('ADD HASHTAG', "TRYING TO UNDERTAKE: " . $sql); return false; } } else { return false; } }
} try { $db->beginTransaction(); //adding task details into database $q = "INSERT INTO tasks (creator_id, assignee_id, loc_id, start_date, due_date, `repeat`, title, `desc`, attach_group_id, status)\n\t\t\t VALUES (:creator_id, :assignee_id, :loc_id, :start_date, :due_date, :repeat, :title, :des, :attach_group_id, 1)"; $sq = $db->query($q); $db->bind(":creator_id", $creatorId); $db->bind(":assignee_id", $assigneeId); $db->bind(":loc_id", $locId); $db->bind(":start_date", $startDate); $db->bind(":due_date", $endDate); $db->bind(":repeat", $repeat); $db->bind(":title", $title); $db->bind(":des", $desc); $db->bind(":attach_group_id", $attachId); $sq = $db->execute(); if ($sq) { //add followers of task if exist if ($followersIds != '') { $cond = count($followersIds); //get task_id $db->query("SET @lastId = (SELECT task_id FROM tasks ORDER BY task_id DESC LIMIT 1)"); $sql = $db->execute(); for ($i = 0; $i < $cond; $i++) { array_push($followersArr, $followersIds[$i]); $db->query("INSERT INTO tasks_followers (task_id, follower_id)\n\t\t\t\t\t\t\t\t VALUES (@lastId, :follower_id)"); $db->bind(":follower_id", $followersIds[$i]); $sq = $db->execute(); } } //add task to notifications
exit; } // Bail out if this page is accessed directly. if (!isset($_SESSION['login_user'])) { forward("/xtracks-login.php"); exit; } if (!isset($_GET['action'])) { $subdomain = $_SESSION['subdomain_granted']; $s_subdomain = db::escape($subdomain); // Check if we have something running already. $row = db::getRow("select id, status from prosper_master.install_jobs\n where subdomain='{$s_subdomain}'"); if ($row) { $install_id = $row['id']; } else { db::execute("insert into prosper_master.install_jobs\n (subdomain) VALUES ('{$s_subdomain}')"); $install_id = mysql_insert_id(db::$db_write); } $run_install = true; } if (isset($_GET['action']) && $_GET['action'] == 'check') { $install_id = (int) $_GET['install']; $row = db::getRow('select * from prosper_master.install_jobs where id=' . (int) $install_id); echo json_encode(array('status' => $row['status'], 'auth' => $_SESSION['authtoken'])); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<?php include_once BASE_PATH . 'admin/utils/initialize.php'; if (!empty($_POST)) { $db = new db(); foreach ($_POST as $key => $value) { $parts = explode('_', $key); $operation = $parts[0]; $id = $parts[1]; $slug = $parts[2]; if ($parts[0] == 'update') { $value = $db->escape_string($value); $sql = $db->execute("UPDATE locale SET {$slug} = '{$value}' WHERE id = '{$id}'"); } } $slugs_string = ''; $slugs = $db->array_select("SELECT slug FROM slugs"); foreach ($slugs as $slug) { $slugs_string .= $slug['slug'] . ','; } $slugs_string = substr($slugs_string, 0, -1); $index = 0; while (!empty($_POST['insert_' . $index . '_us'])) { $values_string = ''; foreach ($slugs as $slug) { $values_string .= "'" . $_POST['insert_' . $index . '_' . $slug['slug']] . "',"; } $values_string = substr($values_string, 0, -1); $sql = "INSERT INTO locale ({$slugs_string}) VALUES ({$values_string})"; $db->execute($sql); $index++;
<?php // error_reporting(E_ALL); // ini_set('display_errors', 'on'); include 'initialize.php'; $emailreg = '/^[a-zA-Z-_.+]+@[a-zA-Z-_.+]+\\.[a-z]{2,6}\\.?[a-z]+/'; $passreg = '/((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\\W]).{8,64})/'; $errorarray = []; $errorstring = ""; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $sql = "SELECT * FROM People WHERE email = '{$_POST['email']}'"; $result = db::execute($sql); // Check email against REGEX if (preg_match($emailreg, $_POST['email']) === 1) { // Check that email is unique if ($result->num_rows == 0) { //Check that passwords match if ($_POST['password'] == $_POST['verifypassword']) { // print_r($_POST); //Check password has 8chars and at least 1 number and one symbol if (preg_match($passreg, $_POST['password']) == 1) { //Drop second password field unset($_POST['verifypassword']); $sql_values = $_POST; $sql_values['password'] = password_hash($sql_values['password'], PASSWORD_DEFAULT); $table = "People"; // db::insert($table, $sql_values); } else { $errorstring = "Your password must be at least 8 characters with at least one number and one symbol"; array_push($errorarray, $errorstring); }
function global_settings_set($params) { $db = new db(); $db->query("DELETE FROM measure_system WHERE measure_system_setting_name NOT LIKE( 'current_version' )"); $db->execute(); foreach ($params['data'] as $k => $v) { $db->query('INSERT INTO measure_system ( measure_system_setting_name, measure_system_setting_value ) VALUES ( :key, :value )'); $db->data('key', $k); $db->data('value', $v); $db->execute(); } }
public function toggleQuiz($quizid, $quizState = '0') { $sql = "UPDATE\n quiz\n SET\n quiz_status='" . db::escapechars($quizState) . "'\n WHERE\n quizid='" . db::escapechars($quizid) . "'\n LIMIT 1"; $insertClass = db::execute($sql); if ($insertClass) { // Log the activity $logType = "Classes"; $logValue = db::escapechars($_SESSION['username']) . " Toggled a quiz state - " . db::escapechars($classid); $this->logevent($logType, $logValue); return true; } else { // Log the activity $logValue = db::escapechars($_SESSION['username']) . " Failed toggling a quiz state - " . db::escapechars($sql); $this->logfault($logValue); return false; } }
</head> <body> <main> <?php include 'header.php'; ?> </main> <section> <h1>My Reviews as a Former Employee</h1> <?php foreach ($reviews as $i => $value) { $sql_comp = "\n SELECT *\n FROM Companies\n WHERE company_id = {$reviews[$i]['company_id']}"; $output = db::execute($sql_comp); // $output = $db->execute($sql_comp); $company_info = $output->fetch_assoc(); echo "<table>\n <thead>\n <tr>\n <th><div style='width: 275px'>Qualities at {$company_info['Name']}</div></th>\n <th><div style='width: 50px'>Scores</div></th>\n </tr>\n </thead>\n <tbody>\n <tr>\n <td>Work/Life Balance</td>\n <td>{$reviews[$i]['WLBalance']}</td>\n </tr> \n <td>Salary</td>\n <td>{$reviews[$i]['Salary']}</td> \n </tr>\n <td>Benefits</td>\n <td>{$reviews[$i]['Benefits']}</td>\n </tr>\n <td>Advancement Opportunities</td>\n <td>{$reviews[$i]['Opportunity']}</td> \n </tr>\n <td>Equality/Fairness</td>\n <td>{$reviews[$i]['Fairness']}</td> \n </tr>\n <td>Leadership</td>\n <td>{$reviews[$i]['Leadership']}</td> \n </tr>\n <td>Loyalty</td>\n <td>{$reviews[$i]['Loyalty']}</td>\n </tr>\n <td>Morale</td>\n <td>{$reviews[$i]['Morale']}</td> \n </tr>\n <td>Communication</td>\n <td>{$reviews[$i]['Communication']}</td>\n </tr> \n </tbody> \n </table>"; } ?> </section> <!-- <?php echo 'You\'re logged in ' . $_SESSION['email']; ?> --> </body> </html>
/** * Runs a INSERT query with values * * @param string $table The table name * @param array $fields an array of field names * @param array $values an array of array of keys and values. * @return mixed The last inserted id if everything went fine or an error response. */ static function insert_all($table, $fields, $values) { $query = 'INSERT INTO ' . self::prefix($table) . ' (' . implode(',', $fields) . ') VALUES '; $rows = array(); foreach ($values as $v) { $str = '(\''; $sep = ''; foreach ($v as $input) { $str .= $sep . db::escape($input); $sep = "','"; } $str .= '\')'; $rows[] = $str; } $query .= implode(',', $rows); return db::execute($query); }
// ghetto-switch time switch ($_REQUEST['action']) { case "add_affnet": $mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']); $mysql['name'] = mysql_real_escape_string($_REQUEST['affnet_id']); if (db::execute("INSERT INTO 202_aff_networks (user_id, aff_network_name) VALUES ('" . $mysql['user_id'] . "', '" . $mysql['name'] . "')")) { $result = db::getRow("SELECT aff_network_name as name, aff_network_id as id FROM 202_aff_networks WHERE aff_network_name = '" . $mysql['name'] . "'"); } else { $result = "error"; } // fancy break; case "delete_affnet": $mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']); $mysql['id'] = mysql_real_escape_string($_REQUEST['affnet_id']); $result = db::execute("DELETE FROM 202_aff_networks WHERE user_id = '" . $mysql['user_id'] . "' AND aff_network_id = '" . $mysql['id'] . "'"); break; } echo json_encode($result); exit; } } //get all of the user data $mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']); $user_sql = "\tSELECT \t*\n\t\t\t\t FROM \t`202_users`\n\t\t\t\t LEFT JOIN `202_users_pref` USING (user_id)\n\t\t\t\t WHERE \t`202_users`.`user_id`='" . $mysql['user_id'] . "'"; $user_result = _mysql_query($user_sql); $user_row = mysql_fetch_assoc($user_result); $html = array_map('htmlentities', $user_row); //make it hide most of the api keys $hideChars = 22; for ($x = 0; $x < $hideChars; $x++) {
public function delete() { return db::execute($this->sql(__FUNCTION__)); }
echo '<div id="notice"></div>'; file_exists($sqlfile) or die('<br /><font color="#F00">数据库安装文件丢失:' . $sqlfile . '</font>'); $sql = file_get_contents($sqlfile); $sql = str_replace("\r\n", "\n", $sql); if (empty($sql)) { die('无法获取安装数据。file_get_contents()'); } $sql = trim(str_replace("\r", "\n", str_replace(' `ws_', ' `' . $db_config['db_pre'], $sql))); $ret = explode(";\n", $sql); unset($sql); $result = true; foreach ($ret as $sql) { $sql = trim($sql); if (substr($sql, 0, 12) == 'CREATE TABLE') { $t_name = preg_replace("/CREATE TABLE `([a-z0-9_]+)` .*/is", "\\1", $sql); if (@$db->execute($sql)) { showjsmessage('<ol>正在创建数据表:' . $t_name . ' … <img src="images/ok.png" /></ol>'); } else { $result = false; showjsmessage('<ol><font color="#FF0000">正在创建数据表:' . $t_name . ' … </font><img src="images/not.png" /></ol>'); } } else { @$db->execute($sql); } } if ($result) { showjsmessage('<ol><font color="#000000">数据库安装成功,请继续下一步安装。</font></ol>'); } else { showjsmessage('<ol><font color="#FF0000">数据库没有正确安装或是安装过程中出现异常,请检查连接参数设置是否正确。</font></ol>'); } ?>