Exemplo n.º 1
0
 public function getValueEncoded($field)
 {
     return htmlspecialcharacters($this->getValue($field));
 }
Exemplo n.º 2
0
 public function createPlan()
 {
     $errormsg = "";
     $showform = 1;
     // Cleanse title on submission
     $formfield['title'] = htmlspecialcharacters(stripslashes(trim($_POST['title'])));
     // Check if title name is empty
     if (empty($formfield['title'])) {
         $errormsg .= "<p>Title is empty</p>";
     }
     // Check for duplicate title
     if ($formfield['title'] != $_POST['origtitle']) {
         try {
             // Pulls titles from the database & binds
             // value to variable to be used
             $sqltitle = 'SELECT * FROM ' . DBNAME . ' WHERE title = :title';
             $stmttitle = $this->conn->prepare($sqltitle);
             $stmttitle->bindValue(':title', $formfield['title']);
             $stmttitle->execute();
             $count = $stmttitle->rowCount();
             //fix counttitle not declared???
             // if ($counttitle > 0) {
             //     $errormsg .= "<p>Duplicate plan name.</p>";
             // }
         } catch (PDOException $e) {
             echo 'Unable to fetch title to check for existing. ' . '<br />ERROR: <br />' . exit;
         }
     }
     // Update if no errors exist
     if ($errormsg != "") {
         echo $errormsg;
         echo "<p>Try again.</p>";
     } else {
         try {
             // Insert data into database
             $sqlupdate = 'UPDATE ' . DBNAME . ' SET title = :title WHERE ID = :ID';
             $stmtupdate = $this->conn->prepare($sqlupdate);
             $stmtupdate->bindValue(':title', $formfield['title']);
             $stmtupdate->bindValue(':ID', $_POST['x']);
             $stmtupdate->execute();
             // Hide form
             $showform = 0;
         } catch (PDOException $e) {
             echo 'Error updating title <br />ERROR: <br />' . $e->getMessage();
             exit;
         }
     }
     if ($showform == 1) {
         try {
             // Pull data from database for existing plans
             $sql = 'SELECT * FROM ' . DBNAME . ' WHERE ID = :ID';
             $stmt = $this->conn->prepare($sql);
             $stmt->bindValue(':ID', $_GET['x']);
             $stmt->execute();
             $row = $stmt->fetch();
             ?>
                 <!-- Form for changing plan title -->
                 <form action="#" id="titleForm" method="post" name="titleForm">
                     <input id="titleName" name="name" placeholder="Name" type="text">
                     <input type="submit" id="changeTitle" onclick="titleSubmit();" value="Submit">
                 </form>
                 <!-- End form -->
                 <?php 
         } catch (PDOException $e) {
             echo 'Error fetching plans. <br />ERROR: </br>' . $e->getMessage();
             exit;
         }
     }
 }
Exemplo n.º 3
0
function perform($action, $input)
{
    global $vars;
    $matches = array();
    $actions = array();
    $output = isset($vars[$input]) ? $vars[$input] : null;
    while (preg_match("#(\\w+)(\\s){0,1}(\\.*\\d*)(.*)#", $action, $actions) > 0) {
        if (preg_match("#(\\w+) (\\.*\\d+)#", $action, $matches)) {
            if ($matches[1] == "format") {
                $output = number_format($output, $matches[2]);
            }
            if ($matches[1] == "add") {
                $output = $output + $matches[2];
            }
            if ($matches[1] == "sub") {
                $output = $output - $matches[2];
            }
            if ($matches[1] == "div") {
                $output = $output / $matches[2];
            }
            if ($matches[1] == "mult") {
                $output = $output * $matches[2];
            }
        } else {
            if ($actions[1] == "format") {
                $output = number_format($output);
            }
            if ($actions[1] == "escape") {
                $output = htmlspecialcharacters($output);
            }
        }
        if ($matches) {
            $action = substr($action, strlen($matches[1] . " " . $matches[2]));
        } else {
            $action = substr($action, strlen($actions[1]));
        }
    }
    return $output;
}