<?php header("Content-Type:application/json; "); require_once('loader.php'); if( $_POST['s_no']!='' ){ $sql = "DELETE FROM schedule WHERE s_no = ?"; $ans = sql_i( $sql,array( $_POST['s_no'] ) ); if( $ans ){ echo json_encode( 'SUCCESS !' ); } else echo json_encode('行程表新增失敗,確認參數是否設置成功 ?'); }
<?php header("Content-Type:application/json; "); require_once('loader.php'); if( $_POST['account']!='' ){ // $sql = "INSERT INTO `accounts`(`ac_no`, `account`, `password`, `name`, `picture`, `type`, `level`) VALUES (?,?,?,?,?,?,?)"; // $ans = sql_i( $sql,array( 'null',$_POST['account'],$_POST['password'],$_POST['name'],'1','traveler','1' ) ); $sql = "INSERT INTO `account`(`account_no`, `account`, `password`, `name`,`type`, `picture_name`,`sign`,`birthday`,`level`) VALUES (?,?,?,?,?,?,?,?,?)"; $ans = sql_i( $sql,array( 'null',$_POST['account'],'none',$_POST['name'],$_POST['type'],$_POST['picture_name'],$_POST['sign'],$_POST['birthday'],'1' ) ); if( $ans ){ echo json_encode( 'SUCCESS !' ); } else echo json_encode('帳號新增失敗 ?'); }
echo 'Success !! '; } } else{ $sql_arr = array(); array_push( $sql_arr,'null' ); array_push( $sql_arr,$url[$i]['title'] ); array_push( $sql_arr,$url[$i]['descriptionFilterHtml'] ); array_push( $sql_arr,$url[$i]['showInfo'][0]['longitude'] ); array_push( $sql_arr,$url[$i]['showInfo'][0]['latitude'] ); array_push( $sql_arr,'opendata' ); array_push( $sql_arr,$url[$i]['showInfo'][0]['time'] ); array_push( $sql_arr,$url[$i]['showInfo'][0]['endTime'] ); array_push( $sql_arr,$url[$i]['sourceWebName'] ); array_push( $sql_arr,'parent' ); array_push( $sql_arr,$url[$i]['showInfo'][0]['location'].$url[$i]['showInfo'][0]['locationName'] ); sql_i($sql,$sql_arr); echo 'Success !! '; } }else{ echo 'Error !! '; } } break; default: echo 'Action error!'; break; }
<?php header("Content-Type:application/json; "); require_once('loader.php'); if( $_POST['setting_no']!='' ){ $sql = "INSERT INTO `schedule`(`s_no`, `setting_no`, `sort`, `data_no`) VALUES (?,?,?,?)"; $ans = sql_i( $sql,array( 'null',$_POST['setting_no'],$_POST['sort'],$_POST['data_no'] ) ); if( $ans ){ echo json_encode( 'SUCCESS !' ); } else echo json_encode('行程表新增失敗,確認參數是否設置成功 ?'); }
<?php header("Content-Type:text/html; charset=utf-8"); require_once 'loader.php'; $sql = "SELECT * FROM rank WHERE ac_no=? AND se_no =?"; $ans_count = count(sql_q($sql, array($_POST['ac_no'], $_POST['se_no']))); if ($ans_count == '0') { $sql = "INSERT INTO `rank`(`rank_no`, `ac_no`, `se_no`, `score`) VALUES (?,?,?,?)"; $ans = sql_i($sql, array('null', $_POST['ac_no'], $_POST['se_no'], $_POST['score'])); } else { $sql = "UPDATE rank SET score =? WHERE ac_no=? AND se_no =?"; $ans = sql_i($sql, array($_POST['score'], $_POST['ac_no'], $_POST['se_no'])); } if ($ans) { echo json_encode(array($_POST['score'])); } else { echo json_encode('增加分數失敗 !'); }
$edi = $_POST; $edi_base = array(); $sql = "UPDATE data SET "; foreach ($edi as $key => $value) { if( !strcmp( $key , "d_no" ) ){ $sql .= "WHERE ".$key."=? "; array_push( $edi_base , $value ); $sql = substr_replace( $sql , " " , strrpos( $sql , ",") , "1" ); } elseif( !empty($value) ){ $sql .= $key ."=? ,"; array_push( $edi_base , $value );//這邊邏輯要注意 } } if( sql_i( $sql,$edi_base ) ){ echo "<script language=javascript> alert('編輯資料成功!!'); window:location.href='".$_SERVER["HTTP_REFERER"]."'; </script>"; } else{ echo "<script language=javascript> alert('編輯資料失敗!!'); window:location.href='".$_SERVER["HTTP_REFERER"]."'; </script>"; } ?>
<?php header("Content-Type:application/json; "); require_once('loader.php'); $nextWeek = time() + (7 * 24 * 60 * 60); if( $_POST['title']!='' ){ $sql = "INSERT INTO `post`(`post_no`, `image_name`, `x`, `y`, `category`, `address`, `content`, `title`, `note`, `score`, `time`) VALUES (?,?,?,?,?,?,?,?,?,?,?)"; $ans = sql_i( $sql,array( 'null',$_POST['image_name'],$_POST['x'],$_POST['y'],$_POST['category'],$_POST['address'],$_POST['content'],$_POST['title'],$_POST['note'],'0',date("Y-m-d") ) ); if( $ans ){ echo json_encode( 'SUCCESS !' ); } else echo json_encode('default ?'); }
function update_record( $column ){ # SQL Injection examine if ( strlen($column) > 8 ) return false; for ( $i=0 ; $i<strlen($column) ; $i++ ) if ( ($column{$i} < 'a') || ($column{$i} > 'z') ) return false; $sessionData = get_sessionData(); $sql = "UPDATE record SET ".$column."='1' WHERE record_id=? "; return sql_i( $sql, array( $sessionData['record_id'] ) ); }
<?php header("Content-Type:application/json; "); require_once('loader.php'); if($_POST['account']!=''){ // $sql = "INSERT INTO `accounts`(`ac_no`, `account`, `password`, `name`, `picture`, `type`, `level`) VALUES (?,?,?,?,?,?,?)"; // $ans = sql_i( $sql,array( 'null',$_POST['account'],$_POST['password'],$_POST['name'],'1','traveler','1' ) ); $sql = "INSERT INTO `account`(`account_no`, `account`, `password`, `name`,`type`, `picture_name`,`sign`,`birthday`,`level`) VALUES (?,?,?,?,?,?,?,?,?)"; $ans = sql_i( $sql,array('NULL',$_POST['account'],$_POST['password'],$_POST['name'],$_POST['type'],$_POST['picture_name'],$_POST['sign'],$_POST['birthday'],'1' ) ); //$ans = sql_i( $sql,array('NULL',$_GET['account'],$_GET['password'],$_GET['name'],$_GET['type'],$_GET['picture_name'],$_GET['sign'],$_GET['birthday'],'1' ) ); } if( $ans ){ echo json_encode( 'SUCCESS !' ); }else echo json_encode('Fail!');
<?php header("Content-Type:text/html; charset=utf-8"); require_once('loader.php'); $datetime = date ("YmdHis"); $file_path = "picture/"; $file_path = $file_path . basename( $_FILES['uploaded_file']['name'] ); move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path); $sql = "INSERT INTO sch_setting(`se_no`, `se_title`, `picture_name`,`account_no`) VALUES (?, ?,?,? ) "; $ans = sql_i( $sql,array( 'null',$_POST['title'],$_FILES['uploaded_file']['name'] ,$_POST['account_no']) ); if( $ans ){ $sql = "SELECT * FROM sch_setting WHERE se_title = ? AND account_no = ?"; $ans = sql_q( $sql,array( $_POST['title'],$_POST['account_no'] ) ); echo json_encode( $ans ); } else echo json_encode('標題新增失敗,確認參數是否設置成功 ?');