/**
* Create a new collection using an uri or a pattern
*
* f.ex. tag:foo, category:bar, title:*, *, user:bob
*
*/
public function __construct($selection, Paginator $paginator = null)
{
// Create a collection from a tag, category, title, user etc.
$db = new DatabaseConnection();
$sql = $db->quote('SELECT * FROM galleryitems');
$count = $db->quote('SELECT COUNT(*) AS numitems FROM galleryitems');
// If we have a paginator, make use of it
if ($paginator) {
$sql .= ' ' . $paginator->getSqlLimit();
}
// Then select the rows and the total count
$rs = $db->getRows($sql);
$rsc = $db->getSingleRow($count);
}
public function submitComment()
{
$conn = new DatabaseConnection();
if (!isset($_GET['replyid'])) {
$sentence = 'CALL addComment(' . $_SESSION['bookid'] . ',' . $_SESSION['id'] . ",'" . $_POST['comment'] . "')";
} else {
$sentence = 'CALL addReply(' . $_SESSION['bookid'] . ',' . $_SESSION['id'] . ',' . $conn->quote($_POST['reply']) . ',' . $_GET['replyid'] . ')';
}
$conn->query($sentence);
}
public function register($username, $city, $sex, $mail, $pass, $ver_pass)
{
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
return 'badmail';
} else {
if ($pass != $ver_pass) {
return 'passdontmatch';
} else {
if (sizeof($username) < 1) {
return 'nameerror';
} else {
$conn = new DatabaseConnection();
$username = $conn->quoteConcat($username);
$city = $conn->quoteConcat($city);
$sex = $conn->quoteConcat($sex);
$mail = $conn->quoteConcat($mail);
$pass = $conn->quote($pass);
$sentence = 'SELECT registro(' . $username . $city . $sex . $mail . $pass . ")";
$conn->singleton($sentence);
return 'good';
}
}
}
}
function getAutor($idAutor)
{
$conn = new DatabaseConnection();
$idAutor = $conn->quote($idAutor);
return $conn->query('CALL datosAutor(' . $idAutor . ')');
}
public function add()
{
switch ($_GET['type']) {
case 'book':
$conn = new DatabaseConnection();
// Define the upload img directory
$upload_dir = 'view/img/books/';
$def_book_pic = 'view/img/icon-default-book.png';
// If there's no picture selected
if ($_FILES['picture']['error'] == 4) {
if ($_POST['def_pic'] == $def_book_pic) {
// If the picurl is the same as that of default picurl
$sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($def_book_pic) . ')';
} else {
// Else, it means that it already has a default picture, so it keeps it
$sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($_POST['def_pic']) . ')';
}
} else {
// Now we define the name of the file
$filename = $upload_dir . basename($_FILES['picture']['name']);
// nombre del archivo
// If the name of the picture is different
if ($filename != $_POST['def_pic']) {
// Erase the stored picture
unlink($_POST['def_pic']);
}
move_uploaded_file($_FILES['picture']['tmp_name'], $filename);
$sentence = 'CALL insertLibro(' . $_POST['id_autor'] . ',' . $_POST['id_genero'] . ',' . $_POST['id_editorial'] . ',' . $conn->quote($_POST['titulo']) . ',' . $conn->quote($_POST['fecha_publicacion']) . ',' . $conn->quote($_POST['resumen']) . ',' . $conn->quote($filename) . ')';
}
$conn->query($sentence);
break;
case 'author':
$conn = new DatabaseConnection();
// Define the upload img directory
$upload_dir = 'view/img/authors/';
$def_user_pic = 'view/img/authors/icon-user-default.png';
// If no file is selected
if ($_FILES['picture']['error'] == 4) {
if ($_POST['def_pic'] == $def_user_pic) {
$sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($def_user_pic) . ')';
} else {
$sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($_POST['def_pic']) . ')';
}
} else {
// Now we define the name of the file
$filename = $upload_dir . basename($_FILES['picture']['name']);
// Name of the file
$sentence = 'INSERT INTO autor (nombre_autor, pais_autor, seudonimo, biografia, picurl) VALUE (' . $conn->quote($_POST['nombre_autor']) . ',' . $conn->quote($_POST['pais_autor']) . ',' . $conn->quote($_POST['seudonimo']) . ',' . $conn->quote($_POST['biografia']) . ',' . $conn->quote($filename) . ')';
move_uploaded_file($_FILES['picture']['tmp_name'], $filename);
}
$conn->query($sentence);
break;
case 'editorial':
$conn = new DatabaseConnection();
$sentence = 'INSERT INTO editorial (nombre_editorial, pais_editorial, fundador, fundacion) VALUE (' . $conn->quoteConcat($_POST['nombre_editorial']) . $conn->quoteConcat($_POST['pais_editorial']) . $conn->quoteConcat($_POST['fundador']) . $_POST['fundacion'] . ')';
$conn->query($sentence);
break;
case 'genre':
$conn = new DatabaseConnection();
$conn->query('INSERT INTO genero (descripcion_genero) VALUE (' . $conn->quote($_POST['descripcion_genero']) . ')');
break;
case 'reader':
$conn = new DatabaseConnection();
// Define the upload img directory
$upload_dir = 'view/img/users/';
$def_user_pic = 'view/img/icon-user-default.png';
// If there's no picture selected
if ($_FILES['picture']['error'] == 4) {
$sentence = 'CALL agregaUsuario(' . $conn->quote($_POST['nombre_lector']) . ',' . $conn->quote($_POST['ciudad_lector']) . ',' . $conn->quote($_POST['sexo']) . ',' . $conn->quote($_POST['email']) . ',' . $conn->quote($_POST['password']) . ',' . $conn->quote($_POST['def_pic']) . ',' . $_POST['id_tipo_usuario'] . ')';
} else {
// Now we define the name of the file
$filename = $upload_dir . $_SESSION['id_lector'] . '.' . pathinfo($_FILES['picture']['name'], PATHINFO_EXTENSION);
// nombre del archivo
// If the name of the picture is different
if ($filename != $_POST['def_pic'] && $_POST['def_pic'] != $def_user_pic) {
// Erase the stored picture
unlink($_POST['def_pic']);
}
move_uploaded_file($_FILES['picture']['tmp_name'], $filename);
$sentence = 'CALL agregaUsuario(' . $conn->quote($_POST['nombre_lector']) . ',' . $conn->quote($_POST['ciudad_lector']) . ',' . $conn->quote($_POST['sexo']) . ',' . $conn->quote($_POST['email']) . ',' . $conn->quote($_POST['password']) . ',' . $conn->quote($filename) . ',' . $_POST['id_tipo_usuario'] . ')';
}
$conn->query($sentence);
break;
}
}
public function quote($string, $parameter_type = \PDO::PARAM_STR)
{
return $this->connection->quote($string, $parameter_type);
}
function logout()
{
$conn = new DatabaseConnection();
$conn->singleton('SELECT logout(' . $conn->quote($_SESSION['mail']) . ')');
}
private function geoLocationInsertBatch($batch)
{
$db = new DatabaseConnection();
$sql = 'REPLACE INTO geonames VALUES ';
$rowdata = array();
foreach ($batch as $row) {
foreach ($row as $id => $data) {
$row[$id] = $db->quote($data);
}
$rowdata[] = "(" . join(",", $row) . ")";
}
$this->records += count($rowdata);
$sql .= join(',', $rowdata);
try {
$db->exec($sql);
} catch (Exception $e) {
echo $e;
die;
}
}
public function searchBook($searchstring)
{
$conn = new DatabaseConnection();
$searchstring = $conn->quote('.*' . $searchstring . '.*');
return $conn->query('CALL searchBook(' . $searchstring . ')');
}
