function _removeCustomerCard($id, $card_no) { $dbh = ConnectToDB(); $sql = "DELETE FROM cust_card WHERE id = ? AND card_number = ?"; $stmt = $dbh->prepare($sql); $stmt->execute(array($id, $card_no)); return; }
function StartAccessToDB() { global $db_AccessCounter; if ($db_AccessCounter == 0) { ConnectToDB(); } $db_AccessCounter++; }
function removeCookie($user, $cookie) { $cookie = grHash($cookie, $user); $today = new DateTime("now"); //echo $cookie; $dbh = ConnectToDB(); $stmt = $dbh->prepare("UPDATE active_users SET session_expiration=? WHERE email=? AND last_session_code=?"); $stmt->execute(array(date("Y-m-d H:i:s", $today), $user, $cookie)); //echo $user; //echo $cookie; return; }
function getClassesID() { $db = ConnectToDB(); $sql = "SELECT * FROM class"; $result = $db->query($sql); if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { echo "<option value='" . $row['class_id'] . "'>" . $row['class_name'] . "</option>"; } } $result->close(); mysqli_close($db); }
function getEmployeeUsername() { $employee_id = $_POST['employee_id']; $dbh = ConnectToDB(); $sql = "SELECT * \n\t\t\tFROM login_info\n\t\t\tNATURAL JOIN employee\n\t\t\tWHERE id = ?\n\t"; $stmt = $dbh->prepare($sql); $stmt->execute(array($employee_id)); while ($row = $stmt->fetch()) { $obj = array(); $obj["username"] = $row['username']; $obj["work_dept"] = $row['work_dept']; $obj["salary"] = $row['salary']; echo json_encode($obj); return; } }
function _getReviews($item_id) { $dbh = ConnectToDB(); $sql = "\n\t\tSELECT *\n\t\tFROM review\n\t\tWHERE item_id = ?\n\t\tORDER BY date DESC\n\t"; $stmt = $dbh->prepare($sql); $stmt->execute(array($item_id)); $arr = array(); while ($row = $stmt->fetch()) { $obj = array(); $obj["date"] = $row["date"]; $obj["rating"] = $row["rating"]; $obj["comments"] = $row["text_comments"]; $arr[] = $obj; } return $arr; }
function _getMonthlySalesOrder($month, $year) { $dbh = ConnectToDB(); $sql = "\n\t\tSELECT date_of_purchase,order_id,customer_id,total_price\n\t\tFROM orders\n\t\tWHERE\n\t\tMONTH(date_of_purchase) = ?\n\t\tAND YEAR(date_of_purchase) = ?\n\t"; $stmt = $dbh->prepare($sql); $stmt->execute(array($month, $year)); $arr = array(); while ($row = $stmt->fetch()) { $obj = array(); $obj["date"] = $row["date_of_purchase"]; $obj["order_id"] = $row["order_id"]; $obj["customer_id"] = $row["customer_id"]; $obj["total"] = $row["total_price"]; $arr[] = $obj; } return $arr; }
function _searchItems($term_str, $order, $genre) { $dbh = ConnectToDB(); $sql = "\n\tSELECT item.*,avg_ratings.avg_rating \n\t\tFROM item\n\t\tLEFT JOIN (\n\t\t\tSELECT item_id,avg(rating) as avg_rating\n\t\t\tFROM review\n\t\t\tGROUP BY item_id\n\t\t) as avg_ratings\n\t\tON item.item_id = avg_ratings.item_id\n\tWHERE title LIKE '"; $sql = $sql . $term_str . "' "; $sql = $sql . " AND genre LIKE '" . $genre . "' "; $arr = array(); if ($order == 2) { $sql = $sql . " ORDER BY price ASC"; } else { if ($order == 3) { $sql = $sql . " ORDER BY price DESC"; } else { if ($order == 4) { $sql = $sql . " ORDER BY avg_rating DESC"; } else { if ($order == 5) { $sql = $sql . " ORDER BY avg_rating ASC"; } } } } //echo $sql; $stmt = $dbh->prepare($sql); $stmt->execute(array($term_str)); $arr = array(); while ($row = $stmt->fetch()) { $obj = array(); $obj["id"] = $row["item_id"]; $obj["title"] = $row["title"]; $obj["description"] = $row["description"]; $obj["genre"] = $row["genre"]; $obj["publisher"] = $row["publisher"]; $obj["publish_month"] = $row["publication_month"]; $obj["publish_year"] = $row["publication_year"]; $obj["image_url"] = $row["image_url"]; $obj["price"] = $row["price"]; if (isset($row["avg_rating"])) { $obj["avg_rating"] = $row["avg_rating"]; } $arr[] = $obj; } return json_encode($arr); }
function insertProjects() { $db = ConnectToDB(); $sql = "\r\nSELECT type_id FROM type WHERE type_title ='{$type}'\r\nUNION\r\nSELECT scope_id FROM scope WHERE scope_title='{$scope}';\r\n"; $result = $db->query($sql); if ($result->num_rows > 0) { // output data of each row while ($row = $result->fetch_assoc()) { $scope_type[] = $row['type_id']; } } if ($result2->num_rows > 0) { // output data of each row while ($row = $result2->fetch_assoc()) { $id = $row['project_id']; } } $result->close(); mysqli_close($db); }
<?php session_start(); if ($_SESSION['valid']) { if ($mysqli = ConnectToDB()) { $users = $mysqli->query(SelectElementsWhere("*", "id = " . $_SESSION['uid'] . "", "users")); if ($users->num_rows == 1) { $user = $users->fetch_assoc(); $_SESSION['firstname'] = $user['firstname']; } $users->free(); } if (CloseDBConnection($mysqli)) { } } else { $_SESSION['firstname'] = "Guest"; }
<?php ini_set('display_errors', '1'); error_reporting(E_ALL); require 'db.inc.php'; if (isset($_POST['search'])) { $q = $_POST['search']; } // echo 'displaying'. $q; $directory = 'uploads/'; $db = ConnectToDB(); $sql = "SELECT project_name, project_description, img_url, project_id FROM project WHERE project_name REGEXP '{$q}' OR project_description REGEXP '{$q}';"; $result = $db->query($sql); $c = 0; // Our counter $n = 3; if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { if ($c == 0) { echo '<div class="row">'; } if ($c % $n == 0 && $c != 0) { // New table row echo '</div><div class="row">'; } $c++; echo '<div class="col-md-4">'; echo '<h2><a href="project.php?project=' . $row['project_id'] . '">' . $row['project_name'] . '</a></h2>'; echo '<p>' . $row['project_description'] . '</p>'; echo '<div class="thumbnail"><img src="' . $directory . $row['img_url'] . '" alt="" class="img-responsive"></div>'; echo '</div>';
function _getCartItems($cart_id) { $dbh = ConnectToDB(); $sql = "\n\t\tSELECT item_id,title,price,quantity,price*quantity as item_total\n\t\tFROM item natural join items_in_cart\n\t\tWHERE cart_id = ?\n\t\tAND quantity > 0\n\t"; $stmt = $dbh->prepare($sql); $stmt->execute(array($cart_id)); $arr = array(); while ($row = $stmt->fetch()) { $obj = array(); $obj["id"] = $row["item_id"]; $obj["title"] = $row["title"]; $obj["price"] = $row["price"]; $obj["quantity"] = $row["quantity"]; $obj["item_total"] = $row["item_total"]; $arr[] = $obj; } return $arr; }
function _fillOrder($oid, $iid, $wid, $quant) { print_r(array($oid, $iid, $wid, $quant)); $dbh = ConnectToDB(); $sql = "\n\t\tINSERT IGNORE INTO items_fulfilled(order_id,item_id,warehouse_id,quantity)\n\t\tVALUES(?,?,?,0);\n\t\t\n\t\tUPDATE items_fulfilled\n\t\tSET quantity=quantity+?\n\t\tWHERE order_id = ?\n\t\tAND item_id = ?\n\t\tAND warehouse_id = ?;\n\t\t\n\t\tUPDATE has_inventory\n\t\tSET quantity = quantity-?\n\t\tWHERE warehouse_id = ?\n\t\tAND item_id = ?;\n\t\t"; $stmt = $dbh->prepare($sql); $stmt->execute(array($oid, $iid, $wid, $quant, $oid, $iid, $wid, $quant, $wid, $iid)); return 1; }
function _updatePersonalInfo($id, $fname, $mi, $lname, $phone, $email) { $dbh = ConnectToDB(); $sql = "REPLACE INTO customer(id,first_name,middle_initial,last_name,phone,email) VALUES(?,"; $arr = array($id); // first name if (isset($fname) && $fname != "") { $arr[] = $fname; $sql = $sql . "?,"; } else { $sql = $sql . "'',"; } // middle initial if (isset($mi) && $mi != "") { $arr[] = $mi; $sql = $sql . "?,"; } else { $sql = $sql . "'',"; } // last name if (isset($lname) && $lname != "") { $arr[] = $lname; $sql = $sql . "?,"; } else { $sql = $sql . "'',"; } // phone if (isset($phone) && $phone != "") { $arr[] = $phone; $sql = $sql . "?,"; } else { $sql = $sql . "'',"; } // email if (isset($email) && $email != "") { $arr[] = $email; $sql = $sql . "?)"; } else { $sql = $sql . "'')"; } //echo $sql; //print_r($arr); $stmt = $dbh->prepare($sql); $stmt->execute($arr); }
<?php /* Получение списка соксов, находящихся в онлайне. Файл должен быть выложен в корень панели управления. */ define('__CP__', 1); require_once 'system/global.php'; if (!@(include_once 'system/config.php')) { die; } HTTPNoCacheHeaders(); HTTPU8PlainHeaders(); if (!ConnectToDB() || !($r = @mysql_query('SELECT bot_id, ipv4, port_s1 FROM botnet_list WHERE flag_nat=0 AND rtime_last>=' . (time() - BOTNET_TIMEOUT)))) { die('MySQL error: ' . mysql_error()); } while ($m = mysql_fetch_row($r)) { echo "{$m[0]} {$m[1]}:{$m[2]}\r\n"; }
function _getOrders($customer_id) { $dbh = ConnectToDB(); $sql = "\n\t\tSELECT *\n\t\tFROM orders\n\t\tWHERE customer_id = ?\n\t"; $stmt = $dbh->prepare($sql); $stmt->execute(array($customer_id)); $arr = array(); while ($row = $stmt->fetch()) { $obj = array(); $obj["order_id"] = $row["order_id"]; $obj["customer_id"] = $row["customer_id"]; $obj["date"] = $row["date_of_purchase"]; $obj["total_price"] = $row["total_price"]; $obj["discount"] = $row["discount"]; $obj["card_number"] = $row["card_number"]; $obj["address_id"] = $row["address_id"]; $arr[] = $obj; } return $arr; }
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <?php include "./config.php"; include "./functions.php"; $query = $_SERVER['QUERY_STRING']; parse_str($query); ConnectToDB($server, $user, $pw, $dbname); ?> <style type="text/css"> <!-- @import url("./style.css"); --> </style> <script> <!-- function setfocus() { document.form1.cmd.focus(); document.form1.logfield.scrollTop = '9999'; } --> </script> </head>
$result = mysql_query($qs, $LinkDB); if ($result) { if (mysql_affected_rows() > 0) { $bOk = true; } } } return $bOk; } /* * ------------------------------------------------------------- * create connection * ------------------------------------------------------------- */ $DBLink = $DBConn = NULL; ConnectToDB($DBLink, $DBConn, $sDBHost, $sDBUser, $sDBPwd, $sDBName, $newLink = false); /* * ------------------------------------------------------------- * variable inisialisasi * ------------------------------------------------------------- */ $chP = "checked"; $chC = ""; /* * ------------------------------------------------------------- * action add/edit/delete * ------------------------------------------------------------- */ $tbl = "CSCCORE_DOWN_CENTRAL_GROUP"; $recId = $recNm = $recPrnt = ""; $valHdnFrm = '<input type="hidden" name="ask" value="' . base64_encode('ad') . '">';
?> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr" dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Config Rename</title> <script type="text/javascript"> function GoBack() { location.replace("screenconfig.php"); } </script> </head> <body> <?php $PHP_SELF = $_SERVER['PHP_SELF']; ConnectToDB(); $rcid = isset($_GET['rcid']) ? intval($_GET['rcid']) : 0; if ($rcid > 0) { $sql = "SELECT rc.name rcname, c.name cname FROM mopcompetition c, resultconfig rc WHERE rc.rcid={$rcid}"; $res = mysql_query($sql); if (mysql_num_rows($res) > 0) { $r = mysql_fetch_array($res); $rcname = $r['rcname']; print "<form method=GET action='screenconfig.php'>"; print "<input type='hidden' name='action' value='update'>"; print "<input type='hidden' name='rcid' value='{$rcid}'>"; print MyGetText(54) . " : <input type='text' name='configname' value='{$rcname}' size=64 maxlength=64><br/>"; // New name print "<br/><input type='submit' value='" . MyGetText(52) . "'> "; // OK print "<input type='button' value='" . MyGetText(53) . "' onclick='GoBack();'>";
function _addCustomerAddress($id, $addr_id) { $dbh = ConnectToDB(); $sql = "INSERT INTO cust_addr(id,address_id) VALUES(?,?)"; $stmt = $dbh->prepare($sql); $stmt->execute(array($id, $addr_id)); return; }