function DisplayFullText() { $conn = connectToDB(); $FeedbackID = $_GET['FeedbackID']; SanitizeIn($FeedbackID); $sql = "SELECT `Text` FROM `Feedbacks` WHERE `FeedbackID`='" . $FeedbackID . "'"; $feedback = GetSingleDbValue($sql, $conn); if (!$feedback) { echo 'No such feedback found.'; } else { echo SanitizeOut($feedback['Text']); } $conn->close(); }
function GetMySubscriptions() { $user = getUser(); $conn = connectToDB(); $sql = "SELECT `TName` FROM `Subscriptions` WHERE `UserID`='" . $user->userID . "'"; $tags = CheckedQuery($sql, $conn); $retVal = array(); if ($tags) { while ($tag = $tags->fetch_assoc()) { $retVal[SanitizeOut($tag['TName'])] = true; } } $conn->close(); return $retVal; }
<h6><center>Each line is a single link. Format: Link Displayed Text, Link URL. Example:</center></h6> <h6><center>Very Relevant Test Item, http://tvtropes.org/pmwiki/pmwiki.php/Main/Rickroll</center></h6> <div class="container white z-depth-2"> <div class="row"> <form class="col s12"> <div class="row"> <div class="input-field s12"> <?php include_once "Backend/Sanitize.php"; //Link editing $contents = file_get_contents("Links.csv"); if (!$contents) { $contents = ""; echo '<center><h6>Warning: links not loaded.</h6></center>'; } echo '<textarea name="Links" class="materialize-textarea">' . SanitizeOut($contents) . '</textarea>'; ?> </div> </div> <div class="row center"> <button class="btn waves-effect waves-light red lighten-1" type="submit" name="action" onclick="history.go(-1);">Cancel</button> <button class="btn waves-effect waves-light " type="submit" name="action" formmethod="POST">Save <i class="mdi-content-send right"></i> </button> </div> </form> </div> </div>
<!--<table class="hoverable centered white responsive-table z-depth-2 sortable">--> <table class="hoverable centered white responsive-table z-depth-2 sortable"> <thead> <tr> <th data-field="Lname">Last Name</th> <th data-field="Fname">First Name</th> <th data-field="Major">Major</th> <th data-field="Minor">Minor</th> <th data-field="Year">Year</th> <th data-field="Employer">Employer</th> </tr> </thead> <tbody> <?php require_once "Common.php"; require_once "Sanitize.php"; $conn = connectToDB(); $result = $conn->query("SELECT UserID, " . "case when LENGTH(FirstName)>30 then CONCAT(LEFT(FirstName, 27), '...') else FirstName end FirstName, " . "case when LENGTH(LastName)>30 then CONCAT(LEFT(LastName, 27), '...') else LastName end LastName, " . "GradYear FROM `Users` " . "WHERE NOT EXISTS (SELECT * FROM `Permissions` WHERE `Permissions`.UserID = `Users`.UserID)"); //$result = $conn->query('SELECT UserID, FirstName, LastName, GradYear FROM `Users` ' . // 'WHERE NOT EXISTS (SELECT * FROM `Permissions` WHERE `Permissions`.UserID = `Users`.UserID)'); if (!$result) { die('Invalid query: ' . $conn->error); } while ($row = $result->fetch_assoc()) { echo '<tr><td style="word-wrap: break-word">' . SanitizeOut($row['LastName']) . '</td><td style="word-wrap: break-word">' . SanitizeOut($row['FirstName']) . '</td><td>' . getDegreeFor($row['UserID'], $conn, 1) . '</td><td>' . getDegreeFor($row['UserID'], $conn, 0) . '</td><td>' . SanitizeOut($row['GradYear']) . '</td><td>' . getEmployerFor($row['UserID'], $conn) . '</td></tr>'; } $conn->close(); ?> </tbody> </table>
function getTagsArray() { $conn = connectToDB(); SanitizeIn($FeedbackID); $sql = "SELECT * FROM `Tags`"; $tags = CheckedQuery($sql, $conn); $retVal = array(); if ($tags) { while ($tag = $tags->fetch_assoc()) { $retVal[SanitizeOut($tag['CName'])][SanitizeOut($tag['TName'])] = SanitizeOut($tag['TEntryAdvice']); } } $conn->close(); return $retVal; }