include 'logincheck.php'; $room = ''; //***** Errors loading config ***** $result = ''; $queryString = ''; include 'config.php'; include 'string.php'; //contains functions for string manipulation include 'sql.php'; //contains all the sql functions if (isset($_POST['roomID']) && !empty($_POST['roomID']) && isset($_POST['itemName']) && !empty($_POST['itemName'])) { $roomID = $_POST['roomID']; $itemName = $_POST['itemName']; //check to ensure no sql injection attachs $itemName = stringChecker($itemName); //Uppercase the item name $itemName = ucfirst($itemName); $queryString = "insert into items (roomID,itemName) values ({$roomID},'{$itemName}');"; $result = insert($queryString, $itemName); } ?> <html> <head> <title>Checklist</title> <?php include 'head.txt'; ?> </head> <body>
$roomID = $_POST['roomID']; if ($_POST['aquired'] = 'on') { $aquired = 1; } else { $aquired = 0; } if (empty($_POST['itemPrice'])) { $price = null; } else { $price = stringChecker($_POST['itemPrice']); } if (empty($_POST['itemSize'])) { $size = 'null'; } else { //check for sql injection attacks $size = stringChecker($_POST['itemSize']); //wrap in quotes $size = "'" . $size . "'"; } //build query $queryString = "update items set roomid={$roomID}, aquired={$aquired}, price={$price}, size={$size} where id={$id};"; //execute Query $result = update($queryString); if ($result = 'Updated') { header('refresh:3;url=display.php'); } } //****** all below is for display purposes ******* //fills in drop down box with available rooms $connection = mysql_connect($serverName, $dbUsername, $dbPassword); // Selecting Database
<?php include 'logincheck.php'; $room = ''; $result = ''; if (isset($_POST['room']) && !empty($_POST['room'])) { //include config include 'config.php'; include 'functions/string.php'; //contains functions for string manipulation $room = stringChecker($room); $room = $_POST['room']; //fill in room $room = ucfirst($room); //upper case the first word $connection = mysql_connect($serverName, $dbUsername, $dbPassword); // Selecting Database $db = mysql_select_db($dbName, $connection); // SQL query to fetch information of registerd users and finds user match. $query = mysql_query("insert into rooms (roomName) Values('{$room}');", $connection); if ($query == 1) { $result = "{$room} added"; } else { $result = 'Error'; } mysql_close($connection); // Closing Connection } ?> <html>
$result = ''; if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) { include 'config.php'; include 'functions/string.php'; //contains functions for string manipulation //Declare Variables // Define $username and $password $username = $_POST['username']; $passwd = $_POST['password']; //Encrypt the password $passwd = passwdEncrypt($passwd); //ensure username is lowercase $username = strtolower($username); //check to ensure no sql injection attachs $username = stringChecker($username); $passwd = stringChecker($passwd); //******To do, check the uname session exists otherwise return to login with error message $connection = mysql_connect($serverName, $dbUsername, $dbPassword); // Selecting Database $db = mysql_select_db($dbName, $connection); // SQL query to fetch information of registerd users and finds user match. $query = mysql_query("insert into users (username,passwd) Values('{$username}','{$passwd}');", $connection); if ($query == 1) { $result = "{$username} added"; } else { $result = 'Error'; } mysql_close($connection); // Closing Connection } ?>
//include config include 'config.php'; include 'string.php'; //contains functions for string manipulation //used to check login information //Declare Variables // Define $username and $password $username = $_POST['username']; $passwd = $_POST['password']; //encrypt the password $passwd = passwdEncrypt($passwd); //ensure username is lowercase $username = strtolower($username); // To protect MySQL injection for Security purpose $passwd = stringChecker($passwd); $username = stringChecker($username); $error = ''; // Variable To Store Error Message $connection = mysql_connect($serverName, $dbUsername, $dbPassword); //$username = stripslashes($username); //$passwd = stripslashes($passwd); //$username = mysql_real_escape_string($username); //$passwd = mysql_real_escape_string($passwd); // Selecting Database $db = mysql_select_db($dbName, $connection); // SQL query to fetch information of registerd users and finds user match. $query = mysql_query("SELECT id, username, passwd FROM users where passwd='{$passwd}' AND username='******'", $connection); $rows = mysql_num_rows($query); $resultRow = mysql_fetch_row($query); if ($rows == 1) { //session_start(); // Starting Session