function save_xml_tutorial(&$file) { global $username; debug_msg("File type is XML"); $tmpfile = $file["tmp_name"]; $filename = $file["name"]; $filepath = "users/{$username}"; debug_msg("Path: {$filepath}"); $pathname = "{$filepath}/{$filename}"; debug_msg("File will be saved as ../{$pathname}"); // Check if file exists and if not, write the data if (file_exists("../{$pathname}")) { debug_msg("File exists - temporary storage"); if (!is_dir("../{$filepath}/temp/")) { mkdir("../{$filepath}/temp/"); } move_uploaded_file($tmpfile, "../{$filepath}/temp/{$filename}"); $result = false; } else { move_uploaded_file($tmpfile, "../{$pathname}"); debug_msg("Move succeeded"); // update database $filenoext = stripextension($filename); open_db(); $date = date("Y-m-d"); $sql = "INSERT INTO file (file_date, file_author, file_path, file_name)" . " VALUES ('{$date}','{$username}','{$filepath}','{$filenoext}')" . " ON DUPLICATE KEY UPDATE file_date='{$date}';"; query_db($sql); $result = $filenoext; } return $result; }
function is_damaged($isbn, $copy) { include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php'; $select = 'SELECT is_damaged'; $from = ' FROM book_copies'; $where = ' WHERE isbn LIKE "' . $isbn . '" AND copy_num LIKE "' . $copy . '"'; $result = query_db($link, $select . $from . $where); $book = mysqli_fetch_array($result); if ($book['is_damaged']) { return true; } return false; }
function resetPasswordByToken($token) { $row = get_row_null(sprintf("SELECT * FROM reset_password_tokens LEFT JOIN user_info ON reset_password_tokens.uid = user_info.uid WHERE reset_password_tokens.token='%s';", mysql_real_escape_string($token))); if (!$row) { return FALSE; } // check for token expiry $now = time(); $tokentime = strtotime($row["timestamp"]); if ($now - $tokentime > 24 * 60 * 60) { return FALSE; } resetPassword($row, NULL); query_db(sprintf("DELETE FROM reset_password_tokens WHERE token='%s';", mysql_real_escape_string($token))); return TRUE; }
<?php # This file is part of MachDB. For license info, read LICENSE include 'include/config.php'; include 'include/common.php'; include 'include/smarty.php'; # connect to DB $db = connect_db($mysqlserver, $mysqluser, $mysqlpassword, $mysqldatabase); $queryhostid = $_GET['id']; # query pkgs $pkg_query = query_db("SELECT pkg.name,pkg.version,pkg.release,pkg.arch,host_pkg.timestamp,host_pkg.id AS host_pkg_id,pkg.id FROM pkg,host_pkg WHERE host_pkg.host_id = '{$queryhostid}' AND pkg.id = host_pkg.pkg_id ORDER BY timestamp,name"); while ($_row = mysql_fetch_assoc($pkg_query)) { $pkg[] = $_row; } $smarty->assign('pkg', $pkg); $smarty->assign('hostid', $queryhostid); $smarty->display('pkg.tpl'); close_db($db); ?>
<?php require_once "connect.php"; // Gives us $con require_once "thermo_functions.php"; require_once "constants.php"; $qry_str = 'SELECT `value` FROM `status` WHERE `id` IN (' . CURRENT_SETPOINT_ID . ', ' . CURRENT_TEMP_ID . ', ' . MODE_ID . ', ' . OCCUPIED_ID . ', ' . HEAT_STATUS_ID . ', ' . COOL_STATUS_ID . ', ' . FAN_STATUS_ID . ') ORDER BY `id` ASC;'; $result = query_db($con, $qry_str); # 1 $entry = fetch_array_db($result); $return['current_temp'] = $entry['value']; # 2 $entry = fetch_array_db($result); $return['current_setpoint'] = $entry['value']; # 3 $entry = fetch_array_db($result); $return['mode'] = $entry['value']; # 18 $entry = fetch_array_db($result); $return['occupied'] = $entry['value']; # 19 $entry = fetch_array_db($result); $return['heat_status'] = $entry['value']; # 20 $entry = fetch_array_db($result); $return['cool_status'] = $entry['value']; # 21 $entry = fetch_array_db($result);
query_db($link, $insert . $values); $update = 'UPDATE book_copies'; $set = ' SET is_on_hold = 1'; $where = ' WHERE isbn LIKE "' . $book['isbn'] . '" AND copy_num LIKE "' . $book['copy'] . '"'; query_db($link, $update . $set . $where); } if (isset($_GET['futurehold'])) { session_start(); include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php'; $isbn = mysqli_real_escape_string($link, $_POST['isbn']); $user = mysqli_real_escape_string($link, $_SESSION['user']); $select = 'SELECT isbn, copy_num, MAX(return_date) as exp_date'; $from = ' FROM issues NATURAL JOIN book_copies'; $where = ' WHERE isbn LIKE "' . $isbn . '" AND ' . 'is_checked_out=1 AND is_on_hold=0 AND is_returned=0 AND is_damaged=0'; $result = query_db($link, $select . $from . $where); if (mysqli_num_rows($result) > 0) { $book = mysqli_fetch_array($result); $update = 'UPDATE book_copies'; $set = ' SET is_on_hold=1, future_requester="' . $user . '"'; $where = ' WHERE isbn LIKE "' . $book['isbn'] . '" AND copy_num LIKE "' . $book['copy_num'] . '"'; echo $update . $set . $where; query_db($link, $update . $set . $where); $insert = 'INSERT INTO issues (username, isbn, copy_num, issue_date, return_date)'; $values = ' VALUES ("' . $user . '", "' . $book['isbn'] . '", "' . $book['copy_num'] . '", "' . $book['exp_date'] . '", DATE_ADD("' . $book['exp_date'] . '", INTERVAL 17 DAY))'; echo $insert . $values; query_db($link, $insert . $values); } else { $error = 'Book is on hold'; } } include 'search.html.php';
function has_result($query) { $result = query_db($query); return mysql_num_rows($result) > 0; }
function outputPlugins() { connect_db(); $ordervar = @$_GET["order"] ? quote_db(@$_GET["order"]) : "moddate"; $asc_desc = @$_GET["sort"] ? quote_db(@$_GET["sort"]) : "DESC"; $result = query_db("SELECT * FROM plugins ORDER BY {$ordervar} {$asc_desc}"); $now = time(); $i = 0; while ($row = mysql_fetch_array($result)) { $moddate_unix = strtotime($row['moddate']); $odd = $i % 2 == 1; $image_file = file_exists($row['image']) ? $row['image'] : "images/noicon.png"; echo '<div class="box name' . ($odd ? ' odd' : '') . '" >'; echo ' <img src="' . $image_file . '" alt="plugin icon" />'; echo ' <a href="http://qsapp.com/plugins/plugins/' . $row['fullpath'] . '">' . $row['name'] . '</a>'; if ($now - $moddate_unix <= 5184000) { echo ' <sup><span style="color:#ff0000;" >new!</span></sup>'; } echo '</div>'; echo '<div class="box version' . ($odd ? ' odd' : '') . '" >' . $row['version'] . ' </div>'; echo '<div class="box updated' . ($odd ? ' odd' : '') . '" >' . $row['moddate'] . ' </div>'; // <div class="box" id="dl"><a href="'.$row['fullpath'].'"><img src="images/download.gif" /></a></div>'; $i++; } echo '<p> </p>'; close_db(); }
fwrite($file, $data); fclose($file); debug_msg("File written"); // select database open_db(); // Is there a file in the DB with this name & path? $sql = "SELECT file_id FROM file WHERE file_name='{$filename}' AND file_path='{$filepath}';"; $date = date("Y-m-d"); $reply = "File {$filename} "; if ($key = query_one_item($sql)) { $sql = "UPDATE file SET file_date='" . $date . "' WHERE file_id = " . $key . ";"; $reply .= "updated."; } else { $sql = "INSERT INTO file (file_date, file_author, file_path, file_name) " . "VALUES ('" . $date . "','" . $username . "','" . $filepath . "','" . $filename . "')"; $reply .= "created."; } query_db($sql); // if a temp save exists, delete it $pathname = "../run/users/{$username}/temp/{$filename}.xml"; if (file_exists($pathname)) { unlink($pathname); debug_msg("Temp save removed"); } echo $reply . "\n"; echo "../users/{$username}/{$filename}.xml"; } else { // file does not exist despite fopen header("HTTP/1.1 500 Internal Server Error"); echo "\nFile could not be created"; } exit;
query_db("ALTER TABLE `disk` CHANGE `size` `size` bigint UNSIGNED NOT NULL;"); print "ALTER TABLE `filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;\n"; query_db("ALTER TABLE `filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;"); print "ALTER TABLE `archive_filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;\n"; query_db("ALTER TABLE `archive_filesystem` CHANGE `size` `size` bigint UNSIGNED NOT NULL;"); # OS name can be over 30 characters, change to 100 print "ALTER TABLE `os` CHANGE `name` `name` varchar(100) NOT NULL DEFAULT '' ;\n"; query_db("ALTER TABLE `os` CHANGE `name` `name` varchar(100) NOT NULL DEFAULT '' ;"); # cpu gets unified_cache filed print "ALTER TABLE `cpu` ADD `unified_cache` int(1) DEFAULT NULL AFTER `cache`;\n"; query_db("ALTER TABLE `cpu` ADD `unified_cache` int(1) DEFAULT NULL AFTER `cache`;"); # packages add 'release' print "ALTER TABLE `pkg` ADD `release` varchar(30) DEFAULT NULL AFTER `version`;\n"; query_db("ALTER TABLE `pkg` ADD `release` varchar(30) DEFAULT NULL AFTER `version`;"); print "ALTER TABLE `pkg` ADD INDEX (`release`);\n"; query_db("ALTER TABLE `pkg` ADD INDEX (`release`);"); // If you want to use the 'release' field, uncomment the following block. /* # put all the pkg from db in an array $result = query_db("SELECT * FROM `pkg` where `release` is NULL"); while ($pkg = mysql_fetch_array($result, MYSQL_ASSOC)) { $id = $pkg["id"]; $name = $pkg["name"]; $db_version = $pkg["version"]; list($version,$release) = split("-", $db_version); query_db("UPDATE `pkg` SET `version` = '$version', `release` = '$release' WHERE `id` = '$id'"); #print("UPDATE `pkg` SET `version` = '$version', `release` = '$release' WHERE `id` = '$id'\n"); print("$name: $version - $release\n"); } */ close_db($db);
$location = $_POST['location']; // array. first item - lowest boundary, second - highest $range = explode('-', $_POST['price_range']); // range string for sql if ($range[0] == 0) { // if option any is selected, $range_sql = ""; } else { if ($range[0] == 500000) { $range_sql = " AND price > '500000'"; } else { $range_sql = " AND (price > '" . escape($db, $range[0]) . "' AND price < '" . escape($db, $range[1]) . "' )"; } } $search_qry = "SELECT id, street, bedrooms, " . "bathrooms, squarefeet, description, photo, price " . "FROM properties " . "WHERE city='" . $db->real_escape_string($location) . "'" . $range_sql; $search_result = query_db($db, $search_qry); // HTML generation session_start(); echo "<p style=\"float: right;\">Welcome, " . $_SESSION['name']; // HTML generation echo "<p class=\"red_italics\">There are the properties that matched your search criteria in {$location}</p>"; echo "<table border=\"1px black solid\">"; echo "<tr><td>Street</td>" . "<td>Bedrooms</td>" . "<td>Bathrooms</td>" . "<td>Squarefeet</td>" . "<td>Description</td>" . "<td>Photo</td><td>Price</td></tr>"; foreach ($search_result as $item) { echo "<tr>"; foreach ($item as $key => $subitem) { if ($key == 'id') { continue; } // skip id part if ($key == 'photo') {
} $query = query_db("SELECT DISTINCT arch FROM os ORDER BY arch"); while ($_row = mysql_fetch_assoc($query)) { $os_arch[] = $_row; } $query = query_db("SELECT DISTINCT vendor FROM os ORDER BY vendor"); while ($_row = mysql_fetch_assoc($query)) { $os_vendor[] = $_row; } $query = query_db("SELECT DISTINCT name FROM pkg ORDER BY name"); while ($_row = mysql_fetch_assoc($query)) { $pkg_name[] = $_row; $pkg_name_index_word = $_row['name']; $pkg_name_index[] = substr($pkg_name_index_word, 0, 1); } $query = query_db("SELECT DISTINCT arch FROM pkg ORDER BY arch"); while ($_row = mysql_fetch_assoc($query)) { $pkg_arch[] = $_row; } $smarty->assign('os', $os); $smarty->assign('kernel', $kernel); $smarty->assign('os_arch', $os_arch); $smarty->assign('os_vendor', $os_vendor); $smarty->assign('pkg_name_index', $pkg_name_index); $smarty->assign('pkg_name', $pkg_name); $smarty->assign('pkg_arch', $pkg_name); $smarty->assign('date', $date); $smarty->assign('pagetitle', $pagetitle); $smarty->assign('querystring', $querystring); $smarty->display('software.tpl'); close_db($db);
<?php require_once 'mysql_login.php'; $bbc_total = query_db("SELECT SUM(bbc) FROM tblUsers"); $bbc_total = mysql_fetch_array($bbc_total)[0]; $guardian_total = query_db("SELECT SUM(guardian) FROM tblUsers"); $guardian_total = mysql_fetch_array($guardian_total)[0]; $telegraph_total = query_db("SELECT SUM(telegraph) FROM tblUsers"); $telegraph_total = mysql_fetch_array($telegraph_total)[0]; $dailymail_total = query_db("SELECT SUM(dailymail) FROM tblUsers"); $dailymail_total = mysql_fetch_array($dailymail_total)[0]; $times_total = query_db("SELECT SUM(times) FROM tblUsers"); $times_total = mysql_fetch_array($times_total)[0]; $sun_total = query_db("SELECT SUM(sun) FROM tblUsers"); $sun_total = mysql_fetch_array($sun_total)[0]; $total = $bbc_total + $guardian_total + $telegraph_total + $dailymail_total + $times_total + $sun_total; $np = $_GET['np']; $np_total = query_db("SELECT SUM({$np}) FROM tblUsers"); $np_total = mysql_fetch_array($np_total)[0]; $np_percent = $np_total / $total * 100; echo $np_percent;
</head> <body> <?php $file_id = $_GET["file"]; // Make the query // select database open_db(); $sql = "SELECT *, count(load_id) AS popularity FROM file"; $sql .= " LEFT JOIN file_use ON (file.file_id = file_use.file_id)"; $sql .= " WHERE (file.file_id={$file_id}) AND (file_author='{$username}') GROUP BY file.file_id"; $result = query_db($sql); if ($record = mysqli_fetch_array($result)) { $sql2 = "select tag from file_tag WHERE file_id=" . $file_id; $tags = query_db($sql2); if ($tag = mysqli_fetch_array($tags)) { $tagcell = $tag["tag"]; while ($tag = mysqli_fetch_array($tags)) { $tagcell = $tagcell . "; " . $tag["tag"]; } } else { $tagcell = ""; } ?> <form name="filedetails" action="file_manager.php" onSubmit="opener.focus();" onCancel="opener.focus();" method="post" > <b>File details</b> <br /> <input type="hidden" name="key" value="<?php echo $file_id; ?>
$db = connect_db($mysqlserver, $mysqluser, $mysqlpassword, $mysqldatabase); $query = $_GET; $archive = $_GET[archive]; # loop thru the variables in the query foreach ($query as $key => $variable) { $querystring[] = " {$key}={$variable}"; $variable = str_replace("*", "%", $variable); # host search if ($key == "hostname") { $hostname_query = query_db("SELECT hostname,id,timestamp FROM host WHERE {$key} LIKE '%{$variable}%' ORDER BY hostname"); while ($_row = mysql_fetch_array($hostname_query)) { $hostname[] = $_row; } # if 'archive' is clicked if ($archive == "on") { $hostname_query = query_db("SELECT hostname,id,timestamp FROM archive_host WHERE {$key} LIKE '%{$variable}%' ORDER BY hostname"); while ($_row = mysql_fetch_array($hostname_query)) { $hostname[] = $_row; } } $smarty->assign('hostname', $hostname); } else { $smarty->assign('noquery', $_GET); } } $smarty->assign('date', $date); $smarty->assign('pagetitle', $pagetitle); $smarty->assign('querystring', $querystring); $smarty->display('search.tpl'); close_db($db); ?>
$smarty->assign('host', $host); } elseif ($key == "host_disk_id") { $disk_query = query_db("SELECT disk.id AS disk_id,disk.*,host_disk.*,host_disk.id AS host_disk_id,host.hostname FROM disk,host_disk,host WHERE disk_id = disk.id AND host_disk.host_id = host.id AND host_disk.id = '{$variable}';"); while ($_row = mysql_fetch_array($disk_query)) { $disk[] = $_row; } $disk_query = query_db("SELECT disk.id AS disk_id,disk.*,archive_host_disk.*,archive_host_disk.id AS host_disk_id,host.hostname FROM disk,archive_host_disk,host WHERE disk_id = disk.id AND archive_host_disk.host_id = host.id AND archive_host_disk.id = '{$variable}' ORDER BY archive_host_disk.timestamp DESC;"); while ($_row = mysql_fetch_array($disk_query)) { $disk[] = $_row; } $smarty->assign('disk', $disk); } elseif ($key == "fs_id") { if ($key == "fs_id") { $key = "filesystem.id"; } $disk_query = query_db("SELECT = '{$variable}'"); while ($_row = mysql_fetch_array($disk_query)) { $fs[] = $_row; } $smarty->assign('fs', $fs); } else { } } $smarty->assign('date', $date); $smarty->assign('pagetitle', $pagetitle); $smarty->assign('querystring', $querystring); $smarty->display('history.tpl'); close_db($db); ?>
function display_sql_query() { $default = ""; if (isset($_POST['query'])) { $default = secure_display($_POST["query"]); } echo '<h1>SQL QUERY</h1> NB: read-only access.<br /> <form method="POST" action="' . $_SERVER['PHP_SELF'] . '?sql_query"> <textarea name="query" cols="120" rows="5">' . $default . '</textarea>' . gen_csrf() . '<br /> <input type="submit" name="RUN" value="RUN" /> </form>'; if (isset($_POST["query"])) { $ret = query_db($_POST["query"]); if ($ret) { echo '<h1>QUERY RESULTS</h1> <table>'; $header_displayed = FALSE; while ($result = $ret->fetchArray(SQLITE3_ASSOC)) { if (!$header_displayed) { echo '<tr>'; foreach ($result as $field => $value) { echo '<th class="std">' . secure_display($field) . '</th>'; } echo '</tr>'; $header_displayed = TRUE; } echo '<tr>'; foreach ($result as $field => $value) { echo '<td>' . secure_display($value) . '</td>'; } echo '</tr>'; } echo '</table>'; } } }
function getrssurl() { $result = query_db("SELECT url FROM tblNewspapers ORDER BY RAND() LIMIT 0,1"); return mysql_fetch_array($result)[0]; }
function query_one_row($sql) { $result = query_db($sql)->fetch_array(); if (!$result) { debug_msg("No result found."); return false; } else { debug_msg("Result found."); return $result; } }
function displayTestingSummary() { $sql = sprintf("SELECT uid, pid from test_queue"); $result = get_rows($sql); if (!$result) { echo "<span class='emptylist'>No puzzles in test queue</span>"; return; } echo '<style type="text/css">'; echo '.testingtable, .testingtable a { color: #999999; }'; echo '.testingtable .name, .testingtable .current, .testingtable .past { color: #000000; font-weight: bold; }'; $currqueue = array(); foreach ($result as $r) { $currclass = NULL; $uid = $r['uid']; $pid = $r['pid']; if (isset($currqueue[$uid])) { $currqueue[$uid] .= "{$pid} "; } else { $currqueue[$uid] = "{$pid} "; } $currclass = ".a{$uid}-{$pid}"; echo ".testingtable {$currclass}, .testingtable {$currclass} a {color: #000000; }\n"; } echo "</style>\n"; $sql = sprintf("SELECT user_info.uid, user_info.username, comments.id, type, timestamp, pid FROM comments\n LEFT JOIN user_info on comments.uid = user_info.uid WHERE comments.type = 5\n ORDER BY user_info.username, comments.pid"); $result = query_db($sql); $r = mysql_fetch_assoc($result); $arr = array(); while ($r) { $uid = $r['uid']; $pid = $r['pid']; $id = $r['id']; $timestamp = $r['timestamp']; $name = getUserName($uid); $arr[$uid] = "<tr><td class='name'>{$name}</td><td>"; if (!isset($currqueue[$uid])) { $currqueue[$uid] = ""; } $arr[$uid] .= '<span class="current">Current queue: ' . print_r($currqueue[$uid], true) . '</span><br />'; $arr[$uid] .= '<span class="past">Past comments: </span><br />'; $arr[$uid] .= "<span class='a{$uid}-{$pid}'>"; $puzzlink = URL . "/puzzle.php?pid={$pid}"; $arr[$uid] .= "<a href='{$puzzlink}'>{$pid}</a>: "; $arr[$uid] .= "<a href='{$puzzlink}#comm{$id}'>{$timestamp}</a> "; $r = mysql_fetch_assoc($result); while ($r) { if ($uid != $r['uid']) { $arr[$uid] .= "</td></tr>"; break; } if ($pid != $r['pid']) { $pid = $r['pid']; $arr[$uid] .= "</span><br />\n" . "<span class=\"a" . $r['uid'] . "-" . $pid . "\">"; $puzzlink = URL . "/puzzle.php?pid=" . $pid; $arr[$uid] .= "<a href=\"" . $puzzlink . "\">" . $pid . "</a>: "; } $arr[$uid] .= "<a href=\"" . $puzzlink . "#comm" . $r['id'] . "\">" . $r['timestamp'] . "</a> "; $r = mysql_fetch_assoc($result); } } if (!$arr) { echo "<div class='emptylist'>No comments</div>"; } echo "<table class=\"testingtable\">\n"; foreach ($arr as $key => $value) { echo $value . "\n"; } echo "</table>\n\n"; }
$users2[] = array('username' => $row['username'], 'check_num' => $row['check_num']); } } include 'freq_users.html.php'; exit; } if (isset($_GET['report']) and $_GET['report'] == 'pop_subj') { include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php'; $month1 = mysqli_real_escape_string($link, $_GET['month1']); $month2 = mysqli_real_escape_string($link, $_GET['month2']); $select = 'SELECT subject, COUNT(issueID) check_num'; $from = ' FROM issues NATURAL JOIN books'; $where = ' WHERE EXTRACT(MONTH from issue_date) = "'; $groupby = ' GROUP BY subject'; $orderby = ' ORDER BY check_num DESC LIMIT 3'; if ($month1 != "") { $result = query_db($link, $select . $from . $where . $month1 . '"' . $groupby . $orderby); while ($row = mysqli_fetch_array($result)) { $subjects1[] = array('name' => $row['subject'], 'check_num' => $row['check_num']); } } if ($month2 != "") { $result = query_db($link, $select . $from . $where . $month2 . '"' . $groupby . $orderby); while ($row = mysqli_fetch_array($result)) { $subjects2[] = array('name' => $row['subject'], 'check_num' => $row['check_num']); } } include 'pop_subjects.html.php'; exit; } header('Location: /project/search');
function update_filesystem_value($value, $key, $filesystem_id) { query_db("UPDATE filesystem SET {$key} = '{$value}',timestamp = NOW() WHERE id = '{$filesystem_id}'"); #echo "updated $key : $value \n"; }
<?php // includes include "helpers.php"; include "settings.php"; if (isset($_POST['submit_login'])) { $username = escape($db, $_POST['username']); $password = escape($db, $_POST['pswd']); $login_sql = "SELECT username, password " . "FROM agents WHERE username='******' AND password='******'"; $login_result = query_db($db, $login_sql); if (empty($login_result)) { echo "<p class=\"red_italics\">Failure to login. <a href=\"/WebApps/DBExercise/login.php\">Try again</a>"; } else { session_start(); $_SESSION['name'] = $username; redirect("home.php"); } }
<img src="/WebApps/DBExercise/images//logo.png" width="600px" /> <?php // includes include "helpers.php"; include "settings.php"; session_start(); echo "<p style=\"float: right;\">Welcome, " . $_SESSION['name']; echo "<form action=\"logout.php\"><input type=\"submit\" name=\"logout\" value=\"Logout\" /></form>"; echo "<form action=\"home.php\"><input type=\"submit\" value=\"Home\" /></form>"; $prop_id = $_GET['propID']; // sql to get property details $prop_details_sql = "SELECT * FROM properties WHERE id={$prop_id}"; // query the database $prop_details = query_db($db, $prop_details_sql)[0]; // sql to get agent details $agent_details_sql = "SELECT agents.name, agents.phone, agents.fax, agents.email" . " FROM agents JOIN properties ON agents.agentID=properties.agentId WHERE properties.id={$prop_id}"; // get agetnt details $agent_details = query_db($db, $agent_details_sql)[0]; echo "<div>"; echo "<image src=\"images/full/" . $prop_details['photo'] . "\" style=\"float: right; margin-right: 28em;\"/>"; echo "<p class=\"italics\">Street: " . $prop_details['street'] . "</p>"; echo "<p class=\"italics\">Bedrooms: " . $prop_details['bedrooms'] . "</p>"; echo "<p class=\"italics\">Bathrooms: " . $prop_details['bathrooms'] . "</p>"; echo "<p class=\"italics\">Squarefeet: " . $prop_details['squarefeet'] . "</p>"; echo "<p class=\"italics\">Price: " . $prop_details['price'] . "</p>"; echo "</div>"; echo "<p>" . $prop_details['description'] . "</p>"; echo "<p>Contact: " . $agent_details['name'] . ". Email: " . $agent_details['email'] . ". Tel: " . $agent_details['phone'] . ". Fax: " . $agent_details['fax'] . "</p>"; // set cookie set_property_cookie($prop_details['street']);
$disk_query = query_db("select disk.*,host_disk.*,host.hostname,host_disk.id AS host_disk_id from disk,host_disk,host where disk_id = disk.id and host_disk.host_id = host.id and {$key} = '{$variable}'"); while ($_row = mysql_fetch_array($disk_query)) { $disk[] = $_row; } $smarty->assign('disk', $disk); } elseif ($key == "pkg_id" || $key == "pkg_arch" || $key == "pkg_name") { if ($key == "pkg_id") { $key = "pkg.id"; } if ($key == "pkg_arch") { $key = "arch"; } if ($key == "pkg_name") { $key = "pkg.name"; } $pkg_query = query_db("SELECT pkg.id,pkg.name,pkg.arch,pkg.version,pkg.release,\n\t\t\t\t\t\thost_pkg.host_id,host_pkg.timestamp,\n\t\t\t\t\t\thost.hostname,\n\t\t\t\t\t\thost_pkg.id AS host_pkg_id\n\t\t\t\t\t\tFROM pkg,host_pkg,host\n\t\t\t\t\t\tWHERE host_pkg.pkg_id = pkg.id\n\t\t\t\t\t\tAND host_pkg.host_id = host.id\n\t\t\t\t\t\tAND {$key} = '{$variable}'"); while ($_row = mysql_fetch_array($pkg_query)) { $pkg[] = $_row; } $smarty->assign('pkg', $pkg); } else { } } $smarty->assign('date', $date); $smarty->assign('pagetitle', $pagetitle); $smarty->assign('querystring', $querystring); $smarty->display('browse.tpl'); close_db($db); ?>
function get_task_analyses($task_id) { global $db_handler; $task_id_s = secure_sql($task_id); if (!is_numeric($task_id)) { error("[get_task_analyses] Task ID not int: " . $task_id_s, "SECURITY"); return NULL; } $results = query_db("SELECT a.analysis_id,kernel_analysis,SUM(s.score) AS 'total_score',state FROM analysis a,(SELECT signature_id,analysis_id,score FROM signature UNION SELECT 0,analysis_id,0 FROM analysis) s WHERE task_id = '" . $task_id_s . "' AND s.analysis_id = a.analysis_id GROUP BY a.analysis_id ORDER BY a.analysis_id ASC"); return $results; }
} else { // success $image_name = $filename . $type; } } } } } // end of: if no file upload errors } else { ## retrieve user photo from file system if (isset($_GET['id']) && !empty($_GET['id'])) { $user_id = $_GET['id']; $sql = "SELECT filename, type FROM user_photo WHERE "; $sql .= "user_id = {$user_id}"; $result = query_db($sql); if (mysqli_num_rows($result) != 0) { $res_array = fetch_array($result); $filename = $res_array['filename']; $type = str_replace('image/', '', $res_array['type']); $image_dir = SITE_ROOT . DS . "uploaded_images" . DS; if (!file_exists($image_dir . $filename . $type)) { // $photo_errors[] = 'We don\'t have a profile picture in our systems of you. You should upload one.'; $image_name = ""; } else { $image_name = $filename . $type; } } else { $image_name = ""; // here you could assign a standard image prompting upload of a profile pic }
function markUnseen($uid, $pid) { $sql = sprintf("INSERT INTO last_visit (pid, uid, date) VALUES ('%s', '%s', 'NULL')\n ON DUPLICATE KEY UPDATE date='NULL'", mysql_real_escape_string($pid), mysql_real_escape_string($uid)); query_db($sql); }
<?php include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/helpers.inc.php'; if (isset($_GET['track'])) { include $_SERVER['DOCUMENT_ROOT'] . '/project/includes/db.inc.php'; $isbn = mysqli_real_escape_string($link, $_POST['isbn']); $title = mysqli_real_escape_string($link, $_POST['title']); $select = 'SELECT isbn, title, shelf_num, aisle_num, floor_num'; $from = ' FROM locations NATURAL JOIN books'; $where = ' WHERE TRUE'; if ($isbn != '') { $where .= ' AND isbn LIKE "' . $isbn . '"'; } elseif ($title != '') { $where .= ' AND title LIKE "%' . $title . '%"'; } $result = query_db($link, $select . $from . $where); while ($row = mysqli_fetch_array($result)) { $locations[] = array('isbn' => $row['isbn'], 'title' => $row['title'], 'shelf' => $row['shelf_num'], 'aisle' => $row['aisle_num'], 'floor' => $row['floor_num']); } include 'results.html.php'; exit; } include 'track.html.php';
<?php require_once "connect.php"; // Gives us $con require_once "thermo_functions.php"; require_once "constants.php"; // Sanitize Input $val = $con->real_escape_string($_POST['value']); $id = $con->real_escape_string($_POST['id']); // Update DB $qry_str = 'UPDATE `thermostat`.`status` SET `value` ="' . $val . '" WHERE `status`.`id` =' . $id . ';'; $entry = query_db($con, $qry_str); echo json_encode($entry);