extend_timeout(); print_r($_POST); //die('sample'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $db = new DBObject(CURRENT_DB); $set = array(); $id = ''; $col = ''; // (!empty($_POST['sid']) && ctype_digit($_POST['sid']))or die('Error: record does not exist.'); $numbers = array('Age', 'offhours', 'onhours', 'HasPhoto', 'HasCert', 'HasEvalForm', 'schoolyear', 'semester'); $bools = array('HasPhoto' => 'rp', 'HasCert' => 'rc', 'HasEvalForm' => 're'); foreach ($_POST as $key => $value) { if ($key == 'sid' || $key == 'onid' || $key == 'offid') { ctype_digit($value) or die('Error: record does not exist.'); $id = $value; $col = $db->escape($key); } else { $key = in_array($key, $bools) ? array_search($key, $bools) : $db->escape($key); $value = $key === 'Bday' ? date('Y-m-d', strtotime(trim($value))) : $db->escape($value); if (strstr($key, '-') === false) { $value = in_array($key, $numbers) ? $value : "'{$value}'"; $sql = "UPDATE students SET {$key} = {$value} WHERE {$col} = {$id}"; } else { $arrkey = explode('-', $key); $value = in_array($arrkey[1], $numbers) ? "{$value}" : "'{$value}'"; if (empty($col)) { $sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value}"; } else { $sql = "UPDATE {$arrkey['0']} SET {$arrkey['1']} = {$value} WHERE {$col} = {$id}"; } }
<?php chdir('..'); date_default_timezone_set('Asia/Manila'); require_once 'includes/functions.php'; init_session() or die('Error: session has expired. Please log in again.'); init_my_cookie(); refresh_session() or die('Error: could not connect to server. Please log in again if the error persists.'); extend_timeout(); //print_r($_POST); $db = new DBObject(CURRENT_DB); //$studno = $db->escape($_POST['studno']); $lname = $db->escape(trim($_POST['lname'])); $fname = $db->escape(trim($_POST['fname'])); $mname = $db->escape(trim($_POST['mname'])); $course = $db->escape(trim($_POST['course'])); $year = intval($_POST['year']); $address = $db->escape(trim($_POST['address'])); $Contact = $db->escape(trim($_POST['contact'])); $date = strtotime(trim($_POST['bday'])); $Bday = date('Y-m-d', $date); $Age = intval($_POST['age']); $Gender = $db->escape(trim($_POST['gender'])); $CivStat = $db->escape(trim($_POST['civStat'])); $Father = $db->escape(trim($_POST['father'])); $FatherPhone = $db->escape(trim($_POST['fatherPhone'])); $Mother = $db->escape(trim($_POST['mother'])); $MotherPhone = $db->escape(trim($_POST['motherPhone'])); $year = $db->escape($_POST['year']); //$InCampusHours = intval($_POST['inCampusHours']); //$OffCampusHours = intval($_POST['offCampusHours']);
private function check_db($table, $name, $file) { $db = new DBObject('newspum'); // $sql = "SELECT * FROM images WHERE originalmd5 = '{$this->imagehash}'"; $sql = sprintf("SELECT * FROM {$table} WHERE originalmd5 = '%s'", $this->imagehash); $result = $db->query($sql); if ($row = mysqli_fetch_array($result)) { $this->imagehash = $row['originalmd5']; $this->newfname = $row[$file]; //default row['imagefile'] $this->newfile = $this->folderpath . $this->newfname; $temp = explode('.', $row[$file]); $this->thumbfile = $this->thumbfolder . 't' . $temp[0] . '.' . $this->thumbext; $this->dbname = $db->escape(trim($row[$name])); //default row['imagename'] $this->existing = true; } else { $this->dbname = $db->escape(trim($this->image['name'])); $this->existing = false; } }
chdir('..'); date_default_timezone_set('Asia/Manila'); require_once 'includes/MySessions.php'; //DBObject included require_once 'includes/Crypto.php'; require_once 'includes/constants.php'; if (!empty($_POST['username']) && !empty($_POST['userpass']) && !empty($_POST['userpass2'])) { $json = []; if ($_POST['userpass'] !== $_POST['userpass2']) { $json['status'] = 2; $json['response'] = "Passwords do not match!"; die(json_encode($json)); } $db = new DBObject(CURRENT_DB); $username = $db->escape($_POST['username']); $timestamp = Crypto::get_timestamp(); $encpass = Crypto::encrypt_password($_POST['userpass'], $timestamp[0]); $regdate = Crypto::create_microdate($timestamp); // $sql = "INSERT INTO userinfo(username, userpass, regdate) VALUES(?, ?, ?)"; $sql = "INSERT INTO userinfo(username, userpass, regdate) VALUES(?username:s, ?userpass:s, ?regdate:s)"; sleep(1); // $query = $db->prepare($sql); // $query->bind_param('sss', $username, $encpass, $regdate); // $db->execute($query); $db->prepare($sql); $db->bind(array("username" => $username, "userpass" => $encpass, "regdate" => $regdate)); $db->execute(); if ($db->hasErrno(0)) { $json['status'] = 0; $json['response'] = 'Registration successful!';
init_session() or die('Error: Session has expired. Please log in again.'); init_my_cookie(); refresh_session() or die('Error: Could not connect to server. Please log in again if the error persists.'); extend_timeout(); //print_r($_POST); $db = new DBObject(CURRENT_DB); $sql = '1'; //die('sample'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['start'])) { $startstring = "{$_POST['start']} {$_POST['start-hour']}:{$_POST['start-minute']} {$_POST['start-ampm']}"; $start = date_format(date_create_from_format('m/d/Y h:i a', $startstring), 'Y-m-d H:i:s'); $endstring = "{$_POST['end']} {$_POST['end-hour']}:{$_POST['end-minute']} {$_POST['end-ampm']}"; $end = date_format(date_create_from_format('m/d/Y h:i a', $endstring), 'Y-m-d H:i:s'); $actid = intval($_POST['actid']); $type = $db->escape($_POST['type']); $sql = "INSERT INTO actdates(actid, type, start, end) VALUES({$actid}, '{$type}', '{$start}', '{$end}')"; // echo $sql; if ($db->query($sql)) { echo "Record added!"; } else { die('Error: ' . $db->getError()); } } else { if (isset($_POST['delete'])) { $dateid = intval($_POST['delete']); $sql = "DELETE FROM actdates WHERE dateid = {$dateid}"; echo $sql; if ($db->query($sql)) { echo "Record deleted!"; } else {
<?php chdir('..'); date_default_timezone_set('Asia/Manila'); require_once 'includes/functions.php'; $db = new DBObject(CURRENT_DB); if (isset($_POST['evalcode'])) { if (strtoupper($_POST['evalcode']) === 'OK') { die('Error: Invalid evaluation code.'); } $json = array(); $reqcode = $db->escape(trim($_POST['evalcode'])); $select = 'evaluation.id as evalid, evaluation.schoolyear, evaluation.semester, students.lname, students.fname, students.mname, students.course, students.year'; $where = "evaluation.reqcode = '{$reqcode}'"; $sql = "SELECT {$select} FROM evaluation INNER JOIN students ON evaluation.student = students.sid WHERE {$where}"; if (($result = $db->query($sql)) && mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); $json['id'] = $row['evalid']; $json['name'] = create_name($row['fname'], $row['lname'], $row['mname'], 'reverse'); $json['course'] = $row['course']; $json['year'] = $row['year']; $json['schoolyear'] = $row['schoolyear']; $json['semester'] = $row['semester']; echo json_encode($json); } else { die('Error: Invalid evaluation code.'); } } else { if (isset($_POST['evaluation'])) { $set = array(); $numbers = array('q5-1', 'q6-1');