<?php session_start(); require 'php/get_messages.php'; require 'php/auth.php'; require 'conf.php'; $speaker = SQLITE3::escapeString($_GET['username']); $value = SQLITE3::escapeString($_GET['eval']); $type = SQLITE3::escapeString($_GET['type']); $sqlcheck = "select count(*) from speakers where teacher='{$name}' and username='******'"; if ($type == 'phones') { $field = 'phones_evaluation'; } elseif ($type == 'fluency') { $field = 'fluency_evaluation'; } if (isset($field)) { if ($db->querySingle($sqlcheck) == 1) { $sqlcommand = "update speakers set {$field}='{$value}' where username='******';"; $success = $db->exec($sqlcommand); if ($success) { echo "ok!"; } else { echo "Not good."; } } else { echo "Houston, we have an id problem..."; } } else { echo "F**k off, joker."; }
// Open the SQLite database $db = new SQLITE3('SQLiteDB/OfficeLayout.db', SQLITE3_OPEN_READONLY); if (!$db) { die('Database could not be accessed.'); } // Grab the variables that were posted through AJAX. $search_text = $_REQUEST['search_text']; $filter = $_REQUEST['filter']; // Initial SELECT query string without any filtering. This will be concatenated // with filtering constraints if the user has selected any. $query_text = "SELECT EmployeeID, CubicleNumber, FirstName, LastName, DeptName, Email, Phone FROM Personnel WHERE"; // Split the text in the search boxes by commas. // This is in case the user wishes to search for multiple items. $exploded_string = explode(",", $search_text); for ($i = 0; $i < count($exploded_string); $i++) { $query_text = generate_query($query_text, $db->escapeString($exploded_string[$i]), $filter); if ($i < count($exploded_string) - 1) { $query_text .= " OR"; } } // Query the database for all matches with our search constraints. $statement = $db->prepare($query_text); $results = $statement->execute(); $have_result = false; // Display the search results by echoing back HTML to the AJAX/Javascript, // which will display the results to the user in plain text. while ($results_row = $results->fetchArray(SQLITE3_ASSOC)) { $have_result = true; echo "<p id=\"search_result\"><strong>"; echo $results_row['FirstName']; echo " ";