Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

changed from mysql to PDO

  • Loading branch information...
commit 4f82b21e4f98300c4ab4f3c6982c06f3d61e710c 1 parent 2929a48
@Ddorda authored
View
8 add-memb.php
@@ -5,18 +5,18 @@
$query = 'INSERT INTO members (';
foreach ($_POST as $name => $value) {
- $_POST["$name"] = mysql_real_escape_string("$value");
- $query_data = $query_data.sprintf("'$name', ");
+ $_POST["$name"] = $con->quote("$value");
+ $query_data = $query_data.sprintf("$name, ");
$query = $query.sprintf("$name, ");
}
$query_data = $query_data.'CURDATE()';
$query_data = strtr($query_data, $_POST);
$query = $query."register_date) VALUES ({$query_data});";
-$result = mysql_query($query);
+$result = $con->query($query);
if (!$result) {
die("$query");
}
-mysql_close($con);
+$con = null;
header("Location: index.php?ken={$_POST['ken']}");
?>
View
26 blocks/05-teams.php
@@ -1,25 +1,23 @@
<div class="block" id="teams-block"><h3 class="block-title">קבוצות בקן</h3><div class="block-content">
<?php
-require('../con.php');
-
-$con = mysql_connect($db_host,$db_user,$db_pass);
-if (!$con)
- {
- die('Could not connect to the server! ' . mysql_error());
- }
-if (!mysql_select_db($db_name))
- die("Can't select database");
+require(__DIR__.'/../con.php');
//$myregion = mysql_query("SELECT region_id FROM ken WHERE id = {$myken};"); //check what is the region of $myken
-$myteams = mysql_query("SELECT DISTINCT team.name FROM team, membersInTeams WHERE team.id = membersInTeams.team_id");
+
+$myteams = $con->query("SELECT DISTINCT team.name FROM team, membersInTeams WHERE team.id = membersInTeams.team_id");
if (!$myteams) {
die("Query to show fields from table failed myken=$myken");
}
-$rows_num = mysql_num_rows($myteams);
-while($row = mysql_fetch_array($myteams)) {
+
+$rows_num = $con->query("SELECT DISTINCT count(team.name) FROM team, membersInTeams WHERE team.id = membersInTeams.team_id");
+$rows_num = $rows_num->fetchColumn();
+
+while ($row = $myteams->fetch(PDO::FETCH_ASSOC))
+{
echo "- {$row['name']}<br>";
}
-mysql_free_result($myteams);
-mysql_close($con);
+$rows_num = null;
+$myteams = null;
+$con = null;
?>
</div></div>
View
38 blocks/10-regions.php
@@ -2,31 +2,25 @@
<ul id="browser" class="treeview">
<ul><li class="open"><span id="shmutz-treeview">השומר הצעיר</span>
<?php
-require('../con.php');
+require(__DIR__.'/../con.php');
-$con = mysql_connect($db_host,$db_user,$db_pass);
-if (!$con)
- {
- die('Could not connect to the server! ' . mysql_error());
- }
-if (!mysql_select_db($db_name))
- die("Can't select database");
-$myregion = mysql_query("SELECT region_id FROM ken WHERE id = {$myken};"); //check what is the region of $myken
+$myregion = $con->query("SELECT region_id FROM ken WHERE id = {$myken};"); //check what is the region of $myken
if (!$myregion) {
die("Query to show fields from table failed myken=$myken");
}
-$row = mysql_fetch_array($myregion);
-$myregion = $row[0];
+$row = $myregion->fetch(PDO::FETCH_NUM);
+$myregion = $row[0]; // Region of ken's user
+
if ($uid == 1) {
-$regions = mysql_query("SELECT id, name FROM region;"); // Get regions
+ $regions = $con->query("SELECT id, name FROM region;"); // Get regions
} else {
-$query = "SELECT DISTINCT region.id, region.name FROM region INNER JOIN permissions INNER JOIN ken WHERE region.id = ken.region_id AND permissions.ken_id = ken.id AND permissions.user_id = {$uid};";
-$regions = mysql_query($query); // Get regions
+ $query = "SELECT DISTINCT region.id, region.name FROM region INNER JOIN permissions INNER JOIN ken WHERE region.id = ken.region_id AND permissions.ken_id = ken.id AND permissions.user_id = {$uid};";
+ $regions = $con->query($query); // Get regions
}
if (!$regions) {
die("Query to show fields from table failed");
}
-while($reg_row = mysql_fetch_array($regions))
+while($reg_row = $regions->fetch(PDO::FETCH_ASSOC))
{
if ($reg_row['id'] == $myregion) { // if it's the region of your ken, open it.
$region_open = " class='open'";
@@ -36,14 +30,14 @@
echo "<ul><li$region_open><span id='region-{$reg_row['id']}' class='region'>{$reg_row['name']}</span>";
echo "<ul>"; // for the ken
if ($uid == 1) {
- $kens = mysql_query("SELECT id, name FROM ken WHERE ken.region_id = {$reg_row['id']};"); // Get kens
+ $kens = $con->query("SELECT id, name FROM ken WHERE ken.region_id = {$reg_row['id']};"); // Get kens
} else {
- $kens = mysql_query("SELECT id, name FROM ken INNER JOIN permissions WHERE ken.id = permissions.ken_id AND ken.region_id = {$reg_row['id']} AND permissions.user_id = {$uid};"); // Get kens
+ $kens = $con->query("SELECT id, name FROM ken INNER JOIN permissions WHERE ken.id = permissions.ken_id AND ken.region_id = {$reg_row['id']} AND permissions.user_id = {$uid};"); // Get kens
}
if (!$kens) {
- die("Query to show fields from table failed");
+ die("Query to show fields from table of kens failed");
}
- while($ken_row = mysql_fetch_array($kens))
+ while($ken_row = $kens->fetch(PDO::FETCH_ASSOC))
{
if ($ken_row['id'] == $myken) { // if it's your ken color it.
$ken_open = "ken selected-ken";
@@ -52,12 +46,12 @@
}
echo "<li><span id='ken-{$ken_row['id']}' class='$ken_open'><a href='index.php?ken={$ken_row['id']}'>{$ken_row['name']}</a></span></li>";
}
- mysql_free_result($kens);
+ $kens = null;
echo "</ul>"; // for the ken again
echo "</li></ul>"; // for the region
}
-mysql_free_result($regions);
-mysql_close($con);
+$regions = null;
+$con = null;
?>
</ul>
</ul>
View
18 con.php
@@ -1,16 +1,14 @@
<?php
-$db_host = 'localhost';
+$db_host = '';
$db_name = '';
$db_user = '';
$db_pass = '';
-$con = mysql_connect($db_host,$db_user,$db_pass);
-
-if (!$con) // Make sure connected to the server
- die('Could not connect to the server! ' . mysql_error());
-
-if (!mysql_select_db($db_name)) // Make sure DB selected
- die('Can\'t select database');
-
-mysql_set_charset('utf8', $con); // Make sure it's UTF8
+try {
+ $con = new PDO('mysql:host=$db_host;dbname=$db_name', $db_user, $db_pass);
+ $con->exec('SET CHARACTER SET utf8');
+} catch (PDOException $e) {
+ print 'Error!: ' . $e->getMessage() . '<br/>';
+ die();
+}
?>
View
10 dataGen.php
@@ -16,15 +16,15 @@
} else {
$query = "SELECT $details INNER JOIN permissions WHERE members.class = class.id AND members.ken = ken.id AND members.city = city.id AND members.shirt = shirt.id AND gender.id = members.gender AND members.ken = {$ken} AND ken.id = permissions.ken_id AND permissions.user_id = {$uid};";
}
-$result = mysql_query($query);
+$result = $con->query($query);
if (!$result) {
die("Query to show fields from table failed $query");
}
-while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
- array_push($return_arr,$row);
+while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
+ array_push($return_arr,$row);
}
echo json_encode($return_arr);
-mysql_free_result($result);
-mysql_close($con);
+$result = null;
+$con = null;
?>
View
14 edit-memb.php
@@ -3,25 +3,17 @@
require('con.php');
-$con = mysql_connect($db_host,$db_user,$db_pass);
-if (!$con)
- {
- die('Could not connect to the server! ' . mysql_error());
- }
-if (!mysql_select_db($db_name))
- die("Can't select database");
-
$query = 'UPDATE members SET ';
foreach ($_POST as $name => $value) {
- $_POST["$name"] = mysql_real_escape_string("$value"); // clean the $_POSTs
+ $_POST["$name"] = $con->quote("$value"); // clean the $_POSTs
if ($name != 'id') { $query = $query.sprintf("$name = '{$_POST["$name"]}', "); } // Add $_POST item to $query
}
$query = substr_replace($query ,"",-2); //remove the last comma
$query = $query." WHERE id = {$_POST['id']}";
-$result = mysql_query($query);
+$result = $con->query($query);
if (!$result) {
die("$query");
}
-mysql_close($con);
+$con = null;
header("Location: index.php?ken={$_POST['ken']}");
?>
View
18 feedback.php
@@ -32,13 +32,14 @@
require('con.php');
$query = 'SELECT * FROM feedback;';
- $result=mysql_query($query);
+ $result=$con->query($query);
if (!$result) {
die("$query");
}
echo "<table id='feedback-table'>";
// printing table rows
- while($row = mysql_fetch_row($result))
+ //while($row = mysql_fetch_row($result))
+ while($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<tr>";
@@ -49,19 +50,22 @@
echo "</tr>";
}
- mysql_free_result($result);
+ //mysql_free_result($result);
+ $result = null;
echo '</table>';
- mysql_close($con);
+ //mysql_close($con);
+ $con = null;
}
else {
if ($_SERVER['REQUEST_METHOD'] == "POST") {
require('con.php');
- $_POST['data'] = mysql_real_escape_string($_POST['data']);
+ $_POST['data'] = $con->quote($_POST['data']);
$query = "INSERT INTO feedback (data) VALUES ('{$_POST['data']}');";
- $result=mysql_query($query);
+ $result=$con->query($query);
echo "הודעתך נשלחה בהצלחה, תודה רבה!";
- mysql_close($con);
+ //mysql_close($con);
+ $con = null;
}
else {
echo "<form id='feedback-form' action='feedback.php' method='post'>
View
4 login.php
@@ -5,8 +5,8 @@
}
// username and password sent from form
- $username=$_POST['username'];
- $password=md5($_POST['password']);
+// $username=$_POST['username'];
+// $password=md5($_POST['password']);
require("users.php");
if ($users_count == 1) { // username and password matches
View
28 memb-table.php
@@ -15,33 +15,33 @@
<option value=''>-- בחירה --</option>
<?php
if ($uid == 1) {
- $result = mysql_query("SELECT id, name FROM ken ORDER BY id;"); // Get kens
+ $result = $con->query("SELECT id, name FROM ken ORDER BY id;"); // Get kens
} else {
- $result = mysql_query("SELECT id, name FROM ken INNER JOIN permissions WHERE ken.id = permissions.ken_id AND permissions.user_id = {$uid};"); // Get kens
+ $result = $con->query("SELECT id, name FROM ken INNER JOIN permissions WHERE ken.id = permissions.ken_id AND permissions.user_id = {$uid};"); // Get kens
}
if (!$result) {
die("Query to show fields from table failed");
}
-while ($row = mysql_fetch_array($result))
+while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
($row['id'] == $myken) ? $selected = " selected='selected'" : $selected = '';
echo "<option value='{$row['id']}'$selected>{$row['name']}</option>";
}
-mysql_free_result($result);
+$result = null;
?>
</select></td></tr>
<tr><td><label>*שכבה:</label></td><td><select class='memb_class' name='class' required>
<option value=''>-- בחירה --</option>
<?php
-$result = mysql_query("SELECT id, name FROM class ORDER BY id DESC;");
+$result = $con->query("SELECT id, name FROM class ORDER BY id DESC;");
if (!$result) {
die("Query to show fields from table failed");
}
-while ($row = mysql_fetch_array($result))
+while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<option value='{$row['id']}'>{$row['name']}</option>";
}
-mysql_free_result($result);
+$result = null;
?>
</select></td></tr>
<tr><td><label>קבוצה:</label></td><td><input class='memb_team' type='text' name='team' maxlength='100' /></td></tr>
@@ -49,15 +49,15 @@
<tr><td><label>*ישוב:</label></td><td><select class='memb_city' name='city' required>
<option value=''>-- בחירה --</option>
<?php
-$result = mysql_query("SELECT id, name FROM city ORDER BY id DESC;");
+$result = $con->query("SELECT id, name FROM city ORDER BY id DESC;");
if (!$result) {
die("Query to show fields from table failed");
}
-while ($row = mysql_fetch_array($result))
+while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<option value='{$row['id']}'>{$row['name']}</option>";
}
-mysql_free_result($result);
+$result = null;
?>
</select></td></tr>
<tr><td><label>מיקוד:</label></td><td><input class='memb_zip_code' type='text' name='zip_code' maxlength='5' /></td></tr>
@@ -67,15 +67,15 @@
<tr><td><label>מידת חולצה:</label></td><td><select class='memb_shirt' name='shirt'>
<option value='0'>-- בחירה --</option>
<?php
-$result = mysql_query("SELECT id, name FROM shirt ORDER BY id;");
+$result = $con->query("SELECT id, name FROM shirt ORDER BY id;");
if (!$result) {
die("Query to show fields from table failed");
}
-while ($row = mysql_fetch_array($result))
+while ($row = $result->fetch(PDO::FETCH_ASSOC))
{
echo "<option value='{$row['id']}'>{$row['name']}</option>";
}
-mysql_free_result($result);
+$result = null;
?>
</select></td></tr>
<tr><td><label>בעיות רפואיות:</label></td><td><textarea name='medical' maxlength='65000'></textarea></td></tr>
@@ -96,7 +96,7 @@
</form>
</div></div>
<?php
-mysql_close($con);
+//$con = null;
?>
<!-- multiedit dialog -->
<div id='yesno-dialog'>
View
8 user-settings.php
@@ -31,16 +31,16 @@
require('con.php');
$query = "SELECT column_name FROM information_schema.columns WHERE table_name = 'members';";
-$result=mysql_query($query);
+$result=$con->query($query);
-while($row = mysql_fetch_row($result)) {
+while($row = $result->fetch(PDO::FETCH_ASSOC)) {
foreach($row as $cell) {
if ($cell != 'id')
echo $cell.'<br>';
}
}
-mysql_free_result($result);
-mysql_close($con);
+$result = null;
+$con = null;
?>
</div>
</div>
View
40 users.php
@@ -3,32 +3,42 @@
$tbl_name='users'; // Table name
// To protect MySQL injection (more detail about MySQL injection)
- $username = stripslashes($username);
- $password = stripslashes($password);
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
+ // username and password sent from form
+ // $username=$_POST['username'];
+ // $password=md5($_POST['password']);
+ $username = $con->quote($_POST['username']);
+ $password = $con->quote(md5($_POST['password']));
- $sql="SELECT * FROM $tbl_name WHERE name = '$username' AND pass = '$password';";
- $result=mysql_query($sql);
+ $query = "SELECT count(*) FROM $tbl_name WHERE name = $username AND pass = $password;";
+ $result = $con->query($query);
+ $users_count=$result->fetchColumn();
+ $result = null;
- $users_count=mysql_num_rows($result);
- if ($users_count != 0) { $users_row = mysql_fetch_array($result)or die(mysql_error()); }
+ $query = "SELECT * FROM $tbl_name WHERE name = $username AND pass = $password;";
+ $result = $con->query($query);
+
+ if ($users_count != 0) { $users_row = $result->fetch(PDO::FETCH_ASSOC)or die('ERROR!'); }
$default_ken = $users_row['default_ken'];
$uid = $users_row['id'];
+ $result = null;
- $sql="SELECT header_id FROM table_settings WHERE user_id = $uid;";
- $result=mysql_query($sql);
+ $query="SELECT header_id FROM table_settings WHERE user_id = $uid;";
+ $result=$con->query($query);
$headers = array();
- while($row = mysql_fetch_array($result)) {
+ foreach($result as $row) {
foreach ($row as $cell)
$headers[$cell] = true;
}
-
+/*
+ while($row = mysql_fetch_assoc($result)) {
+ foreach ($row as $cell)
+ $headers[$cell] = true;
+ }
+*/
// Mysql_num_row is counting table row
// If result matched $username and $password, table row must be 1 row
- mysql_free_result($result);
- mysql_close($con);
-
+ $result = null;
+ $con = null;
?>
Please sign in to comment.
Something went wrong with that request. Please try again.