db.php:
Code: Select all
<?php
/**********
MySQL Connection Class
***********/
class mysql{
private $conn;
private $sql;
private $result;
private $db;
private $dbname;
public $result_arr;
public $result_obj;
public function __construct($dbname,$host='host',$pass='pass',$user='user'){
//echo "Connecting...";
$this->conn=mysql_connect($host,$user,$pass) or die(mysql_error());
$this->dbname=$dbname;
//echo "Selecting DB...";
$this->db=mysql_select_db($dbname) or die(mysql_error());
}
public function query($q,$ret='obj'){
//echo "Getting escaped string...";
$this->sql=$q=mysql_real_escape_string($q) or die(mysql_error());
//echo "Getting result...";
$this->result=$r=mysql_query($q) or die(mysql_error());
//echo "Formatting results...";
for($i=0;$i<mysql_num_rows($r);$i++){
$this->result_obj[$i]=mysql_fetch_object($r) or die(mysql_error());
$this->result_arr[$i]=mysql_fetch_assoc($r) or die(mysql_error());
}
//echo "Finished query";
return ($ret=='obj')? $this->result_obj : $this->result_arr;
}
?>Code: Select all
<?php
include "auth.php";
include "db.php";
$doc=$_GET['reg'];
$title=$_GET['title'];
$comments=($_GET['comments']!='' && $_GET['comments']) $_GET['comments'] : '';
$db=new mysql('db') or die('Could not connect to server');
$in_db=$db->query('SELECT * FROM `updating_files` WHERE `path` = '.$doc) or die('Could not query server');
$msg="";
if (count($in_db) > 0){
$msg="The file $doc is already registered in the database. Go <a href='' onclick='history.go(-1)'>back</a> for other files.";
} else {
$db->query("INSERT INTO `updating_files` (`ID`,`title`,`path`,`comments`,`type`) VALUES ('','$title','$doc','$comments','standard')") or die('Could not query server');
$msg="The file $doc has been registered. Go <a href='' onclick='history.go(-1)'>back</a> for other files.";
}
?>
<html>
<head><title>Blah...</title></head>
<body>
<?php echo $msg ?>
</body>
</html>