Created
January 27, 2011 23:50
-
-
Save alfredwesterveld/799551 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| session_start(); | |
| /* prevent XSS. */ | |
| $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING); | |
| $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING); | |
| /* prevent CSRF. */ | |
| if (!isset($_SESSION['token'])) { | |
| $token = md5(uniqid(rand(), TRUE)); | |
| $_SESSION['token'] = md5(uniqid(rand(), TRUE)); | |
| } else { | |
| $token = $_SESSION['token']; | |
| } | |
| /* prevent SQL-injection. */ | |
| $db = new PDO('sqlite:database/kv.sqlite3'); | |
| $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); | |
| $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); | |
| $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true); | |
| function createTable($db) { | |
| $db->exec("CREATE TABLE IF NOT EXISTS kv (id INTEGER PRIMARY KEY, key TEXT NOT NULL UNIQUE, value TEXT NOT NULL)"); | |
| } | |
| createTable($db); | |
| if (isset($_POST['token']) && isset($_POST['key']) && isset($_POST['value'])) { | |
| if ($_POST['token'] != $_SESSION['token']) { | |
| exit(); | |
| } | |
| try { | |
| $stmt = $db->prepare("REPLACE INTO kv (key,value) VALUES (:key,:value)"); | |
| $stmt->execute(array( | |
| ':key' => $_POST['key'], | |
| ':value' => $_POST['value'] | |
| )); | |
| $data['count'] = $stmt->rowCount(); | |
| echo json_encode($data); | |
| } catch(PDOException $e) { | |
| /*** echo the sql statement and error message ***/ | |
| echo $sql . '<br />' . $e->getMessage(); | |
| } | |
| exit(); | |
| } else if (isset($_GET['key'])) { | |
| try { | |
| $stmt = $db->prepare("SELECT value FROM kv WHERE key = :key"); | |
| $stmt->execute(array( | |
| ':key' => $_GET['key'], | |
| )); | |
| if ($row = $stmt->fetch()) { | |
| $data['value'] = $row['value']; | |
| } else { | |
| $data['error'] = "key not found"; | |
| } | |
| echo json_encode($data); | |
| } catch(PDOException $e) { | |
| /*** echo the sql statement and error message ***/ | |
| echo $sql . '<br />' . $e->getMessage(); | |
| } | |
| exit(); | |
| } else { ?> | |
| <?php } ?> | |
| <!DOCTYPE HTML> | |
| <meta charset="utf-8"> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>Demo stackoverflow.com - 4819699</title> | |
| </head> | |
| <body> | |
| <input type="hidden" id="token" value="<?= $token; ?>" /> | |
| <h1>Set:</h1> | |
| <label for="set-key">Key:</label><br /> | |
| <input type="text" id="set-key" /><br /> | |
| <label for="set-value">Value:</label><br /> | |
| <input type="text" id="set-value" /><br /> | |
| <button id="set-button">set</button> | |
| <h1>Get:</h1> | |
| <label for="get-key">Key:</label><br /> | |
| <input type="text" id="get-key" /><br /> | |
| <button id="get-button">get</button> | |
| <p id="result"></p> | |
| <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script> | |
| <script type="text/javascript"> | |
| $(document).ready(function() { | |
| $('#set-button').click(function() { | |
| var key = $('#set-key').val(); | |
| var value = $('#set-value').val(); | |
| var token = $('#token').val(); | |
| if (key && value) { | |
| $.post(".", { key: key, value: value, token: token }, function(data) { | |
| alert(data); | |
| }); | |
| return; | |
| } | |
| alert('key or value is not provided'); | |
| }); | |
| $('#get-button').click(function() { | |
| var key = $('#get-key').val(); | |
| if (key) { | |
| $.get(".", {key: key}, function(data) { | |
| $('#result').html(data); | |
| }); | |
| return; | |
| } | |
| alert('key not provided'); | |
| }); | |
| }); | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment