karimkhanp · August 29, 2015 13:57
diff --git a/mysql_queries b/mysql_queries
 <?php

 //INSERT

 		function store_feedback($message,$name,$email)
 		{
 			$con = mysqli_connect('127.0.0.1', 'root', '', 'mysql');				
 			if (mysqli_connect_errno())
 			{
 				echo "Failed to connect to MySQL: " . mysqli_connect_error();
 				return;
 			}
 			$insertQuery1 = "INSERT INTO feedback(`name`,`email`,`message`) VALUES ('".$name."','".$email."','".$message."')";
 			if (!mysqli_query($con,$insertQuery1))
 		  		{
 		  		//	die('Error: ' . mysqli_error($con));
 					echo "error";
 				}		
 			return;
 		}

 //SELECT

 	function get_category_url($category)
 		{
 			$con = mysqli_connect('127.0.0.1', 'root', '', 'mysql');
 			if (mysqli_connect_errno())
 			{
 				echo "Failed to connect to MySQL: " . mysqli_connect_error();
 				return;
 			}	
 			$today = date("Ymd");	
 			$result = mysqli_query($con,"SELECT url,img_url,sentiment,title,category from frrole_cateogry_article where category='".$category."' AND today <= '".$today."' AND title != '' AND img_url != '' order by today desc, rt_count DESC limit 3 ");
 			while ($row = @mysqli_fetch_array($result))
 			{
 				$url = $row['url'];
  			$img_url = $row['img_url'];
 				$title = $row['title'];				
 				$pcount = $row['sentiment'];
 			}
 		}
 		
 //CHeCK RECORD EXISTENCE
 	
 		function getPnr()
  	{
  		$con = mysqli_connect('127.0.0.1', 'root', '', 'safari');
  		if (mysqli_connect_errno())
  		{
  		    echo "Failed to connect to MySQL: " . mysqli_connect_error();
  		    return;
  		}
  		$pnr = mt_rand(1111111111, 99999999999);				
  		$result = mysqli_query($con,"SELECT user_pnr from tbl_user where user_pnr = '".$pnr."'");
  		if(mysqli_num_rows($result)>0)
  			getPnr();
  		else
  		return $pnr;
 	}
 		
 //SQL INJECTION PREVENT. Enclose var from user with real escape string
 	{
 	  $from = mysql_real_escape_string($_GET['from']);
 		$to = mysql_real_escape_string($_GET['to']);
 		$seats = mysql_real_escape_string($_GET['seats']);
 		$date = mysql_real_escape_string($_GET['date']);
 	}	
 	
 //Get single variable and compare it

 	function isConfirm($user_id)
 	{
 			$con = mysqli_connect('127.0.0.1', 'root', '', 'safari');				
 			if (mysqli_connect_errno())
 			{
 				echo "Failed to connect to MySQL: " . mysqli_connect_error();
 				return;
 			}
 			$result = mysqli_query($con,"select user_pnr from tbl_user where user_id = '".$user_id."' AND isConfirm = 'No' ");
 			$row = @mysqli_fetch_row($result);
 			echo $row[0];
 			return;
 	}

 ?>
	<?php

	//INSERT

	function store_feedback($message,$name,$email)
	{
	$con = mysqli_connect('127.0.0.1', 'root', '', 'mysql');
	if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
	return;
	}
	$insertQuery1 = "INSERT INTO feedback(`name`,`email`,`message`) VALUES ('".$name."','".$email."','".$message."')";
	if (!mysqli_query($con,$insertQuery1))
	{
	// die('Error: ' . mysqli_error($con));
	echo "error";
	}
	return;
	}

	//SELECT

	function get_category_url($category)
	{
	$con = mysqli_connect('127.0.0.1', 'root', '', 'mysql');
	if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
	return;
	}
	$today = date("Ymd");
	$result = mysqli_query($con,"SELECT url,img_url,sentiment,title,category from frrole_cateogry_article where category='".$category."' AND today <= '".$today."' AND title != '' AND img_url != '' order by today desc, rt_count DESC limit 3 ");
	while ($row = @mysqli_fetch_array($result))
	{
	$url = $row['url'];
	$img_url = $row['img_url'];
	$title = $row['title'];
	$pcount = $row['sentiment'];
	}
	}

	//CHeCK RECORD EXISTENCE

	function getPnr()
	{
	$con = mysqli_connect('127.0.0.1', 'root', '', 'safari');
	if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
	return;
	}
	$pnr = mt_rand(1111111111, 99999999999);
	$result = mysqli_query($con,"SELECT user_pnr from tbl_user where user_pnr = '".$pnr."'");
	if(mysqli_num_rows($result)>0)
	getPnr();
	else
	return $pnr;
	}

	//SQL INJECTION PREVENT. Enclose var from user with real escape string
	{
	$from = mysql_real_escape_string($_GET['from']);
	$to = mysql_real_escape_string($_GET['to']);
	$seats = mysql_real_escape_string($_GET['seats']);
	$date = mysql_real_escape_string($_GET['date']);
	}

	//Get single variable and compare it

	function isConfirm($user_id)
	{
	$con = mysqli_connect('127.0.0.1', 'root', '', 'safari');
	if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
	return;
	}
	$result = mysqli_query($con,"select user_pnr from tbl_user where user_id = '".$user_id."' AND isConfirm = 'No' ");
	$row = @mysqli_fetch_row($result);
	echo $row[0];
	return;
	}

	?>