-
Notifications
You must be signed in to change notification settings - Fork 1
/
buys.php
122 lines (92 loc) · 4.21 KB
/
buys.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
header('Access-Control-Allow-Origin:*');
// Define database connection parameters
$hn = 'localhost';
$un = 'root';
$pwd = '';
$db = 'digimart';
$cs = 'utf8';
// Set up the PDO parameters
$dsn = "mysql:host=" . $hn . ";port=3306;dbname=" . $db . ";charset=" . $cs;
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ,
PDO::ATTR_EMULATE_PREPARES => false,
);
// Create a PDO instance (connect to the database)
$pdo = new PDO($dsn, $un, $pwd, $opt);
// Retrieve the posted data
$json = file_get_contents('php://input');
$obj = json_decode($json);
$key = strip_tags($obj->key);
// Determine which mode is being requested
switch($key)
{
// Add a new record to the technologies table
case "create":
// Sanitise URL supplied values
$NAME = filter_var($obj->piece, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW);
// Attempt to run PDO prepared statement
try {
$sql = "INSERT INTO buy(pieces) VALUES(:pieces)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':pieces', $NAME, PDO::PARAM_STR);
$stmt->execute();
echo json_encode(array('message' => 'Congratulations the record ' . $NAME . ' was added to the database'));
}
// Catch any errors in running the prepared statement
catch(PDOException $e)
{
echo $e->getMessage();
}
break;
// Update an existing record in the technologies table
case "update":
$NAME = filter_var($obj->NAME, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW);
$MOBILE = filter_var($obj->MOBILE, FILTER_SANITIZE_NUMBER_INT);
$PASSWORD = filter_var($obj->PASSWORD, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW);
$SHOPNAME = filter_var($obj->SHOPNAME, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW);
$CATEGORY = filter_var($obj->CATEGORY, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW);
$LOCATION = filter_var($obj->LOCATION, FILTER_SANITIZE_NUMBER_INT);
$recordID = filter_var($obj->recordID, FILTER_SANITIZE_NUMBER_INT);
// Attempt to run PDO prepared statement
try {
$sql = "UPDATE register SET NAME = :NAME, MOBILE = :MOBILE,PASSWORD=:PASSWORD,SHOPNAME=:SHOPNAME,CATEGORY=:CATEGORY,LOCATION=:LOCATION WHERE sno = :recordID";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':NAME', $NAME, PDO::PARAM_STR);
$stmt->bindParam(':MOBILE', $MOBILE, PDO::PARAM_INT);
$stmt->bindParam(':PASSWORD', $PASSWORD, PDO::PARAM_STR);
$stmt->bindParam(':SHOPNAME', $SHOPNAME, PDO::PARAM_STR);
$stmt->bindParam(':CATEGORY', $CATEGORY, PDO::PARAM_STR);
$stmt->bindParam(':LOCATION', $LOCATION, PDO::PARAM_INT);
$stmt->bindParam(':recordID', $recordID, PDO::PARAM_INT);
$stmt->execute();
echo json_encode('Congratulations the record ' . $NAME . ' was updated');
}
// Catch any errors in running the prepared statement
catch(PDOException $e)
{
echo $e->getMessage();
}
break;
// Remove an existing record in the technologies table
case "delete":
// Sanitise supplied record ID for matching to table record
$recordID = filter_var($obj->recordID, FILTER_SANITIZE_NUMBER_INT);
// Attempt to run PDO prepared statement
try {
$pdo = new PDO($dsn, $un, $pwd);
$sql = "DELETE FROM technologies WHERE id = :recordID";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':recordID', $recordID, PDO::PARAM_INT);
$stmt->execute();
echo json_encode('Congratulations the record ' . $NAME . ' was removed');
}
// Catch any errors in running the prepared statement
catch(PDOException $e)
{
echo $e->getMessage();
}
break;
}
?>