API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 8th, 2017
71
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.26 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Separate the logic from the HTML, in general you shouldn't have code which modifes the database in the same
  3. // file as an HTML page
  4. // Your database connection info - this will probably be defined somewhere else in you app, not in this file
  5. const DB_HOST = 'localhost';
  6. const DB_NAME = '*';
  7. const DB_USER = '*';
  8. const DB_PASS = '*';
  9. // if you don't know what this does, you probably want utf8mb4. For a very old version of MySQL, you want utf8
  10. const DB_CHARSET = 'utf8mb4';
  11. // While developing, turn error reporting up to max and make PHP display the error messages
  12. ini_set('display_errors', '1');
  13. error_reporting(-1);
  14. // First validate the request before doing anything else
  15. // only allow POST requests
  16. if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
  17. header('HTTP/1.1 405 Method Not Allowed');
  18. exit;
  19. }
  20. // Check that all the required form fields are defined
  21. +if (!isset($_POST['user_id'], $_POST['winst'], $_POST['verlies'])) {
  22. header('HTTP/1.1 400 Bad Request');
  23. exit;
  24. }
  25. try {
  26. // connect to the database - again this will probably be done somewhere else in your app
  27. $dsn = sprintf('mysql:host=%s;dbname=%s;charset=%s', DB_HOST, DB_NAME, DB_CHARSET);
  28. $db = new PDO($dsn, DB_USER, DB_PASS);
  29. $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); // turn off emulated prepares
  30. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // have PDO throw exceptions when something goes wrong
  31. // Prepare the query
  32. $stmt = $db->prepare("
  33. UPDATE info
  34. SET resultaten = resultaten + (:winst - :verlies)
  35. WHERE id = :user_id
  36. ");
  37. // all of these values are expected to be integers, so cast them. Anything
  38. // that's not a valid integer will probably end up being zero.
  39. $stmt->execute([
  40. 'user_id' => (int)$_POST['user_id'],
  41. 'winst' => (int)$_POST['winst'],
  42. 'verlies' => (int)$_POST['verlies'],
  43. ]);
  44. } catch (PDOException $e) {
  45. // When something goes wrong, log the error and tell the client
  46. error_log((string)$e);
  47. header('HTTP/1.1 500 Internal Server Error');
  48. exit;
  49. }
  50. // If we get here everything worked, so redirect to the results page
  51. header('HTTP/1.1 303 See Other');
  52. header('Location: http://fluffyme.xyz/code/workspace/CoinInfo/info.php');
  53. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!