Guest User

Untitled

a guest
May 2nd, 2020
39
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2.     $question=htmlspecialchars($_POST['question'],ENT_QUOTES);
  3.     $options=$_POST['options'];
  4.     $servername = "localhost";
  5.             $username = "DB";
  6.             $password = "pass";
  7.             $dbname = "DB";
  8.  
  9.     try
  10.     {
  11.         $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
  12.         $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  13.         $sql = "INSERT INTO poll (question) VALUES ('". $question ."')";
  14.         $conn->exec($sql);
  15.         $poll_id=$conn->lastInsertId();
  16.        
  17.         $stmt = $conn->prepare("INSERT INTO poll_options (option_id, option_string, poll_id) VALUES (?, ?, ?)");
  18.         $stmt->bindParam(1, $opt_id);
  19.         $stmt->bindParam(2, $opt_string);
  20.         $stmt->bindParam(3, $poll_id);
  21.        
  22.         for($i=0;$i<count($options);++$i)
  23.         {
  24.             $opt_id=$i+1;
  25.             $opt_string=htmlspecialchars($options[$i],ENT_QUOTES);
  26.             $stmt->execute();
  27.         }
  28.        
  29.         echo $poll_id;
  30.        
  31.     }
  32.     catch(PDOException $e)
  33.     {
  34.         echo $sql . "<br>" . $e->getMessage();
  35.     }
  36.  
  37.     $conn = null;
  38.  
  39.  
  40.  
  41.  
  42.  
  43.     $pid=$_POST["pId"];
  44.     $option=htmlspecialchars($_POST["option"],ENT_QUOTES);
  45.     $ip_addr=ip2long($_SERVER["REMOTE_ADDR"]);
  46.  
  47.     $servername = "localhost";
  48.             $username = "DB";
  49.             $password = "pass";
  50.             $dbname = "DB";
  51.  
  52.     try
  53.     {
  54.         $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
  55.         $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  56.         $nRows = $conn->query("SELECT count(*) FROM poll_responses WHERE ip_addr='$ip_addr' AND poll_id='$pid' ")->fetchColumn();
  57.         if($nRows==0 OR $ip_addr==0)
  58.         {
  59.             $sql = "INSERT INTO poll_responses (poll_id, option_id, ip_addr) VALUES ('$pid', '$option', '$ip_addr')";
  60.             $conn->exec($sql);
  61.             echo "Voted";
  62.         }
  63.         else
  64.         {
  65.             echo "You have already voted on this poll";
  66.         }
  67.     }
  68.     catch(PDOException $e)
  69.     {
  70.         echo " Error:" . $e->getMessage()." ".$pid."boo";
  71.     }
  72.  
  73.     $conn = null;
  74.  
  75.  
  76.     if(isset($_GET['p'])&&!empty($_GET['p'])&&is_numeric($_GET['p']))
  77.         {
  78.             $pid=$_GET['p'];
  79.     $servername = "localhost";
  80.             $username = "DB";
  81.             $password = "pass";
  82.             $dbname = "DB";
  83.             $totalvotes=0;
  84.             $totalvotesfordivision=0;
  85.  
  86.             try
  87.             {
  88.                 $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
  89.                 $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  90.                 $stmt = $conn->prepare("SELECT question FROM poll WHERE poll_id=$pid");
  91.                 $stmt->execute();
  92.                 $question = $stmt->setFetchMode(PDO::FETCH_OBJ);
  93.                 $question= $stmt->fetch();
  94.                 if(empty($question))
  95.                 {
  96.                     echo '<div ng-show="err" class="well-lg text-danger bg-danger text-center lead">Poll does not exist.</div></body></html>';
  97.                     die();
  98.                 }
  99.                 $stmt = $conn->prepare("SELECT option_id AS oid, option_string AS ostr, (SELECT count(option_id) FROM poll_responses WHERE option_id=oid AND poll_id=$pid ) AS count FROM poll_options WHERE poll_id=$pid");
  100.                 $stmt->execute();
  101.                 $options = $stmt->setFetchMode(PDO::FETCH_OBJ);
  102.  
  103.  
  104.  
  105.  
  106.  
  107.                     if(isset($_GET['p'])&&!empty($_GET['p'])&&is_numeric($_GET['p']))
  108.         {
  109.             $pid=$_GET['p'];
  110.             $servername = "localhost";
  111.             $username = "DB";
  112.             $password = "pass";
  113.             $dbname = "DB";
  114.            
  115.             try
  116.             {
  117.                 $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
  118.                 $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  119.                 $stmt = $conn->prepare("SELECT question FROM poll WHERE poll_id=$pid");
  120.                 $stmt->execute();
  121.                 $question = $stmt->setFetchMode(PDO::FETCH_OBJ);
  122.                 $question= $stmt->fetch();
  123.                 if(empty($question))
  124.                 {
  125.                     echo '<div ng-show="err" class="well-lg text-danger bg-danger text-center lead">Poll does not exist.</div></body></html>';
  126.                     die();
  127.                 }
  128.                 $stmt = $conn->prepare("SELECT option_id as oid, option_string as ostr FROM poll_options WHERE poll_id=$pid");
  129.                 $stmt->execute();
  130.                 $options = $stmt->setFetchMode(PDO::FETCH_OBJ);
  131.                 $options= $stmt->fetchAll();
RAW Paste Data