This repository has been archived by the owner on Nov 17, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
functionsneeded.php
86 lines (74 loc) · 2.07 KB
/
functionsneeded.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
$dbhost = 'localhost';
$dbname = 'docconnect';
$dbuser = 'root';
$dbpass = 'medconnect';
$appname = "Doc Connect";
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());
function createTable($name, $query)
{
makeQuery("CREATE TABLE IF NOT EXISTS $name($query)");
}
//TODO: this is insecure - write methods for stuff in future
function makeQuery($query)
{
$result = mysql_query($query) or die(mysql_error());
return $result;
}
function destroySession()
{
$_SESSION = array();
if (session_id() != "" || isset($_COOKIE[session_name()]))
{
setcookie(session_name(), '', time()-2592000, '/');
}
session_destroy();
}
function sanitizeString($var)
{
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return mysql_real_escape_string($var);
}
function showProfile($user)
{
echo "<h2>$user</h2>";
if (file_exists("profilePhotos/$user.jpg"))
{
echo "<img style='border-radius:2px; border-radius:2px;' src = 'profilePhotos/$user.jpg' align = 'left' />";
}
$result = makeQuery("SELECT * FROM doctorProfiles WHERE username = '$user'");
$resultReviews = makeQuery("SELECT * FROM reviews WHERE username = '$user'");
if (mysql_num_rows($result))
{
$row = mysql_fetch_row($result);
echo stripslashes($row[1]) . "<br clear='left' /> <br/>".
"My Rating is: ".stripslashes($row[2]);
}
$numReviews = mysql_num_rows($resultReviews);
$numReviewsStart = $numReviews;
echo "<h3>This Doctor's Reviews</h3><br />";
if ($numReviews > 0)
{
echo "<table class='userReviews' cellspacing='20'><tr><th>Rating</th><th>Review
</th></tr>";
}
else
{
echo "<span style='font-size:1.4em;'>There are currently no reviews, Be the first to write one, below.
</span>";
}
while($numReviews > 0)
{
$reviewRow = mysql_fetch_assoc($resultReviews);
echo "<tr><td>".$reviewRow['rating']."</td><td>".$reviewRow['review']."</td></tr>";
--$numReviews;
}
if($numReviewsStart > 0)
{
echo "</table>";
}
}
?>