-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmatchesjs.php
147 lines (103 loc) · 4.17 KB
/
matchesjs.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
//this tells the system that it's no longer just parsing
//html; it's now parsing PHP
$success = True; //keep track of errors so it redirects the page only if there are no errors
$db_conn = OCILogon("ora_q6r0b", "a24632151", "dbhost.ugrad.cs.ubc.ca:1522/ug");
function executePlainSQL($cmdstr) { //takes a plain (no bound variables) SQL command and executes it
//echo "<br>running ".$cmdstr."<br>";
global $db_conn, $success;
$statement = OCIParse($db_conn, $cmdstr); //There is a set of comments at the end of the file that describe some of the OCI specific functions and how they work
if (!$statement) {
echo "<br>Cannot parse the following command: " . $cmdstr . "<br>";
$e = OCI_Error($db_conn); // For OCIParse errors pass the
// connection handle
echo htmlentities($e['message']);
$success = False;
}
$r = OCIExecute($statement, OCI_DEFAULT);
if (!$r) {
echo "<br>Cannot execute the following command: " . $cmdstr . "<br>";
$e = oci_error($statement); // For OCIExecute errors pass the statementhandle
echo htmlentities($e['message']);
$success = False;
} else {
}
return $statement;
}
function executeBoundSQL($cmdstr, $list) {
/* Sometimes a same statement will be excuted for severl times, only
the value of variables need to be changed.
In this case you don't need to create the statement several times;
using bind variables can make the statement be shared and just
parsed once. This is also very useful in protecting against SQL injection. See example code below for how this functions is used */
global $db_conn, $success;
$statement = OCIParse($db_conn, $cmdstr);
if (!$statement) {
echo "<br>Cannot parse the following command: " . $cmdstr . "<br>";
$e = OCI_Error($db_conn);
echo htmlentities($e['message']);
$success = False;
}
foreach ($list as $tuple) {
foreach ($tuple as $bind => $val) {
//echo $val;
//echo "<br>".$bind."<br>";
OCIBindByName($statement, $bind, $val);
unset ($val); //make sure you do not remove this. Otherwise $val will remain in an array object wrapper which will not be recognized by Oracle as a proper datatype
}
$r = OCIExecute($statement, OCI_DEFAULT);
if (!$r) {
echo "<br>Cannot execute the following command: " . $cmdstr . "<br>";
$e = OCI_Error($statement); // For OCIExecute errors pass the statementhandle
echo htmlentities($e['message']);
echo "<br>";
$success = False;
}
}
}
/*
function printResult($result) { //prints results from a select statement
echo "<br>Got data from table tab1:<br>";
echo "<table>";
echo "<tr><th>ID</th><th>Name</th></tr>";
while ($row = OCI_Fetch_Array($result, OCI_BOTH)) {
echo "<tr><td>" . $row["NID"] . "</td><td>" . $row["NAME"] . "</td></tr>"; //or just use "echo $row[0]"
}
echo "</table>";
}
*/
// Connect Oracle...
if ($db_conn) {
$matchusername = array();
$data = json_decode(stripslashes($_POST['data']));
$len = sizeof($data);
if($len > 0){
$username = $data[0];
$UsernameMatch = executePlainSQL("select username2 from matches where username1 = '$username'");
while ($row = OCI_Fetch_Array($UsernameMatch, OCI_BOTH)) {
$UsernameBack = executePlainSQL("select username2 from matches where username1 = '$row[0]' and username2 = '$username'");
if($row2 = OCI_Fetch_Array($UsernameBack, OCI_BOTH)){
$accountmatch = executePlainSQL("select * from account where username = '$row[0]'");
while($row3 = OCI_Fetch_Array($accountmatch, OCI_BOTH)){
array_push($matchusername,$row3);
}
}
}
echo json_encode($matchusername);
//array_push($int,OCI_Fetch_Array($interests_user, OCI_BOTH));
// $intJSON = json_encode($int);
//echo json_encode(OCI_Fetch_Array($interests_user, OCI_BOTH));
}
//check if connection is successful
if ($_GET && $success) {
//POST-REDIRECT-GET -- See http://en.wikipedia.org/wiki/Post/Redirect/Get
header("location: matchesjs.php");
}
//Commit to save changes...
OCILogoff($db_conn);
} else {
echo "cannot connect";
$e = OCI_Error(); // For OCILogon errors pass no handle
echo htmlentities($e['message']);
}
?>