TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d7a50709ebbeb6cfd598c9be91da310ff9f9786
4WDCSA.co.za/create_bar_tab.php
twotalesanimation 45523720ea Remove: Deprecated MySQLi functions - convert to OOP prepared statements 
- create_bar_tab.php: Replaced mysqli_real_escape_string() and procedural mysqli_query/mysqli_num_rows/mysqli_error with OOP prepared statements
- submit_order.php: Replaced mysqli_real_escape_string() and procedural mysqli_query/mysqli_error with OOP prepared statements
- fetch_drinks.php: Replaced mysqli_real_escape_string() and procedural mysqli_query/mysqli_fetch_assoc with OOP prepared statements
- comment_box.php: Removed mysqli_real_escape_string(), added CSRF token validation for comment submission

All files now use consistent OOP MySQLi approach with proper parameter binding. Fixes PHP 8.1+ compatibility and improves security against multi-byte character injection.
2025-12-03 19:52:54 +02:00

53 lines
2.0 KiB
PHP
Raw Blame History

<?php
require_once("session.php");
require_once("connection.php");
require_once("functions.php");
// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Security token validation failed.']);
exit();
}
// Check if user_id is set in the POST request
if (isset($_POST['user_id']) && !empty($_POST['user_id'])) {
// Validate user_id as integer
$user_id = intval($_POST['user_id']);
if ($user_id <= 0) {
echo json_encode(['status' => 'error', 'message' => 'Invalid user ID.']);
exit();
}
$created_at = date('Y-m-d H:i:s'); // Use current date and time for created_at
// First, check if a bar tab already exists for this user_id
$stmt = $conn->prepare("SELECT * FROM bar_tabs WHERE user_id = ? LIMIT 1");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$checkResult = $stmt->get_result();
if ($checkResult->num_rows > 0) {
// If a bar tab already exists for this user_id, return an error message
echo json_encode(['status' => 'error', 'message' => 'A bar tab already exists for this user.']);
} else {
// Prepare the SQL query to insert a new record into the bar_tabs table
$stmt = $conn->prepare("INSERT INTO bar_tabs (user_id) VALUES (?)");
$stmt->bind_param("i", $user_id);
// Execute the query
if ($stmt->execute()) {
// If the insertion is successful, return a success message
echo json_encode(['status' => 'success', 'message' => 'Bar tab created successfully.']);
} else {
// If there's an error, return an error message
echo json_encode(['status' => 'error', 'message' => 'Error: ' . $conn->error]);
}
}
} else {
// If user_id is not provided, return an error message
echo json_encode(['status' => 'error', 'message' => 'User ID is required.']);
}
?>
Reference in New Issue View Git Blame Copy Permalink