*/ echo "\n\n"; $DB_NAME = *****; $connect = @mysql_pconnect("*****", "*****", "*****"); // Connects to the database server $select = @mysql_select_db($DB_NAME); // Selects and opens the correct database // If the connection to the database fails, print failure XML if ((!$connect) || (!$select)) { echo ''; } else // If the database connects successfully continue { if ( (isset($_GET['projectName'])) && (isset($_GET['variableName'])) && (isset($_GET['modifier'])) && (isset($_GET['userID'])) ) // Checks to see if all GET variables are set { // Sanitizes input and intializes the GET variables $tableName = mysql_real_escape_string($_GET['projectName']); $metricName = mysql_real_escape_string($_GET['variableName']); $metricValueModifier = mysql_real_escape_string($_GET['modifier']); $userID = mysql_real_escape_string($_GET['userID']); date_default_timezone_set("America/New_York"); // Changes date function to EST. $dateModified = strval(date('Y-m-d H:i:s')); // Converts date to string for DB datetime field. $queryCheckTable = "SHOW tables like \"$tableName\""; $resultCheckTable = mysql_query($queryCheckTable); $queryCheckField = "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = '$DB_NAME' AND table_name = '$tableName' AND column_name = '$metricName'"; $resultCheckField = mysql_query($queryCheckField); if (mysql_num_rows($resultCheckTable) <= 0) // if the project does not exist print an XML failure { echo ''; } elseif (mysql_num_rows($resultCheckField) <= 0) // if the variable name does not exist, print XML failure { echo ''; } else // Modifies the variable and prints the new value to XML { $queryGetMetricValue = "SELECT $metricName FROM `$tableName` WHERE userID = $userID"; $resultGetMetricValue = mysql_query($queryGetMetricValue); $metricValue = mysql_fetch_array($resultGetMetricValue); // Gets the original metric value $newMetricValue = $metricValue[$metricName] + $metricValueModifier; mysql_query("UPDATE `$tableName` SET $metricName = $newMetricValue, dateAdded = '$dateModified' WHERE userID = $userID"); echo ''; } } else // If the incorrect number of GET parameters are passed in, then it fails and prints an XML failure { echo ''; } // @mysql_close(); // Closes all open DB connections } ?>