Skip to content

Instantly share code, notes, and snippets.

@mewm

mewm/pretty_awesome_stuff.js

Last active January 8, 2019 14:52
Show Gist options
  • Save mewm/067beb49eac28e906af0 to your computer and use it in GitHub Desktop.
Save mewm/067beb49eac28e906af0 to your computer and use it in GitHub Desktop.
Download ZIP
omgz, look what awesome stuff you can do with eval() ! PS: NEVER EVER DO SOMETHING LIKE THIS!!!
Raw
pretty_awesome_stuff.js
function saveform()
{
var firstName = escapeSql(mainForm.elements.txtFirstName.value);
var lastName = escapeSql(mainForm.elements.txtLastName.value);
/* ... */
var offerCode = escapeSql(mainForm.elements.txtOfferCode.value);
var code =
' $cn = mssql_connect($DB_SERVER, $DB_USERNAME, $DB_PASSWORD) ' +
' or die("ERROR: Cannot Connect to $DB_SERVER"); ' +
' $db = mssql_select_db($DB_NAME, $cn); ' +
' ' +
' if (mssql_query("SELECT 1 FROM APPS WHERE SSN=\''+ssn+'\'", $cn)) ' +
' { $ins = false; } ' +
' else ' +
' { $ins = true; } ' +
' ' +
' if ($ins) { ' +
' $sql = "INSERT INTO APPS (FIRSTNM, LASTNM, ..., OFFERCD) VALUES ("; ' +
' $sql+= "\''+firstName+'\',"; ' +
' $sql+= "\''+lastName+'\',"; ' +
' $sql+= "\''+offerCode+'\')"; ' +
' ' +
' /* ... */ ' +
' ' +
' mssql_query($sql, $cn); ' +
' mssql_close($cn); ';
execPhp(code);
}
@MadsBuus
Copy link

MadsBuus commented Jan 8, 2019
edited

Also love the use of $ins :

if (mssql_query("SELECT 1 FROM APPS WHERE SSN=\''+ssn+'\'", $cn)) ' +
  '  { $ins = false; }                                                     ' +
  '  else                                                                  ' +
  '  { $ins = true; }                                                      ' +
  '                                                                        ' +
  '  if ($ins) {

:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment