File: //proc/11922/cwd/admin/api/category.php
<?php
session_start();
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
$postdata = file_get_contents("php://input");
if (isset($postdata)) {
$request = json_decode($postdata);
$category = $request->txtCategory;
date_default_timezone_set("Africa/Lagos");
require_once('connect/staff.php');
// To protect MySQL injection for Security purpose
// Preparatory (Lower Class), Preparatory (Upper Class), Junior Secondary, Senior Secondary
$Category = stripslashes($category);
$CategoryID = str_pad(mt_rand(1,9999),4,'0',STR_PAD_LEFT);
$Category = $db->real_escape_string($Category);
$outp = "";
$check = "SELECT count(*) FROM tblcategory WHERE CategoryID = '$CategoryID' || Category ='$Category'";
$rs = mysqli_query($db, $check);
$data = mysqli_fetch_array($rs, MYSQLI_NUM);
//print_r($data);
if($data[0] > 0) {
$outp = '{"result":{"created": "0" , "exists": "1" } }';
}else{
$cat = "INSERT INTO tblcategory (CategoryID, Category) VALUES ('$CategoryID', '$Category')";
if ($db->query($cat) === TRUE) {
$outp = '{"result":{"created": "1" , "exists": "0" } }';
}else{
$outp = '{"result":{"created": "-1" , "exists": "0" } }';
}
}
echo $outp;
$db->close();
}
?>