本文整理汇总了PHP中CheckSql函数的典型用法代码示例。如果您正苦于以下问题:PHP CheckSql函数的具体用法?PHP CheckSql怎么用?PHP CheckSql使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了CheckSql函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: TakeNavigateList
function TakeNavigateList($group = false, $skip = 0, $take = 10, $orderby = "convert(`group` USING gbk) COLLATE gbk_chinese_ci,displayorder,navid")
{
global $yiqi_db;
if ($group) {
return $yiqi_db->get_results(CheckSql("select * from yiqi_navigate as nav where nav.group = '{$group}' AND nav.status = 'ok' order by {$orderby} limit {$skip},{$take}"));
} else {
return $yiqi_db->get_results(CheckSql("select * from yiqi_navigate as nav where nav.status = 'ok' order by {$orderby} limit {$skip},{$take}"));
}
}示例2: TakeMetaList
function TakeMetaList($skip = 0, $take = 10, $orderby = "metaid")
{
global $yiqi_db;
if ($take < 1) {
return $yiqi_db->get_results(CheckSql("select metaid from yiqi_meta"));
} else {
return $yiqi_db->get_results(CheckSql("select * from yiqi_meta order by {$orderby} limit {$skip},{$take}"));
}
}示例3: TakeKeywordsList
function TakeKeywordsList($skip = 0, $take = 10, $where = "", $orderby = "displayorder")
{
global $yiqi_db;
if ($where == "") {
return $yiqi_db->get_results(CheckSql("select * from yiqi_keywords order by {$orderby} limit {$skip},{$take}"));
} else {
return $yiqi_db->get_results(CheckSql("select * from yiqi_keywords {$where} order by {$orderby} limit {$skip},{$take}"));
}
}示例4: GetDefaultTemplets
function GetDefaultTemplets()
{
global $yiqi_db;
$defaulttemplets = $yiqi_db->get_row(CheckSql("select * from yiqi_settings where varname = 'sitetemplets' limit 1"));
if (is_object($defaulttemplets)) {
return $this->GetTemplets($defaulttemplets->value);
} else {
return null;
}
}示例5: checkauth
function checkauth()
{
global $yiqi_db;
global $adminuserinfo;
$pagename = end(explode("/", $_SERVER["PHP_SELF"]));
$sql = "select * from yiqi_regular where value like '{$pagename}%' limit 1";
$regularinfo = $yiqi_db->get_row(CheckSql($sql));
$userregular = explode("|", $adminuserinfo->regular);
if (!checkregular($regularinfo->rid)) {
ShowMsg("您没有权限访问此页", "back");
exit;
}
}示例6: query
/**
* 035.* 执行一条sql语句
* 036.* @param string $sql 要执行的sql语句
* 037.* @param string $type 如果$type为UNBUFFERED:则执行mysql_unbuffered_query();他与mysql_query的区别是,执行后不获取和缓存结果的行
* 038.* @return object
* 039.
* */
function query($sql, $type = '')
{
$sql = CheckSql($sql);
//检查安全过滤sql
$func = $type == 'UNBUFFERED' && @function_exists('mysql_unbuffered_query') ? 'mysql_unbuffered_query' : 'mysql_query';
if (!($query = $func($sql, $this->link))) {
if (in_array($this->errno(), array(2006, 2013)) && substr($type, 0, 5) != 'RETRY') {
$this->close();
require ROOT_PATH . '/config.inc.php';
$this->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
$this->query($sql, 'RETRY' . $type);
} elseif ($type != 'SILENT' && substr($type, 5) != 'SILENT') {
$this->halt('MySQL Query Error', $sql);
}
}
$this->querynum++;
return $query;
}示例7: formaturl
function formaturl($params)
{
global $yiqi_db;
extract($params);
$sql = "select * from yiqi_settings where varname = 'urlrewrite' limit 1";
$result = $yiqi_db->get_row(CheckSql($sql));
if (strpos($name, "http://") === 0) {
return $name;
}
$name = urlencode($name);
if ($result->value == "true" || $result->value == "html" || $generatehtml) {
switch ($type) {
case "category":
if (is_numeric($page) && $page > 1) {
$urlinfo = "category/{$name}" . "_" . "{$page}/";
} else {
$urlinfo = "category/{$name}/";
}
break;
case "article":
$urlinfo = "article/{$name}.html";
break;
case "product":
$urlinfo = "product/{$name}.html";
break;
case "catalog":
$urlinfo = "catalog/{$name}/";
break;
case "comment":
$urlinfo = "comment.html";
break;
case "sitemap":
$urlinfo = "sitemap.xml";
break;
}
} else {
switch ($type) {
case "category":
if (is_numeric($page)) {
$urlinfo = "category.php?name={$name}&p={$page}";
} else {
$urlinfo = "category.php?name={$name}";
}
break;
case "article":
$urlinfo = "article.php?name={$name}";
break;
case "product":
$urlinfo = "product.php?name={$name}";
break;
case "catalog":
$urlinfo = "catalog.php?type={$name}";
break;
case "comment":
$urlinfo = "comment.php";
break;
case "sitemap":
$urlinfo = "sitemap.php";
break;
}
}
$rurl = $siteurl . "/" . $urlinfo;
if ($generatehtml) {
$rurl = $urlinfo;
}
return $rurl;
}示例8: TakeUserList
function TakeUserList($skip = 0, $take = 10)
{
global $yiqi_db;
return $yiqi_db->get_results(CheckSql("select * from yiqi_users order by adddate desc,uid desc limit {$skip},{$take}"));
}示例9: date
}
if (empty($categoryfilename)) {
$categoryfilename = date("YmdHis");
}
$categoryfilename = str_replace(" ", "-", $categoryfilename);
$existfilename = $categorydata->ExistFilename($categoryfilename);
if ($existfilename == 1) {
if ($categoryfilename != $catinfo->filename) {
if (strpos($categoryfilename, "http://") !== 0) {
exit("指定的文件名已经存在");
}
}
}
$categorytemplets = str_replace("{style}/", "", $categorytemplets);
$sql = "UPDATE yiqi_category SET name = '{$categoryname}',seotitle='{$categoryseotitle}',seokeywords='{$categoryseokeywords}',seodescription='{$categoryseodescription}',description='{$categorydescription}',filename = '{$categoryfilename}',templets = '{$categorytemplets}',takenumber = '{$categorytakenumber}' WHERE cid = '{$cid}'";
$result = $yiqi_db->query(CheckSql($sql));
if ($result == 1) {
$genehtml = getset("urlrewrite")->value;
if ($genehtml == "html") {
$category = $categorydata->GetCategory($cid);
if (!$tempinfo->template_exists($category->templets)) {
exit("没有找到文章模板,请与管理员联系!");
}
$curpage = 1;
$source = getcategorysource($category, $curpage);
$total = $source['totalpage'];
$urlparam = array('name' => $category->filename, 'type' => 'category', 'generatehtml' => 1, 'page' => $curpage);
$fileurl = formaturl($urlparam);
$cachedata->WriteFileCache(YIQIROOT . '/' . $fileurl . 'index.html', $source['source'], true);
while ($total > $curpage) {
$curpage++;示例10: UpdateCount
function UpdateCount($aid)
{
global $yiqi_db;
$sql = "UPDATE yiqi_article SET viewcount = viewcount+1 where aid = '{$aid}' limit 1";
$yiqi_db->query(CheckSql($sql));
}示例11: lib_sql
function lib_sql(&$ctag, &$refObj)
{
global $dsql, $sqlCt, $cfg_soft_lang;
$attlist = "sql|appname";
FillAttsDefault($ctag->CAttribute->Items, $attlist);
extract($ctag->CAttribute->Items, EXTR_SKIP);
//传递环境参数
preg_match_all("/~([A-Za-z0-9]+)~/s", $sql, $conditions);
$appname = empty($appname) ? 'default' : $appname;
if (is_array($conditions)) {
foreach ($conditions[1] as $key => $value) {
if (isset($refObj->Fields[$value])) {
$sql = str_replace($conditions[0][$key], "'" . addslashes($refObj->Fields[$value]) . "'", $sql);
}
}
}
$revalue = '';
$Innertext = trim($ctag->GetInnerText());
if ($sql == '' || $Innertext == '') {
return '';
}
if (empty($sqlCt)) {
$sqlCt = 0;
}
$ctp = new DedeTagParse();
$ctp->SetNameSpace('field', '[', ']');
$ctp->LoadSource($Innertext);
$thisrs = 'sq' . $sqlCt;
$GLOBALS['autoindex'] = 0;
// 引入配置文件
if ($appname != 'default') {
require_once DEDEDATA . '/tag/sql.inc.php';
global $sqltag;
$config = $sqltag[$appname];
if (!isset($config['dbname'])) {
return '';
}
// 链接数据库
$linkid = @mysql_connect($config['dbhost'], $config['dbuser'], $config['dbpwd']);
if (!$linkid) {
return '';
}
@mysql_select_db($config['dbname']);
$mysqlver = explode('.', $dsql->GetVersion());
$mysqlver = $mysqlver[0] . '.' . $mysqlver[1];
// 设定数据库编码及长连接
if ($mysqlver > 4.0) {
@mysql_query("SET NAMES '" . $config['dblanguage'] . "', character_set_client=binary, sql_mode='', interactive_timeout=3600 ;", $linkid);
}
$prefix = "#@__";
$sql = str_replace($prefix, $config['dbprefix'], $sql);
// 校验SQL字符串并获取数组返回
$sql = CheckSql($sql);
$rs = @mysql_query($sql, $linkid);
while ($row = mysql_fetch_array($rs, MYSQL_ASSOC)) {
$sqlCt++;
$GLOBALS['autoindex']++;
// 根据程序判断编码类型,并进行转码,这里主要就是gbk和utf-8
if (substr($cfg_soft_lang, 0, 2) != substr($config['dblanguage'], 0, 2)) {
$row = AutoCharset($row, $config['dblanguage'], $cfg_soft_lang);
}
foreach ($ctp->CTags as $tagid => $ctag) {
if ($ctag->GetName() == 'array') {
$ctp->Assign($tagid, $row);
} else {
if (!empty($row[$ctag->GetName()])) {
$ctp->Assign($tagid, $row[$ctag->GetName()]);
} else {
$ctp->Assign($tagid, "");
}
}
}
$revalue .= $ctp->GetResult();
}
@mysql_free_result($rs);
} else {
$dsql->Execute($thisrs, $sql);
while ($row = $dsql->GetArray($thisrs)) {
$sqlCt++;
$GLOBALS['autoindex']++;
foreach ($ctp->CTags as $tagid => $ctag) {
if ($ctag->GetName() == 'array') {
$ctp->Assign($tagid, $row);
} else {
if (!empty($row[$ctag->GetName()])) {
$ctp->Assign($tagid, $row[$ctag->GetName()]);
} else {
$ctp->Assign($tagid, "");
}
}
}
$revalue .= $ctp->GetResult();
}
}
return $revalue;
}示例12: CheckSql
<?php
if (isset($_GET['Submit'])) {
// Retrieve data
$id = $_GET['id'];
$id = CheckSql($id, 'select');
$getid = "SELECT first_name, last_name FROM users WHERE user_id = {$id}";
$result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>');
$num = mysql_numrows($result);
$i = 0;
while ($i < $num) {
$first = mysql_result($result, $i, "first_name");
$last = mysql_result($result, $i, "last_name");
$html .= '<pre>';
$html .= 'ID: ' . $id . '<br>First name: ' . $first . '<br>Surname: ' . $last;
$html .= '</pre>';
$i++;
}
}
//SQL语句过滤程序,由80sec提供,这里作了适当的修改
function CheckSql($db_string, $querytype = 'select')
{
$clean = '';
$error = '';
$old_pos = 0;
$pos = -1;
$userIP = GetIP();
$getUrl = GetCurUrl();
//如果是普通查询语句,直接过滤一些特殊语法
if ($querytype == 'select') {
$notallow1 = "[^0-9a-z@\\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\\.-]{1,}";示例13: SetQuery
function SetQuery($sql)
{
$prefix = "#@__";
$sql = str_replace($prefix, $this->dbPrefix, $sql);
$this->queryString = $sql;
if ($this->safeCheck) {
CheckSql($this->queryString);
//检查安全性
}
return $this->queryString;
}示例14: Templets
require_once 'product.class.php';
require_once 'link.class.php';
require_once 'category.class.php';
require_once 'navigate.class.php';
require_once 'cache.class.php';
require_once 'meta.class.php';
$tempinfo = new Templets();
$templets = $tempinfo->GetDefaultTemplets();
if ($templets == null) {
$templets->directory = "default";
}
$tempinfo->template_dir = YIQIROOT . '/templets/' . $templets->directory . '/';
$tempinfo->assign("templets", $templets);
$tempinfo->compile_dir = YIQIROOT . '/cache/compile/';
$sql = "select * from yiqi_settings";
$settinglist = $yiqi_db->get_results(CheckSql($sql));
if (count($settinglist) > 0) {
foreach ($settinglist as $settinginfo) {
$tempinfo->assign($settinginfo->varname, $settinginfo->value);
}
}
$categorydata = new Category();
$categorylist = $categorydata->GetSubCategory(0, "product");
$tempinfo->assign("categorylist", $categorylist);
$tempinfo->register_function("formaturl", "formaturl");
$tempinfo->register_function("readrss", "readrss");
//定义区域
$citys = array("zhengzhou" => "郑州", "taiyuan" => "太原", "xian" => "西安", "xinxiang" => "新乡", "xuchang" => "许昌", "jiaozuo" => "焦作", "anyang" => "安阳", "xinyang" => "信阳", "puyang" => "濮阳", "datong" => "大同");
$cv = $_GET['city'];
$city = $cv ? $citys[$cv] : "";
$tempinfo->assign('city', $city);示例15: Execute
function Execute($id = "me", $sql = '')
{
global $dsql;
if (!$dsql->isInit) {
$this->Init($this->pconnect);
}
if ($dsql->isClose) {
$this->Open(FALSE);
$dsql->isClose = FALSE;
}
if (!empty($sql)) {
$this->SetQuery($sql);
}
//SQL语句安全检查
if ($this->safeCheck) {
CheckSql($this->queryString);
}
$t1 = ExecTime();
$this->result[$id] = mysql_query($this->queryString, $this->linkID);
if ($this->recordLog) {
$queryTime = ExecTime() - $t1;
$this->RecordLog($queryTime);
}
if (!empty($this->result[$id]) && $this->result[$id] === FALSE) {
$this->DisplayError(mysql_error() . " <br />Error sql: <font color='red'>" . $this->queryString . "</font>");
}
}