本文整理汇总了PHP中anti_injection函数的典型用法代码示例。如果您正苦于以下问题:PHP anti_injection函数的具体用法?PHP anti_injection怎么用?PHP anti_injection使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了anti_injection函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: Checkout
<?php
include "../classes/Config.php";
include "functions.php";
$checkout = new Checkout();
$cadastros = new Cadastros();
if (isset($_POST) && !empty($_POST)) {
if (isset($_POST['notificationCode']) && !empty($_POST['notificationCode'])) {
$transaction_id = anti_injection($_POST['notificationCode']);
$content = $checkout->CheckNotification($transaction_id);
/////////// INICIA VERIFICAÇÃO DE CRÉDITO ///////////
$transaction_info = $vendas->getRegistro($content->code);
if ($transaction_info['vnd_venda_entregue'] == '0') {
if ($transaction_info['vnd_produtos_id'] == '0') {
$cnt_credit = $transaction_info['vnd_item_count'];
} else {
$info = $produtos_info->getRegistro($transaction_info['vnd_produtos_id']);
$cnt_credit = $info['pro_produto_credit'];
}
if ($cadastros->CheckCreditExists($transaction_info['vnd_accounts_id'])) {
$cnt_credit_act = $cadastros->GetCreditCount($transaction_info['vnd_accounts_id']);
$cnt_credit = $cnt_credit + $cnt_credit_act;
$result = $cadastros->UpdateCredit($transaction_info['vnd_accounts_id'], $cnt_credit);
if ($result) {
$vendas->UpdateEntregue($content->code);
}
} else {
$result = $cadastros->AddCredit($transaction_info['vnd_accounts_id'], $cnt_credit);
if ($result) {
$vendas->UpdateEntregue($content->code);
}
示例2: session_start
<?php
session_start();
include "koneksi.php";
include "fungsi.php";
$pesan = 0;
selesaiDispSK($_POST["id_disposisi"]);
if (isset($_POST["terima"])) {
$ds_sk = mysql_fetch_array(mysql_query("SELECT * FROM myapp_maintable_suratkeluar WHERE id='" . $_POST["id_surat_keluar"] . "'"));
$peneken_nota = $_SESSION["id_level"];
if ($ds_sk["id_ttd"] == 1 || $ds_sk["id_ttd"] == 4) {
mysql_query("UPDATE myapp_maintable_suratkeluar SET no_nodin='" . nomor_nodin($peneken_nota, date("Y")) . "', tgl_nodin=CURDATE() WHERE id='" . $_POST["id_surat_keluar"] . "'");
}
if ($ds_sk["id_ttd"] == 4) {
mysql_query("UPDATE myapp_maintable_suratkeluar SET status=2 WHERE id='" . $_POST["id_surat_keluar"] . "'");
} else {
pushDispSK(anti_injection($_POST["id_surat_keluar"]), $_SESSION["id_level"], 2, anti_injection($_POST["catatan"]), 1);
}
header("location:../?mod=inform&pesan=30&redir=posisi_surat_keluar_kabid");
} else {
if (isset($_POST["tolak"])) {
$ds_id_dis = mysql_fetch_array(mysql_query("SELECT * FROM myapp_disptable_suratkeluar WHERE id='" . $_POST["id_disposisi"] . "'"));
pushDispSK(anti_injection($_POST["id_surat_keluar"]), $_SESSION["id_level"], levelBawahan(anti_injection($_POST["id_surat_keluar"]), 3), anti_injection($_POST["catatan"]), 2);
header("location:../?mod=inform&pesan=31&redir=posisi_surat_keluar_kabid");
}
}
示例3: error_reporting
<?php
error_reporting(0);
include "config/koneksi.php";
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
$user = anti_injection($_POST['username']);
$pass = anti_injection(md5($_POST['password']));
if (!ctype_alnum($user) or !ctype_alnum($pass)) {
echo "<div id='gagal' class='alert alert-danger'>Maaf anda bukan Administrator</div>";
}
// pastikan username dan password adalah berupa huruf atau angka.
$login = sprintf("SELECT * FROM digilib_admin WHERE username='{$user}' AND password='{$pass}'", mysql_real_escape_string($user), mysql_real_escape_string($pass));
$cek_lagi = mysql_query($login);
$ketemu = mysql_num_rows($cek_lagi);
$r = mysql_fetch_array($cek_lagi);
// Apabila username dan password ditemukan
if ($ketemu > 0) {
session_start();
$_SESSION['id_admin'] = $r['id_admin'];
$_SESSION['nama'] = $r['nama'];
$_SESSION['username'] = $r['username'];
$_SESSION['password'] = $r['password'];
$_SESSION['telphp'] = $r['telphp'];
$_SESSION['delete'] = $r['delete'];
if ($_SESSION['username'] !== '') {
echo "<div id='sukses' class='alert alert-info'><strong>BERHASIL...</strong><button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div><script>window.location ='media.php?home'</script>";
}
示例4: anti_injection
$password = $_POST['password'];
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
if (!ctype_alnum($username) or !ctype_alnum($password)) {
header('Content-Type: application/json');
echo json_encode(array('cek' => 'false'));
//echo 'false';
$user = $_POST['username'];
$aksi = "Melakukan percobaan tindakan sql injection";
catat($user, $aksi);
} else {
$username = anti_injection($username);
$password = anti_injection($password);
$login = mysql_query("SELECT * FROM petugas WHERE USERNAME_LOGIN='{$username}' AND PASSWORD_LOGIN='{$password}' ");
$ada = mysql_num_rows($login);
$r = mysql_fetch_array($login);
if ($ada > 0) {
session_start();
$_SESSION['KODE_PETUGAS'] = $r['KODE_PETUGAS'];
$_SESSION['NAMA_PETUGAS'] = $r['NAMA_PETUGAS'];
$_SESSION['EMAIL'] = $r['EMAIL'];
$_SESSION['USERNAME_LOGIN'] = $r['USERNAME_LOGIN'];
$_SESSION['STATE_ID'] = $r['STATE_ID'];
$_SESSION['AKSES'] = $r['AKSES'];
$user = $_SESSION['KODE_PETUGAS'];
$aksi = "Melakukan login sistem";
catat($user, $aksi);
header('Content-Type: application/json');
示例5: anti_injection
<?php
include "../php/koneksi.php";
include "../php/fungsi.php";
$id_surat = anti_injection($_GET["id"]);
$id_disposisi = anti_injection($_GET["id_disposisi"]);
bacaDispSK($id_disposisi);
$ds = mysql_fetch_array(mysql_query("SELECT \n \ta.*, b.unit_kerja, CONCAT('(', c.kode_masalah, ') ', c.masalah) AS masalah,\n \tCONCAT('(', d.kode, ') ', d.jenis_surat) AS jenis_surat\n FROM \n \tmyapp_maintable_suratkeluar a\n \tLEFT JOIN myapp_reftable_unitkerja b ON a.id_skpd_tujuan = b.id_unit_kerja\n \tLEFT JOIN myapp_reftable_masalah c ON a.id_masalah = c.id_masalah\n \tLEFT JOIN myapp_reftable_jenissurat d ON a.id_jenis_surat = d.id_jenis_surat\n WHERE \n \ta.id='" . $id_surat . "'"));
?>
<fieldset>
<legend><h3>EDIT SURAT KELUAR</h3></legend>
<form name="frm" action="../php/edit_surat_keluar.php" method="POST">
<input type="hidden" name="id" value="<?php
echo $_GET["id"];
?>
" />
<table border="0px" cellspacing='0' cellpadding='0' width='100%'>
<tr>
<td width='20%'>Nomor Surat</td>
<td width='10px'>:</td>
<td><b><?php
echo $ds["no_surat"];
?>
</b></td>
</tr>
<tr>
<td width='20%'>Tanggal Surat</td>
<td width='10px'>:</td>
<td><b><?php
echo $ds["tgl_surat"];
示例6: anti_injection
<?php
include "koneksi.php";
include "fungsi.php";
$ids = anti_injection($_GET["id"]);
$sql = "DELETE FROM myapp_maintable_suratmasuk WHERE id='" . $ids . "'";
mysql_query($sql);
//echo($sql);
header("location:../?mod=inform&pesan=2&redir=manajemen_surat_masuk_1");
示例7: getSubTitulo
?>
<?php
getSubTitulo('Formulário de Cadastro');
?>
<p>
<span style="font-weight:bold;">OBS:</span> Ao excluir um bloco, será excluido tudo o que estiver vinculado à ela (igreja, líderes, tribos, jovens, etc...).
</p><br />
<?php
/** Verifica, insere, etc, tudo aqui */
$form_id_cidade = isset($_POST['form-cidade']) ? $_POST['form-cidade'] : '';
$form_nome_bloco = isset($_POST['form-bloco']) ? $_POST['form-bloco'] : '';
$form_id_cidade = anti_injection($form_id_cidade);
$form_nome_bloco = anti_injection($form_nome_bloco);
$form_id_estado = $_SESSION['estado'];
//Verifica se usuario digitou alguma coisa
if (!empty($form_nome_bloco) && !empty($form_id_cidade)) {
try {
//Verifica se registro ja existe
$rs = $conx->prepare('SELECT id FROM fj_bloco WHERE nome_bloco=?');
$rs->bindParam(1, $form_nome_bloco);
$rs->execute();
$row = $rs->fetchAll(PDO::FETCH_ASSOC);
//Conta as linhas para verificação logo abaixo
$numRows = count($row);
} catch (PDOException $e) {
getDivResult(PAG_QUERY_ERR, DIV_ERR);
}
//Se não existe registro, insere, se existe, mostra erro de duplicidade
示例8: error_reporting
<?php
error_reporting(0);
include "config/koneksi.php";
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
$username = anti_injection($_POST['username2']);
$password = anti_injection($_POST['password2']);
$email = anti_injection($_POST['email2']);
$enkrip_pass = md5($password2);
$nip = anti_injection($_POST['nip']);
$cek_username = mysql_num_rows(mysql_query("SELECT username FROM tbl_user\n WHERE username='{$username}'"));
$ceknipdaftar = mysql_num_rows(mysql_query("SELECT nip FROM tbl_user\n WHERE nip='{$nip}'"));
$cek_email = mysql_num_rows(mysql_query("SELECT email FROM tbl_user\n WHERE email='{$email}'"));
$cek_nip = mysql_num_rows(mysql_query("SELECT nip FROM pegawai\n WHERE nip='{$nip}'"));
if ($cek_username > 0) {
echo "<div id='gagal' class='alert alert-danger'>Maaf Username sudah terdaftar<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
if ($cek_nip == 0) {
echo "<div id='gagal' class='alert alert-danger'>Mohon maaf NIP anda tidak terdaftar mohon menghubungi HRD<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
if ($cek_email > 0) {
echo "<div id='gagal' class='alert alert-danger'>Mohon maaf Email anda tidak terdaftar<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
if ($ceknipdaftar > 0) {
echo "<div id='gagal' class='alert alert-danger'>Mohon maaf NIP anda sudah terdaftar<button type='button' class='close' data-dismiss='alert'><i class='ace-icon fa fa-times'></i></button></div>";
} else {
mysql_query("INSERT INTO tbl_user(id_user,username,\n pass,\n email,\n level_user,w_daftar,nip,photo)\n VALUES('','{$username}',\n '{$enkrip_pass}',\n '{$email}',\n '5',NOW(),'{$nip}','../assets/avatars/avatar5.png')");
示例9: anti_injection
<?php
$nama = anti_injection($_POST["nama"]);
$kode = anti_injection($_POST["kode"]);
if ((int) $_GET["mode"] == 1) {
if ($nama == '') {
?>
<script type="text/javascript">
alert('nama tidak boleh kosong');
document.location.href='./index.php?mod=home&opt=jurusan&opts=tambah';
</script>
<?php
} else {
$d = mysql_query("insert into tbl_jurusan (nama) values ('{$nama}')");
if ($d) {
benar("./index.php?mod=home&opt=jurusan&opts=list");
} else {
salah("./index.php?mod=home&opt=jurusan&opts=tambah");
}
}
} else {
if ((int) $_GET["mode"] == 2) {
if ((int) $_GET["id_jurusan"] != 0) {
if ($nama == '') {
?>
<script type="text/javascript">
alert('nama tidak boleh kosong');
document.location.href='./index.php?mod=home&opt=jurusan&opts=edit&id_user=<?php
echo (int) $_GET["id_user"];
?>
';
示例10: addUserAct
public function addUserAct($user, $pass, $nama)
{
$data = array('IdUser' => '', 'uidUser' => anti_injection($user), 'passUser' => password_generator($pass), 'nameUser' => $nama);
$query = $this->db->insert('tuser', $data);
}
示例11: getSubTitulo
?>
<?php
getSubTitulo('Registro de eventos');
?>
<?php
/** Verifica, insere, etc, tudo aqui */
$form_nome_evento = isset($_POST['form-nome-evento']) ? $_POST['form-nome-evento'] : '';
$form_descricao = isset($_POST['form-descricao']) ? $_POST['form-descricao'] : '';
$form_data_evento = isset($_POST['form-data-evento']) ? $_POST['form-data-evento'] : '';
$form_qtd_jovens = isset($_POST['form-qtd-jovens']) ? $_POST['form-qtd-jovens'] : '';
$form_nome_evento = anti_injection($form_nome_evento);
$form_descricao = anti_injection($form_descricao);
$form_data_evento = anti_injection($form_data_evento);
$form_qtd_jovens = anti_injection($form_qtd_jovens);
$form_data_cad_evento = date('Y-m-d');
$form_id_estado = $_SESSION['estado'];
$form_id_cidade = $_SESSION['cidade'];
$form_id_regiao = $_SESSION['regiao'];
$form_id_bairro = $_SESSION['bairro'];
$form_id_igreja = $_SESSION['igreja'];
$form_id_lider_equipe = $_SESSION['lider_equipe'];
//Verifica se usuario digitou alguma coisa
if (!empty($form_nome_evento) && !empty($form_descricao) && !empty($form_data_evento) && !empty($form_qtd_jovens)) {
try {
//Verifica se registro ja existe
$rs = $conx->prepare('SELECT id FROM fj_eventos WHERE fk_q_igreja_id=? AND fk_bairro_id=? AND fk_estado_id=? AND fk_cidade_id=? AND fk_regiao_id=? AND data_evento=? AND nome_evento=?');
$rs->bindParam(1, $form_id_igreja);
$rs->bindParam(2, $form_id_bairro);
$rs->bindParam(3, $form_id_estado);
示例12: trim
<?php
include "config/koneksi.php";
include "config/library.php";
$nama = trim($_POST['nama']);
$pesan = trim($_POST['pesan']);
if (empty($nama)) {
echo "Anda belum mengisikan NAMA<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} elseif (empty($pesan)) {
echo "Anda belum mengisikan PESAN<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} elseif (strlen($_POST['pesan']) > 100) {
echo "PESAN Anda kepanjangan, dikurangin atau dibagi jadi beberapa bagian.<br />\n \t <a href=javascript:history.go(-1)><b>Ulangi Lagi</b>";
} else {
function anti_injection($data)
{
$filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data, ENT_QUOTES))));
return $filter;
}
$nama = anti_injection($_POST['nama']);
$website = anti_injection($_POST['website']);
$pesan = anti_injection($_POST['pesan']);
$kueri = mysql_query("INSERT INTO shoutbox(nama, website, pesan, tanggal, jam)\n VALUES('{$nama}', '{$website}', '{$pesan}', '{$tgl_sekarang}','{$jam_sekarang}')");
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
}
示例13: bacaDisp
<title>Cetak Lembar Disposisi</title>
</head>
<body onload="window.print();">
<table border='1' style="border-collapse: collapse; width:100%;">
<tr>
<td width='5%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">No.</td>
<td width='20%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Asal</td>
<td width='20%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Tujuan</td>
<td width='20%' align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Catatan</td>
<td align='center' style="padding: 10px; font-weight: bold; text-transform: uppercase; background-color: black; color: white;">Paraf</td>
</tr>
<?php
include "../php/koneksi.php";
include "../php/fungsi.php";
bacaDisp($_GET["id_disposisi"]);
$id_surat = anti_injection($_GET['id']);
$sql = "SELECT\n \tb.level AS level_asal, c.level AS level_tujuan, a.catatan, a.tgl_disposisi, c.urutan, d.nama\n FROM\n \tmyapp_disptable_suratmasuk a\n \tLEFT JOIN myapp_reftable_levelpengguna b ON a.id_level_asal = b.id\n \tLEFT JOIN myapp_reftable_levelpengguna c ON a.id_level_tujuan = c.id\n LEFT JOIN myapp_maintable_pengguna d ON a.id_pengguna_tujuan = d.id\n WHERE\n \tMD5(MD5(a.id_surat_masuk )) = '" . $id_surat . "'";
$res = mysql_query($sql);
$ctr = 0;
while ($ds = mysql_fetch_array($res)) {
$ctr++;
$nama = "";
if ($ds["urutan"] == 4) {
$nama = " [[ " . $ds["nama"] . " ]]";
}
?>
<tr>
<td align='center' style="padding: 10px;"><?php
echo $ctr;
?>
</td>
示例14: stripslashes
<IMG SRC="images/menu/textmenu_member.gif" BORDER="0">
<TABLE width="740" align=center cellSpacing=0 cellPadding=0 border=0>
<TR>
<TD height="1" class="dotline" ></TD>
</TR>
<TR><td>
<?php
$user_login = stripslashes($_POST['user_login']);
$user_login = mysql_real_escape_string($_POST['user_login']);
$pwd_login = stripslashes($_POST['pwd_login']);
$pwd_login = mysql_real_escape_string($_POST['pwd_login']);
if (is_valid($user_login) == true && is_valid($pwd_login) == true) {
$Username = preg_replace('/"/i', '\\"', $user_login);
$Password = preg_replace("/'/i", "\\'", $pwd_login);
anti_injection($Username, $Password, $IPADDRESS);
//ÃкºÊÁÒªÔ¡àÊÃÔÁ maxsite 1.10 ¾Ñ²¹Òâ´Â www.narongrit.net
if (USE_CAPCHA) {
if ($_SESSION['security_code'] != $_POST['security_code'] or empty($_POST['security_code'])) {
echo "<script language='javascript'>";
echo "alert('" . _JAVA_CAPTCHA_NOACC . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.go(-1)</script>";
// echo " if(".$_SESSION['security_code']." != ".$_POST['security_code']." OR empty(".$_POST['security_code'].")) {";
exit;
}
}
if (isset($Username) and isset($Password)) {
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$res['admin'] = $db->select_query("SELECT * FROM " . TB_ADMIN . " WHERE username='" . $Username . "' AND password='" . md5($Password) . "' ");
$rows['admin'] = $db->rows($res['admin']);
示例15: session_start
<?php
session_start();
include "../koneksi.php";
include "../../method/function.php";
// set the post variabel securely
$username = anti_injection($_POST['username']);
$password = anti_injection($_POST['password']);
$res = mysql_query("SELECT \n \ta.*, b.atasan AS atasan, b.level as level \n FROM \n \tmyapp_maintable_pengguna a\n LEFT JOIN \n \tmyapp_reftable_levelpengguna b ON a.id_level = b.id\n WHERE \n \tusername = '" . $username . "' AND password = '" . md5($password) . "'");
if (mysql_num_rows($res) == 1) {
$ds = mysql_fetch_array($res);
$_SESSION["password"] = $ds["password"];
$_SESSION["id_pengguna"] = $ds["id"];
$_SESSION["id_level"] = $ds["id_level"];
$_SESSION["username"] = $ds["username"];
$_SESSION["nama"] = $ds["nama"];
$_SESSION["atasan"] = $ds["atasan"];
$_SESSION["level"] = $ds["level"];
// set login act depend on id level of user
// rules
switch ($ds['id_level']) {
case 18:
header("location:../../?mod=main_loket");
break;
case 1:
header("location:../../?mod=main_kaban");
break;
case 2:
header("location:../../?mod=main_sekretaris");
break;
case 3: