PHP check_var函数代码示例

// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/sysadmin_auth.inc';
require '../include/sidebar_menu.inc';
require '../include/errors.inc';
require '../include/year_tabs.inc';
$current_year = check_var('calyear', 'GET', true, false, true);
?>
<!DOCTYPE html>
<html>
<head>
	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
	<meta http-equiv="content-type" content="text/html;charset=<?php 
echo $configObject->get('cfg_page_charset');
?>
" />

	<title>Rog&#333;: <?php 
echo $string['summativeexamfeedback'] . ' ' . $configObject->get('cfg_install_type');
?>
</title>

// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
*
* @author Anthony Brown, Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/staff_auth.inc';
require_once '../include/errors.inc';
$modID = (int) check_var('module', 'GET', true, false, true);
if (!module_utils::get_moduleid_from_id($modID, $mysqli)) {
    $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
    $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
}
if (isset($_POST['Save'])) {
    //save session
    $identifier = time();
    $occurrence = $_POST['session_year'] . '-' . $_POST['session_month'] . '-' . $_POST['session_day'] . ' ' . $_POST['session_time'];
    $stmt = $mysqli->prepare("INSERT INTO sessions VALUES (NULL, ?, ?, ?, ?, ?, ?)");
    $identifier = intVal($identifier);
    $stmt->bind_param('ssssss', $identifier, $modID, $_POST['session_title'], $_POST['url'], $_POST['session'], $occurrence);
    $stmt->execute();
    $stmt->close();
    $result = $mysqli->prepare("SELECT MAX(obj_id) AS largest FROM objectives");
    $result->execute();

// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogo.  If not, see <http://www.gnu.org/licenses/>.
/**
* 
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/staff_auth.inc';
require_once '../include/errors.inc';
require_once '../include/paper_security.inc';
require_once '../classes/paperproperties.class.php';
$paperID = check_var('paperID', 'GET', true, false, true);
// Get some paper properties
$propertyObj = PaperProperties::get_paper_properties_by_id($paperID, $mysqli, $string);
$paper_title = $propertyObj->get_paper_title();
$start_date = $propertyObj->get_start_date();
$end_date = $propertyObj->get_end_date();
$calendar_year = $propertyObj->get_calendar_year();
$paper_bgcolor = $propertyObj->get_bgcolor();
$paper_fgcolor = $propertyObj->get_fgcolor();
$paper_themecolor = $propertyObj->get_themecolor();
$paper_labelcolor = $propertyObj->get_labelcolor();
$type = $propertyObj->get_rubric();
$paper_prologue = $propertyObj->get_paper_prologue();
$marking = $propertyObj->get_marking();
$display_photos = $propertyObj->get_display_correct_answer();
$labs = $propertyObj->get_labs();

// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/staff_auth.inc';
require_once '../include/survey_quantitative.inc.php';
require_once '../include/errors.inc';
require_once '../classes/stringutils.class.php';
require_once '../classes/paperproperties.class.php';
$paperID = check_var('paperID', 'GET', true, false, true);
$startdate = check_var('startdate', 'GET', true, false, true);
$enddate = check_var('enddate', 'GET', true, false, true);
// Get some paper properties
$propertyObj = PaperProperties::get_paper_properties_by_id($paperID, $mysqli, $string);
header('Pragma: public');
header('Content-disposition: attachment; filename=report.xml');
header('Content-type: text/xml');
function displayQuestion($q_id, $theme, $scenario, $leadin, $q_type, $correct, $q_media, $q_media_width, $q_media_height, $options, $log, $correct_buf, $screen, $question_number, $candidates)
{
    global $old_likert_scale, $old_display_method, $table_on;
    // Remove spaces
    $theme = str_replace('&nbsp;', ' ', $theme);
    $scenario = str_replace('&nbsp;', ' ', $scenario);
    $leadin = str_replace('&nbsp;', ' ', $leadin);
    $old_likert_scale = str_replace('&nbsp;', ' ', $old_likert_scale);
    // Remove nasty non-utf8 chars
    $theme = StringUtils::wordToUtf8(strip_tags($theme));

//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
*
* Delete a user account.
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/sysadmin_auth.inc';
require_once '../include/errors.inc';
require_once '../classes/userutils.class.php';
$userID = check_var('id', 'POST', true, false, true);
// Check that all the past user IDs actually exist.
$id_list = explode(',', $userID);
foreach ($id_list as $id) {
    if ($id != '') {
        if (!UserUtils::userid_exists($id, $mysqli)) {
            $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
            $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
        }
    }
}
foreach ($id_list as $single_id) {
    if ($single_id != '') {
        UserUtils::delete_userID($single_id, $mysqli);
    }
}

<?php

// This file is part of Rogō
//
// Rogō is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Rogō is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
* 
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../../include/staff_auth.inc';
require '../../include/errors.inc';
$announcementID = check_var('announcementID', 'GET', true, false, true);
$_SESSION['announcement' . $announcementID] = 'hide';

*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../../include/staff_auth.inc';
require '../../include/errors.inc';
require_once '../../classes/paperproperties.class.php';
require_once '../../plugins/questions/enhancedcalc/enhancedcalc.class.php';
require_once '../../plugins/questions/enhancedcalc/helpers/enhancedcalc_helper.php';
set_time_limit(0);
//header('Content-Type: text/html; charset=' + $configObject->get('cfg_page_charset'));
$paperID = check_var('paperID', 'REQUEST', true, false, true);
$startdate = check_var('startdate', 'REQUEST', true, false, true);
$enddate = check_var('enddate', 'REQUEST', true, false, true);
$properties = PaperProperties::get_paper_properties_by_id($paperID, $mysqli, $string);
$questions = $properties->get_questions();
$paper_type = $properties->get_paper_type();
$error = false;
// Get the enhanced calculation questions on the paper.
$q_ids = array();
$result = $mysqli->prepare("SELECT question, settings FROM papers, questions WHERE papers.question = questions.q_id AND q_type = 'enhancedcalc' AND paper = ?");
$result->bind_param('i', $paperID);
$result->execute();
$result->bind_result($q_id, $settings);
while ($result->fetch()) {
    $q_ids[$q_id] = $settings;
}
$result->close();
$possible = array();

* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../../include/staff_auth.inc';
require '../../include/errors.inc';
$status = 'ERROR';
$paperID = check_var('paper_id', 'POST', true, false, true);
$q_id = check_var('q_id', 'POST', true, false, true);
$log_id = check_var('log_id', 'POST', true, false, true);
$marker_id = check_var('marker_id', 'POST', true, false, true);
$mark = check_var('mark', 'POST', true, false, true);
$comments = isset($_POST['comments']) ? $_POST['comments'] : '';
$phase = check_var('phase', 'POST', true, false, true);
$log = check_var('log', 'POST', true, false, true);
$user_id = check_var('user_id', 'POST', true, false, true);
$reminders = isset($_POST['reminders']) ? $_POST['reminders'] : '';
if ($mark != 'NULL') {
    $sql = <<<QUERY
INSERT INTO textbox_marking (paperID, q_id, answer_id, markerID, mark, comments, date, phase, logtype, student_userID, reminders)
VALUES (?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?) ON DUPLICATE KEY UPDATE
markerID = ?, mark = ?, comments = ?, reminders = ?, date = NOW()
QUERY;
    try {
        $result = $mysqli->prepare($sql);
        $x = $mysqli->error;
        if ($result) {
            $result->bind_param('iiiidsiiisidss', $paperID, $q_id, $log_id, $marker_id, $mark, $comments, $phase, $log, $user_id, $reminders, $marker_id, $mark, $comments, $reminders);
            $result2 = $result->execute();
            if ($result !== false) {
                $status = 'OK';

// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
* 
* Confirm that it is OK to proceed deleting a reference material.
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/staff_auth.inc';
require '../include/errors.inc';
$refID = check_var('refID', 'GET', true, false, true);
if (!refmaterials_utils::refmaterials_exist($refID, $mysqli)) {
    $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
    $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
}
$mysqli->close();
?>
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <meta http-equiv="content-type" content="text/html;charset=<?php 
echo $configObject->get('cfg_page_charset');
?>
" />
  

//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
*
* Delete a question(s) in the question bank.
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/staff_auth.inc';
require '../include/errors.inc';
require_once '../classes/questionutils.class.php';
$qIDs = check_var('q_id', 'POST', true, false, true);
if ($qIDs[0] == ',') {
    $qIDs = substr($qIDs, 1);
}
$tmp_q_ids = explode(',', $_POST['q_id']);
$result = $mysqli->prepare("SELECT DISTINCT paper_title, paper, paper_type FROM (papers, properties) WHERE papers.paper = properties.property_id AND properties.deleted IS NULL AND question IN ({$qIDs})");
$result->execute();
$result->store_result();
$result->bind_result($paper_title, $paper, $paper_type);
$found = $result->num_rows;
$result->close();
if ($found == 0) {
    // Only delete if the question is on zero papers.
    for ($i = 1; $i < count($tmp_q_ids); $i++) {
        $qID = $tmp_q_ids[$i];
        QuestionUtils::delete_question($qID, $mysqli);

// This file is part of Rogō
//
// Rogō is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Rogō is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
* 
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../../include/sysadmin_auth.inc';
// Only let SysAdmin staff delete pages.
require '../../include/errors.inc';
require_once '../../classes/helputils.class.php';
$originalID = check_var('id', 'GET', true, false, true);
$help_system = new OnlineHelp($userObject, $configObject, $string, $notice, 'staff', $language, $mysqli);
$help_system->delete_page($originalID);
$mysqli->close();
header("location: index.php?id=1");

// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
* 
* Confirm that it is OK to proceed deleting a course.
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/sysadmin_auth.inc';
require '../include/errors.inc';
$courseID = check_var('courseID', 'GET', true, false, true);
$mysqli->close();
?>
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <meta http-equiv="content-type" content="text/html;charset=<?php 
echo $configObject->get('cfg_page_charset');
?>
" />

  <title><?php 
echo $string['confirmdelete'];
?>
</title>

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
* 
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/staff_auth.inc';
require '../include/errors.inc';
ini_set("auto_detect_line_endings", true);
$modID = check_var('module', 'REQUEST', true, false, true);
if (isset($_POST['submit'])) {
    $session = $_POST['session'];
    $session_flag = false;
    if ($_FILES['txtfile']['name'] != 'none' and $_FILES['txtfile']['name'] != '') {
        if (!move_uploaded_file($_FILES['txtfile']['tmp_name'], $configObject->get('cfg_tmpdir') . $userObject->get_user_ID() . '_load_objectives.txt')) {
            echo uploadError($_FILES['txtfile']['error']);
            exit;
        } else {
            $result = $mysqli->prepare("SELECT MAX(obj_id) AS largest FROM objectives");
            $result->execute();
            $result->bind_result($largest);
            $i = 0;
            while ($result->fetch()) {
                $obj_id = $largest + 1;
            }

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Rogō.  If not, see <http://www.gnu.org/licenses/>.
/**
*
* Delete a lab and all the client identifiers in it - Admin only.
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/admin_auth.inc';
require '../include/errors.inc';
$labID = check_var('labID', 'POST', true, false, true);
$lab_no = 0;
$result = $mysqli->prepare("SELECT name FROM labs WHERE id = ?");
$result->bind_param('i', $labID);
$result->execute();
$result->store_result();
$result->bind_result($lab_name);
$result->fetch();
$lab_no = $result->num_rows;
$result->close();
if ($lab_no == 0) {
    $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
    $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
}
$result = $mysqli->prepare("DELETE FROM client_identifiers WHERE lab = ?");
$result->bind_param('i', $labID);

<td valign=top>Message (<i>No HTML</i>):</td>
<td><textarea rows=10 cols=40 name=msg></textarea></td>
</tr>
<tr>
<td colspan=2>
<input type=hidden name=submitted value=1>
<input type=submit value="Add Entry">
</td>
</tr>
</table>
<form>
<?php 
} else {
    check_var('fullname');
    check_var('msg');
    check_var('email');
    $res = mysql_query("insert into guestbook (name, email, msg, remote_host) values " . "('" . addslashes($_REQUEST['fullname']) . "', '" . addslashes($_REQUEST['email']) . "', '" . addslashes(htmlspecialchars($_REQUEST['msg'])) . "', '" . addslashes($_SERVER['REMOTE_ADDR']) . "') ");
    if ($res === false) {
        die("Cannot insert entry into guestbook: " . mysql_error() . "\n");
    }
    print "<b>Entry successfully added</b>\n";
}
?>
<hr>
<?php 
/* Display entries */
$qh = mysql_query("select name, email, msg from guestbook order by entry_id desc");
if ($qh === false) {
    die("Cannot select entries from guestbook: " . mysql_error() . "\n");
}
function disprow($id, $val)