PHP dbEscape函数代码示例

/**
 * Updates the players name associated with the passed uuid.
 * 
 * @param playerUUID  The UUID of the player to update
 * @param playerName  The new name for the player
 * @return 			  True on success, false on failure
 */
function setPlayerName($playerUUID, $playerName)
{
    // do the update based on the internal ID, rather than the public UUID
    $playerID = getPlayerFromUUID($playerUUID);
    $qryUpdate = 'UPDATE
					  players
					  SET
					  name = \'' . dbEscape($playerName) . '\'
					  WHERE
					  id = \'' . (int) dbEscape($playerID) . '\'';
    $resUpdate = mysql_query($qryUpdate);
    return $resUpdate ? true : false;
}

 /**
  * Returns all accounts with pagination
  *
  * @param array $data
  * @param int $perPage
  * @return mixed
  */
 public function search(array $data, $perPage = 10)
 {
     $model = $this->getNew();
     if (isset($data['perPage'])) {
         $perPage = (int) $data['perPage'] < 1 || (int) $data['perPage'] > 10 ? 10 : $data['perPage'];
     }
     if (isset($data['username'])) {
         $username = dbEscape($data['username']);
         $model = $model->where('login', 'LIKE', '%' . $username . '%');
     }
     if (isset($data['email'])) {
         $email = dbEscape($data['email']);
         $model = $model->where('email', 'LIKE', '%' . $email . '%');
     }
     return $model->paginate($perPage);
 }

                     break;
             }
             if ($ok) {
                 $sets[dbEscape($sqlname)] = $content;
             }
         } else {
             $deletes[] = "'" . dbEscape($sqlname) . "'";
         }
     }
 }
 // Set fields that were submitted with custom value
 if (count($sets)) {
     // Escape variable names for save use inside below SQL IN query
     $sqlset = array();
     foreach (array_keys($sets) as $var) {
         $sqlset[] = "'" . dbEscape($var) . "'";
     }
     // Fetch current rows in config file so we know which one to UPDATE and which one to INSERT
     $in_db_rows = dbFetchRows('SELECT * FROM `config` WHERE `config_key` IN (' . implode(',', $sqlset) . ')');
     foreach ($in_db_rows as $index => $row) {
         $in_db[$row['config_key']] = $row['config_value'];
     }
     foreach ($sets as $key => $value) {
         if (isset($in_db[$key])) {
             // Already present in DB, update row
             if (serialize($value) != $in_db[$key]) {
                 // Submitted value is different from current value
                 dbUpdate(array('config_value' => serialize($value)), 'config', '`config_key` = ?', array($key));
                 $updates++;
             }
         } else {

// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
//
if (!canView('Events')) {
    $view = "error";
    return;
}
$sql = "select E.*,M.Name as MonitorName,M.Width,M.Height from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '" . dbEscape($_REQUEST['eid']) . "'";
$event = dbFetchOne($sql);
$sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '" . dbEscape($_REQUEST['eid']) . "' order by FrameId";
$frames = dbFetchAll($sql);
$focusWindow = true;
xhtmlHeaders(__FILE__, $SLANG['Frames'] . " - " . $event['Id']);
?>
<body>
  <div id="page">
    <div id="header">
      <div id="headerButtons"><a href="#" onclick="closeWindow();"><?php 
echo $SLANG['Close'];
?>
</a></div>
      <h2><?php 
echo $SLANG['Frames'];
?>
 - <?php 

    $view = "error";
    return;
}
$eid = validInt($_REQUEST['eid']);
if (!empty($_REQUEST['fid'])) {
    $fid = validInt($_REQUEST['fid']);
}
$sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '" . dbEscape($eid) . "'";
$event = dbFetchOne($sql);
if (!empty($fid)) {
    $sql = "select * from Frames where EventId = '" . dbEscape($eid) . "' and FrameId = '" . dbEscape($fid) . "'";
    if (!($frame = dbFetchOne($sql))) {
        $frame = array('FrameId' => $fid, 'Type' => 'Normal', 'Score' => 0);
    }
} else {
    $frame = dbFetchOne("select * from Frames where EventId = '" . dbEscape($eid) . "' and Score = '" . $event['MaxScore'] . "'");
}
$maxFid = $event['Frames'];
$firstFid = 1;
$prevFid = $frame['FrameId'] - 1;
$nextFid = $frame['FrameId'] + 1;
$lastFid = $maxFid;
$alarmFrame = $frame['Type'] == 'Alarm';
if (isset($_REQUEST['scale'])) {
    $scale = validInt($_REQUEST['scale']);
} else {
    $scale = max(reScale(SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE), SCALE_BASE);
}
$imageData = getImageSrc($event, $frame, $scale, isset($_REQUEST['show']) && $_REQUEST['show'] == "capt");
$imagePath = $imageData['thumbPath'];
$eventPath = $imageData['eventPath'];

// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
//
if (!canView('Stream')) {
    $view = "error";
    return;
}
$groupSql = "";
if (!empty($_REQUEST['group'])) {
    $sql = "select * from Groups where Id = '" . dbEscape($_REQUEST['group']) . "'";
    $row = dbFetchOne($sql);
    $groupSql = " and find_in_set( Id, '" . $row['MonitorIds'] . "' )";
}
$sql = "select * from Monitors where Function != 'None'{$groupSql} order by Sequence";
$maxWidth = 0;
$maxHeight = 0;
$showControl = false;
$index = 0;
$monitors = array();
foreach (dbFetchAll($sql) as $row) {
    if (!visibleMonitor($row['Id'])) {
        continue;
    }
    if (isset($_REQUEST['scale'])) {
        $scale = validInt($_REQUEST['scale']);

function dbFetchGroup($gid)
{
    return dbFetchOne("select * from Groups where Id = '" . dbEscape($gid) . "'");
}

//
if (!canEdit('Events')) {
    $view = "error";
    return;
}
if (isset($_REQUEST['eid'])) {
    $mode = 'single';
    $eid = validInt($_REQUEST['eid']);
    $sql = "select E.* from Events as E where E.Id = '" . dbEscape($eid) . "'";
    $newEvent = dbFetchOne($sql);
} elseif (isset($_REQUEST['eids'])) {
    $mode = 'multi';
    $sql = "select E.* from Events as E where ";
    $sqlWhere = array();
    foreach ($_REQUEST['eids'] as $eid) {
        $sqlWhere[] = "E.Id = '" . dbEscape($eid) . "'";
    }
    unset($eid);
    $sql .= join(" or ", $sqlWhere);
    foreach (dbFetchAll($sql) as $row) {
        if (!isset($newEvent)) {
            $newEvent = $row;
        } else {
            if ($newEvent['Cause'] && $newEvent['Cause'] != $row['Cause']) {
                $newEvent['Cause'] = "";
            }
            if ($newEvent['Notes'] && $newEvent['Notes'] != $row['Notes']) {
                $newEvent['Notes'] = "";
            }
        }
    }

function getNearEvents()
{
    global $user, $sortColumn, $sortOrder;
    $eventId = dbEscape($_REQUEST['id']);
    $event = dbFetchOne("select * from Events where Id = '" . $eventId . "'");
    parseFilter($_REQUEST['filter']);
    parseSort();
    if ($user['MonitorIds']) {
        $midSql = " and MonitorId in (" . join(",", preg_split('/["\'\\s]*,["\'\\s]*/', $user['MonitorIds'])) . ")";
    } else {
        $midSql = '';
    }
    $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where " . dbEscape($sortColumn) . " " . ($sortOrder == 'asc' ? '<=' : '>=') . " '" . $event[$_REQUEST['sort_field']] . "'" . $_REQUEST['filter']['sql'] . $midSql . " order by {$sortColumn} " . ($sortOrder == 'asc' ? 'desc' : 'asc');
    $result = dbQuery($sql);
    while ($id = dbFetchNext($result, 'Id')) {
        if ($id == $eventId) {
            $prevId = dbFetchNext($result, 'Id');
            break;
        }
    }
    $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where {$sortColumn} " . ($sortOrder == 'asc' ? '>=' : '<=') . " '" . $event[$_REQUEST['sort_field']] . "'" . $_REQUEST['filter']['sql'] . $midSql . " order by {$sortColumn} {$sortOrder}";
    $result = dbQuery($sql);
    while ($id = dbFetchNext($result, 'Id')) {
        if ($id == $eventId) {
            $nextId = dbFetchNext($result, 'Id');
            break;
        }
    }
    $result = array('EventId' => $eventId);
    $result['PrevEventId'] = empty($prevId) ? 0 : $prevId;
    $result['NextEventId'] = empty($nextId) ? 0 : $nextId;
    return $result;
}

$optUnits = array();
foreach (getEnumValues('Zones', 'Units') as $optUnit) {
    $optUnits[$optUnit] = $optUnit;
}
$optCheckMethods = array();
foreach (getEnumValues('Zones', 'CheckMethod') as $optCheckMethod) {
    $optCheckMethods[$optCheckMethod] = $optCheckMethod;
}
$monitor = dbFetchMonitor($mid);
$minX = 0;
$maxX = $monitor['Width'] - 1;
$minY = 0;
$maxY = $monitor['Height'] - 1;
if (!isset($newZone)) {
    if ($zid > 0) {
        $zone = dbFetchOne("select * from Zones where MonitorId = '" . dbEscape($monitor['Id']) . "' and Id = '" . dbEscape($zid) . "'");
    } else {
        $zone = array('Name' => $SLANG['New'], 'Id' => 0, 'MonitorId' => $monitor['Id'], 'NumCoords' => 4, 'Coords' => sprintf("%d,%d %d,%d, %d,%d %d,%d", $minX, $minY, $maxX, $minY, $maxX, $maxY, $minX, $maxY), 'Area' => $monitor['Width'] * $monitor['Height'], 'AlarmRGB' => 0xff0000, 'CheckMethod' => 'Blobs', 'MinPixelThreshold' => '', 'MaxPixelThreshold' => '', 'MinAlarmPixels' => '', 'MaxAlarmPixels' => '', 'FilterX' => '', 'FilterY' => '', 'MinFilterPixels' => '', 'MaxFilterPixels' => '', 'MinBlobPixels' => '', 'MaxBlobPixels' => '', 'MinBlobs' => '', 'MaxBlobs' => '', 'OverloadFrames' => '');
    }
    $zone['Points'] = coordsToPoints($zone['Coords']);
    $newZone = $zone;
}
//if ( !$points )
//{
//$points = $zone['Points'];
//}
ksort($newZone['Points'], SORT_NUMERIC);
$newZone['Coords'] = pointsToCoords($newZone['Points']);
$newZone['Area'] = getPolyArea($newZone['Points']);
$selfIntersecting = isSelfIntersecting($newZone['Points']);
$wd = getcwd();

 /**
  * Find similar articles
  *
  * @param array $keywords
  * @param string $slug
  * @param string $type
  * @param int $max
  * @return mixed
  */
 public function findSimilar(array $keywords, $slug, $type = 'title', $max = 5)
 {
     $query = $this->model;
     $query = $query->where(function ($query) use($type, $keywords) {
         foreach ($keywords as $keyword) {
             $query = $query->orWhere($type, 'LIKE', '%' . dbEscape($keyword) . '%');
         }
         return $query;
     });
     $query = $query->where('slug', '!=', $slug);
     return $this->convert($query->take($max)->get());
 }

					id,
					player_id,
					seed,
					processed,
					ip,
					host,
					urlargs
				)
				VALUES(
					\'\',
					\'' . (int) dbEscape($playerID) . '\',
					\'' . dbEscape($gameSeed) . '\',
					NOW(),
					\'' . dbEscape($playerIP) . '\',
					\'' . dbEscape($playerHost) . '\',
					\'' . dbEscape($gameArgs) . '\'
				)';
$resGame = mysql_query($qryGame);
$gameID = mysql_insert_id();
?>
<newgame>
	<id><?php 
echo xmlEscape($gameID);
?>
</id>
	<seed><?php 
echo xmlEscape($gameSeed);
?>
</seed>
</newgame>

<?php

$content_tpl->set_block("F_CONTENT", "B_MESSAGE_LOGGED_IN", "H_MESSAGE_LOGGED_IN");
$content_tpl->set_block("F_CONTENT", "B_MESSAGE", "H_MESSAGE");
$content_tpl->set_block("F_CONTENT", "B_WARNING_LOGIN_FAILED", "H_WARNING_LOGIN_FAILED");
$content_tpl->set_block("F_CONTENT", "B_WARNING_USERNAME", "H_WARNING_USERNAME");
$content_tpl->set_block("F_CONTENT", "B_WARNING", "H_WARNING");
$username = dbEscape($_REQUEST['username']);
$users_ref = dbQuery("SELECT * FROM `{$cfg['db_table_prefix']}users` " . "WHERE `username` = '{$username}'");
if ($users_row = dbFetch($users_ref)) {
    $password = crypt($_REQUEST['password'], substr($users_row['password'], 0, 2));
    if ($password == $users_row['password']) {
        // Set cookie
        if (isset($_REQUEST['remember'])) {
            // Expiration in 1 year
            $expire = time() + 3600 * 24 * 365;
        } else {
            // Session cookie expiration
            $expire = null;
        }
        $user_id_md5 = serialize(array($users_row['id'], md5($password)));
        setcookie("user_id", $user_id_md5, $expire, $cfg['path']);
        setUser($user_id_md5);
        $content_tpl->parse("H_MESSAGE_LOGGED_IN", "B_MESSAGE_LOGGED_IN");
        $content_tpl->parse("H_MESSAGE", "B_MESSAGE");
    } else {
        $content_tpl->parse("H_WARNING_LOGIN_FAILED", "B_WARNING_LOGIN_FAILED");
        $content_tpl->parse("H_WARNING", "B_WARNING");
    }
} else {
    $content_tpl->parse("H_WARNING_LOGIN_FAILED", "B_WARNING_LOGIN_FAILED");

                        setcookie("zmGroup", "", time() - 3600 * 24 * 2);
                        $refreshParent = true;
                    }
                }
            }
        }
    } else {
        if (ZM_USER_SELF_EDIT && $action == "user") {
            $uid = $user['Id'];
            $dbUser = dbFetchOne("select Id, Password, Language from Users where Id = '" . dbEscape($uid) . "'");
            $types = array();
            $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);
            if (!empty($_REQUEST['newUser']['Password'])) {
                $changes['Password'] = "Password = password('" . dbEscape($_REQUEST['newUser']['Password']) . "')";
            } else {
                unset($changes['Password']);
            }
            if (count($changes)) {
                $sql = "update Users set " . implode(", ", $changes) . " where Id = '" . dbEscape($uid) . "'";
                dbQuery($sql);
                $refreshParent = true;
            }
            $view = 'none';
        }
    }
    if ($action == "reset") {
        $_SESSION['zmEventResetTime'] = strftime(STRF_FMT_DATETIME_DB);
        setcookie("zmEventResetTime", $_SESSION['zmEventResetTime'], time() + 3600 * 24 * 30 * 12 * 10);
        //if ( $cookies ) session_write_close();
    }
}

// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
//
if (!canView('Stream')) {
    $view = "error";
    return;
}
$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '" . dbEscape($_REQUEST['mid']) . "'";
$monitor = dbFetchOne($sql);
if (isset($_REQUEST['control'])) {
    $control = validInt($_REQUEST['control']);
} else {
    $control = canView('Control') && $monitor['DefaultView'] == 'Control';
}
$showPtzControls = ZM_OPT_CONTROL && $monitor['Controllable'] && canView('Control');
if (isset($_REQUEST['scale'])) {
    $scale = validInt($_REQUEST['scale']);
} else {
    $scale = reScale(SCALE_BASE, $monitor['DefaultScale'], ZM_WEB_DEFAULT_SCALE);
}
$connkey = generateConnKey();
if (ZM_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT) {
    $streamMode = "mpeg";