PHP db_escape函数代码示例

function getPeriods($yr, $mo, $account, $dimension, $dimension2, $balance = false)
{
    //$begin = date2sql(begin_fiscalyear());
    $date13 = date('Y-m-d', mktime(0, 0, 0, $mo + 12, 1, $yr));
    $date12 = date('Y-m-d', mktime(0, 0, 0, $mo + 11, 1, $yr));
    $date11 = date('Y-m-d', mktime(0, 0, 0, $mo + 10, 1, $yr));
    $date10 = date('Y-m-d', mktime(0, 0, 0, $mo + 9, 1, $yr));
    $date09 = date('Y-m-d', mktime(0, 0, 0, $mo + 8, 1, $yr));
    $date08 = date('Y-m-d', mktime(0, 0, 0, $mo + 7, 1, $yr));
    $date07 = date('Y-m-d', mktime(0, 0, 0, $mo + 6, 1, $yr));
    $date06 = date('Y-m-d', mktime(0, 0, 0, $mo + 5, 1, $yr));
    $date05 = date('Y-m-d', mktime(0, 0, 0, $mo + 4, 1, $yr));
    $date04 = date('Y-m-d', mktime(0, 0, 0, $mo + 3, 1, $yr));
    $date03 = date('Y-m-d', mktime(0, 0, 0, $mo + 2, 1, $yr));
    $date02 = date('Y-m-d', mktime(0, 0, 0, $mo + 1, 1, $yr));
    $date01 = date('Y-m-d', mktime(0, 0, 0, $mo, 1, $yr));
    if (!$balance) {
        $sql = "SELECT SUM(CASE WHEN tran_date >= '{$date01}' AND tran_date < '{$date02}' THEN amount ELSE 0 END) AS per01,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date02}' AND tran_date < '{$date03}' THEN amount ELSE 0 END) AS per02,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date03}' AND tran_date < '{$date04}' THEN amount ELSE 0 END) AS per03,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date04}' AND tran_date < '{$date05}' THEN amount ELSE 0 END) AS per04,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date05}' AND tran_date < '{$date06}' THEN amount ELSE 0 END) AS per05,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date06}' AND tran_date < '{$date07}' THEN amount ELSE 0 END) AS per06,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date07}' AND tran_date < '{$date08}' THEN amount ELSE 0 END) AS per07,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date08}' AND tran_date < '{$date09}' THEN amount ELSE 0 END) AS per08,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date09}' AND tran_date < '{$date10}' THEN amount ELSE 0 END) AS per09,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date10}' AND tran_date < '{$date11}' THEN amount ELSE 0 END) AS per10,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date11}' AND tran_date < '{$date12}' THEN amount ELSE 0 END) AS per11,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date12}' AND tran_date < '{$date13}' THEN amount ELSE 0 END) AS per12\n    \t\t\tFROM " . TB_PREF . "gl_trans\n\t\t\t\tWHERE account='{$account}'";
    } else {
        $sql = "SELECT SUM(CASE WHEN tran_date < '{$date02}' THEN amount ELSE 0 END) AS per01,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date03}' THEN amount ELSE 0 END) AS per02,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date04}' THEN amount ELSE 0 END) AS per03,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date05}' THEN amount ELSE 0 END) AS per04,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date06}' THEN amount ELSE 0 END) AS per05,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date07}' THEN amount ELSE 0 END) AS per06,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date08}' THEN amount ELSE 0 END) AS per07,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date09}' THEN amount ELSE 0 END) AS per08,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date10}' THEN amount ELSE 0 END) AS per09,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date11}' THEN amount ELSE 0 END) AS per10,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date12}' THEN amount ELSE 0 END) AS per11,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date13}' THEN amount ELSE 0 END) AS per12\n    \t\t\tFROM " . TB_PREF . "gl_trans\n\t\t\t\tWHERE account='{$account}'";
    }
    if ($dimension != 0) {
        $sql .= " AND dimension_id = " . ($dimension < 0 ? 0 : db_escape($dimension));
    }
    if ($dimension2 != 0) {
        $sql .= " AND dimension2_id = " . ($dimension2 < 0 ? 0 : db_escape($dimension2));
    }
    $result = db_query($sql, "Transactions for account {$account} could not be calculated");
    return db_fetch($result);
}

function sConfig($key, $value)
{
    $key = db_escape($key);
    $value = db_escape($value);
    $sql = "REPLACE INTO " . PREF . "config\n\t\tVALUE ('{$key}', '{$value}')";
    query($sql);
}

function getContactPerson($imc, $debtor_no, $branch_code)
{
    $sql = "Select CONCAT (d.name, d.name2) AS contactName FROM " . TB_PREF . "cust_branch b  INNER JOIN\n" . TB_PREF . "crm_contacts c on b.debtor_no=c.entity_id INNER JOIN " . TB_PREF . "crm_persons d on c.person_id=d.id where b.salesman = " . db_escape($imc) . "\n\tAND b.debtor_no = " . db_escape($debtor_no) . " AND b.branch_code = " . db_escape($branch_code) . "";
    $result = db_query($sql, "could not get IMC");
    $row = db_fetch_row($result);
    return $row[0];
}

 /**
  * Database server contents (list of tables)
  * 
  * @path: /ctl/$db_name
  * @accept: get
  * @view: db.database
  *
  **/
 function database()
 {
     /* {{{ */
     $this->tpl->add('tables', db_fetch_array('SHOW TABLES FROM `' . db_escape($this->db_name) . '`;'));
     $this->tpl->view('db.database');
     /* }}} */
 }

/**
 * Firstly, try to find controller class described in file
 * if not found, try initialize crud controller from database automatically
 *
 * @param string $controller - name on controller, interpreted in function 
 *	as part of filename or part of tablename
 * @return object controller
 **/
function get_controller_by_name($controller)
{
    $ctrl_file = '../app/controller/' . $controller . '.php';
    if (file_exists($ctrl_file)) {
        exec("echo 'Controller [{$GLOBALS['controller']}] loaded.' >> /tmp/weblog");
        require_once $ctrl_file;
        #TODO: find way to make class name independ of file name
        $ctl_class_name = $controller . '_ctl';
        if (!class_exists($ctl_class_name)) {
            exit;
        }
        $ctl = new $ctl_class_name();
    } else {
        #TODO: add security restrictions (black/white lists) for crud cotroller
        #TODO: improve search algorythm (strict compare instead of "like '%name'")
        $table = db_fetch_value('show tables like "%' . db_escape($controller) . '"');
        if ($table) {
            $ctl = new crud_ctl();
            $ctl->table = $table;
        } else {
            exec("echo 'ERROR: Controller [{$controller}] not found (requested {$_SERVER['PATH_INFO']}).' >> /tmp/weblog");
            die("<pre>Controller <strong>[{$controller}]</strong> not found.\n\n");
        }
    }
    return $ctl;
}

function get_sundry($customized)
{
    $sql = "SELECT DISTINCT a.*, v.type  from " . TB_PREF . "gl_trans a inner join " . TB_PREF . "customized b on a.type=b.type AND a.type_no=b.type_no\n        LEFT JOIN " . TB_PREF . "voided v ON v.type = a.type and v.id=a.type_no\n            where a.type=" . ST_DISBURSEMENT . " AND b.customized_no = " . db_escape($customized) . "";
    //if ($imc != 0)
    //  $sql .= " and ".TB_PREF."salesman.salesman_code =".db_escape($imc);
    //display_notification($sql);
    return db_query($sql, "No transactions were returned");
}

function getTransactions($supplier_id, $date)
{
    $date = date2sql($date);
    $sql = "SELECT SUM((ov_amount+ov_discount)*rate) AS Turnover\n\t\tFROM " . TB_PREF . "supp_trans\n\t\tWHERE supplier_id=" . db_escape($supplier_id) . "\n\t\tAND (type=" . ST_SUPPINVOICE . " OR type=" . ST_SUPPCREDIT . ")\n\t\tAND tran_date >='{$date}'";
    $result = db_query($sql, "No transactions were returned");
    $row = db_fetch_row($result);
    return $row[0];
}

function getTransactions($debtorno, $branchcode, $date)
{
    $date = date2sql($date);
    $sql = "SELECT SUM((ov_amount+ov_freight+ov_discount)*rate) AS Turnover\n\t\tFROM " . TB_PREF . "debtor_trans\n\t\tWHERE debtor_no=" . db_escape($debtorno) . "\n\t\tAND branch_code=" . db_escape($branchcode) . "\n\t\tAND (type=" . ST_SALESINVOICE . " OR type=" . ST_CUSTCREDIT . ")\n\t\tAND tran_date >='{$date}'";
    $result = db_query($sql, "No transactions were returned");
    $row = db_fetch_row($result);
    return $row[0];
}

function check_login(){
	$user=db_easy("SELECT `name`, `password_hash` FROM `users` WHERE `name`='".db_escape(@$_POST['user'])."'");
	if(generate_hash($user['name'], @$_POST['password'])==$user['password_hash']){
		return true;
	}else{
		return false;
	}
}

    function done()
    {
        $this->tpl->add('index', db_fetch_all('
			SELECT * FROM ' . db_escape($this->table) . '
			WHERE is_closed = 1
			ORDER BY date_closed
		'));
    }

/**
 * Handle on_user_cleanup event
 *
 * @param array $cleanup
 * @return null
 */
function discussions_handle_on_user_cleanup(&$cleanup)
{
    if (!isset($cleanup['project_objects'])) {
        $cleanup['project_objects'] = array();
    }
    // if
    $cleanup['project_objects'][] = array('id' => 'integer_field_1', 'name' => 'varchar_field_1', 'email' => 'varchar_field_2', 'condition' => 'type = ' . db_escape('Discussion'));
}

function msg_send_simple_message($owners, $sender, $timestamp, $message_type, $from, $subject, $text, $escaped = false, $force = false)
{
    global $config, $user, $sn_message_class_list;
    if (!$owners) {
        return;
    }
    $timestamp = $timestamp ? $timestamp : SN_TIME_NOW;
    $sender = intval($sender);
    if (!is_array($owners)) {
        $owners = array($owners);
    }
    if (!$escaped) {
        $from = db_escape($from);
        $subject = db_escape($subject);
        $text = db_escape($text);
    }
    $text_unescaped = stripslashes(str_replace(array('\\r\\n', "\r\n"), "<br />", $text));
    $message_class = $sn_message_class_list[$message_type];
    $message_class_email = $message_class['email'];
    $message_class_switchable = $message_class['switchable'];
    $message_class_name = $message_class['name'];
    $message_class_name_total = $sn_message_class_list[MSG_TYPE_NEW]['name'];
    if ($owners[0] == '*') {
        if ($user['authlevel'] < 3) {
            return false;
        }
        // TODO Добавить $timestamp - рассылка может быть и отсроченной
        // TODO Добавить $sender - рассылка может быть и от кого-то
        db_message_insert_all($message_type, $from, $subject, $text);
        $owners = array();
    } else {
        $insert_values = array();
        $insert_template = "('%u'," . str_replace('%', '%%', " '{$sender}', '{$timestamp}', '{$message_type}', '{$from}', '{$subject}', '{$text}')");
        foreach ($owners as $owner) {
            if ($user['id'] != $owner) {
                $owner_row = db_user_by_id($owner);
            } else {
                $owner_row = $user;
            }
            sys_user_options_unpack($owner_row);
            if ($force || !$message_class_switchable || $owner_row["opt_{$message_class_name}"]) {
                $insert_values[] = sprintf($insert_template, $owner);
            }
            if ($message_class_email && $config->game_email_pm && $owner_row["opt_email_{$message_class_name}"]) {
                @($result = mymail($owner_row['email'], $subject, $text_unescaped, '', true));
            }
        }
        if (empty($insert_values)) {
            return;
        }
        doquery($QryInsertMessage = 'INSERT INTO {{messages}} (`message_owner`, `message_sender`, `message_time`, `message_type`, `message_from`, `message_subject`, `message_text`) ' . 'VALUES ' . implode(',', $insert_values));
    }
    db_user_list_set_mass_mail($owners, "`{$message_class_name}` = `{$message_class_name}` + 1, `{$message_class_name_total}` = `{$message_class_name_total}` + 1");
    if (in_array($user['id'], $owners) || $owners[0] == '*') {
        $user[$message_class_name]++;
        $user[$message_class_name_total]++;
    }
}

function get_sql_for_commission_voucher($imc, $invoice_no)
{
    $sql = "SELECT a.imc, a.invoice_no, a.client, DATE_FORMAT(a.date, '%m-%d-%Y') as tranDate from " . TB_PREF . "comm_voucher a where a.imc= " . db_escape($imc) . "";
    if ($invoice_no != 0) {
        $sql .= " and a.invoice_no =" . db_escape($invoice_no);
    }
    $sql .= " ORDER BY a.invoice_no";
    return $sql;
}

function getList($imc)
{
    $sql = "SELECT a.* from " . TB_PREF . "cust_branch a";
    if ($imc != 0) {
        $sql .= " where salesman =" . db_escape($imc);
    }
    $sql .= " ORDER BY a.salesman";
    return db_query($sql, "Error getting order details");
}

function getTransactions($fromsupp)
{
    $sql = "SELECT " . TB_PREF . "grn_batch.id,\n\t\t\torder_no,\n\t\t\t" . TB_PREF . "grn_batch.supplier_id,\n\t\t\t" . TB_PREF . "suppliers.supp_name,\n\t\t\t" . TB_PREF . "grn_items.item_code,\n\t\t\t" . TB_PREF . "grn_items.description,\n\t\t\tqty_recd,\n\t\t\tquantity_inv,\n\t\t\tstd_cost_unit,\n\t\t\tact_price,\n\t\t\tunit_price\n\t\tFROM " . TB_PREF . "grn_items,\n\t\t\t" . TB_PREF . "grn_batch,\n\t\t\t" . TB_PREF . "purch_order_details,\n\t\t\t" . TB_PREF . "suppliers\n\t\tWHERE " . TB_PREF . "grn_batch.supplier_id=" . TB_PREF . "suppliers.supplier_id\n\t\tAND " . TB_PREF . "grn_batch.id = " . TB_PREF . "grn_items.grn_batch_id\n\t\tAND " . TB_PREF . "grn_items.po_detail_item = " . TB_PREF . "purch_order_details.po_detail_item\n\t\tAND qty_recd-quantity_inv <>0 ";
    if ($fromsupp != ALL_TEXT) {
        $sql .= "AND " . TB_PREF . "grn_batch.supplier_id =" . db_escape($fromsupp) . " ";
    }
    $sql .= "ORDER BY " . TB_PREF . "grn_batch.supplier_id,\n\t\t\t" . TB_PREF . "grn_batch.id";
    return db_query($sql, "No transactions were returned");
}