本文整理汇总了PHP中escape_sql函数的典型用法代码示例。如果您正苦于以下问题:PHP escape_sql函数的具体用法?PHP escape_sql怎么用?PHP escape_sql使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了escape_sql函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: switch
$post = FALSE;
switch ($_SERVER['REQUEST_METHOD']) {
case "GET":
foreach ($getParams as $gp) {
if (isset($_GET[$gp])) {
${$gp} = Util::htmlentities(escape_sql(trim($_GET[$gp]), $conn));
} else {
${$gp} = "";
}
}
break;
case "POST":
$post = TRUE;
foreach ($postParams as $pp) {
if (isset($_POST[$pp])) {
${$pp} = Util::htmlentities(escape_sql(trim($_POST[$pp]), $conn));
} else {
${$pp} = "";
}
}
break;
}
$offset = intval($offset);
// latest results table
$roffset = intval($roffset);
// reports table
$sreport = intval($sreport);
// to show reports
//for autocomplete input
$autocomplete_keys = array('hosts_ips', 'nets_cidrs', 'sensors');
$assets = Autocomplete::get_autocomplete($dbconn, $autocomplete_keys);
示例2: ossim_set_error
default:
ossim_set_error(_("Error in the 'Quick Search Field' field (missing required field)"));
}
}
ossim_valid($sensor, OSS_HEX, 'illegal:' . _('Sensor'));
ossim_valid($sortname, ",", OSS_ALPHA, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Order Name'));
ossim_valid($sortorder, OSS_LETTER, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Sort Order'));
ossim_valid($field, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _('Field'));
ossim_valid($page, OSS_DIGIT, 'illegal:' . _('Page'));
ossim_valid($rp, OSS_DIGIT, 'illegal:' . _('Rp'));
if (ossim_error()) {
$db->close();
echo "<rows>\n<page>1</page>\n<total>0</total>\n</rows>\n";
exit;
}
$sensor = escape_sql($sensor, $conn);
$sortname = !empty($sortname) ? $sortname : "hostname";
$sortname = $sortname == 'ip' ? "INET_ATON(ip)" : $sortname;
$sortorder = !empty($sortorder) && strtolower($sortorder) == 'desc' ? 'DESC' : 'ASC';
$order = $sortname . " " . $sortorder;
$start = ($page - 1) * $rp;
$limit = "LIMIT {$start}, {$rp}";
/* Storing the sensor in session to remember the selection in the sensor combo */
$_SESSION['ossec_sensor'] = $sensor;
Ossec_agentless::syncronize_ossec_agentless($conn, $sensor);
$extra = !empty($where) ? $where . " ORDER BY {$order} {$limit}" : " ORDER BY {$order} {$limit}";
list($agentless_list, $total) = Ossec_agentless::get_list($conn, $sensor, $extra);
$xml = "<rows>\n";
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($agentless_list as $agentless) {
示例3: GET
if (empty($order)) $order = POST('sortname');
if (!empty($order)) $order.= (POST('sortorder') == "asc") ? "" : " desc";
*/
$search = GET('query');
if (empty($search)) {
$search = POST('query');
}
$field = POST('qtype');
//ossim_valid($order, OSS_ALPHA, OSS_SPACE, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _("order"));
ossim_valid($page, OSS_DIGIT, 'illegal:' . _("page"));
ossim_valid($rp, OSS_DIGIT, 'illegal:' . _("rp"));
ossim_valid($search, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("search"));
ossim_valid($field, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("field"));
if (!empty($search)) {
$search = mb_detect_encoding($search . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? Util::utf8entities($search) : $search;
$search = escape_sql($search, $conn);
switch ($field) {
case "plugin_sid":
$where .= ",plugin_sid WHERE plugin_sid.plugin_id=plugin_reference.plugin_id AND plugin_sid.sid=plugin_reference.plugin_sid AND plugin_sid.name like '%" . $search . "%'";
break;
case "plugin_id":
$where .= ",plugin WHERE plugin.id=plugin_reference.plugin_id AND plugin.name like '%" . $search . "%'";
break;
case "reference_sid":
$where .= ",plugin_sid WHERE plugin_sid.plugin_id=plugin_reference.reference_id AND plugin_sid.sid=plugin_reference.reference_sid AND plugin_sid.name like '%" . $search . "%'";
break;
case "reference_id":
$where .= ",plugin WHERE plugin.id=plugin_reference.reference_id AND plugin.name like '%" . $search . "%'";
break;
default:
ossim_set_error(_("Error in the 'Quick Search Field' field (missing required field)"));
示例4: POST
} else {
$company = POST('company');
$department = POST('department');
if ($mode == 'insert') {
unset($validate["template_id"]);
}
}
$validation_errors = validate_form_fields('POST', $validate);
//Extended validation
if (empty($validation_errors['login'])) {
//Checking permissions to create or modify users
if ($mode == 'insert') {
if (!$am_i_admin && !$am_i_proadmin) {
$validation_errors['login'] = _("You don't have permission to create users");
} else {
$s_login = escape_sql($login, $conn, FALSE);
$u_list = Session::get_list($conn, "WHERE login='" . $s_login . "'");
if (count($u_list) > 0) {
$validation_errors['login'] = _('User login already exists') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($login) . "</strong>'";
}
}
} else {
$condition_1 = $am_i_admin && $login != AV_DEFAULT_ADMIN || $is_my_profile;
$condition_2 = $am_i_proadmin && Session::userAllowed($login) == 2;
if (!($condition_1 || $condition_2)) {
$validation_errors['login'] = _("You don't have permission to modify this user");
}
}
}
//Checking password field requirements
if (empty($validation_errors['pass'])) {
示例5: get_version_list
function get_version_list($conn, $data)
{
$response = array();
$model = $data['model'];
ossim_valid($model, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _("Model"));
check_ossim_error();
if (empty($model)) {
$items = array();
} else {
$model = escape_sql($model, $conn);
$items = Software::get_versions_by_cpe($conn, $model, TRUE);
}
$response['error'] = FALSE;
$response['data']['items'] = $items;
return $response;
}
示例6: get_records
/**
* @param $sql
* @param array $values
* @return array|bool
*/
function get_records($sql, $values = array())
{
$connection = connect();
if ($connection === FALSE) {
return FALSE;
}
$escaped_sql = escape_sql($connection, $sql, $values);
$arr = array();
$result = mysqli_query($connection, $escaped_sql);
if ($result === FALSE) {
return FALSE;
}
while ($obj = mysqli_fetch_assoc($result)) {
$arr[] = $obj;
}
mysqli_close($connection);
return $arr;
}
示例7: plugin_list
function plugin_list($conn, $page, $search)
{
$filters = array();
$filters['limit'] = get_query_limits($page);
if ($search != '') {
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$filters['where'] = " (plugin.name LIKE '%{$search}%' OR plugin.description LIKE '%{$search}%')";
}
try {
list($plugins, $total) = Asset_host_scan::get_all_plugins($conn, '', $filters, TRUE);
} catch (Exception $e) {
$return['error'] = TRUE;
$return['msg'] = $e->getMessage();
return $return;
}
if ($total > 0) {
$selected = get_selected_values(25);
}
$list = array();
// Special filter "No Plugin Enabled" PID = 0
if (count($plugins) > 0 && $search == '') {
$_chk = $selected[0] != '' ? TRUE : FALSE;
$_plugin = array('id' => 0, 'name' => _('No Plugin Enabled'), 'class' => 'italic exclusive', 'checked' => $_chk);
$list[] = $_plugin;
}
//Going through the list to format the elements properly:
foreach ($plugins as $p_id => $p_data) {
$_chk = $selected[$p_id] != '' ? TRUE : FALSE;
$_plugin = array('id' => $p_id, 'name' => ucwords($p_data['name']), 'title' => $p_data['description'], 'checked' => $_chk);
$list[] = $_plugin;
}
$data['total'] = intval($total);
$data['list'] = $list;
$return['error'] = FALSE;
$return['data'] = $data;
return $return;
}
示例8: sprintf
$class_name = $asset_types[$_POST['asset_type']];
// Check Asset Permission
if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) {
$error = sprintf(_('Error! %s is not allowed'), ucwords($asset_type));
Av_exception::throw_error(Av_exception::USER_ERROR, $error);
}
$asset_object = $class_name::get_object($conn, $asset_id);
if (array_key_exists($order, $orders_by_columns)) {
$order = $orders_by_columns[$order];
} else {
$order = "lr.risk";
}
// Property filter
$filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
if ($search_str != '') {
$search_str = escape_sql($search_str, $conn);
$filters['where'] = 'p.name LIKE "%' . $search_str . '%"';
}
list($vulns, $total) = $asset_object->get_vulnerabilities($conn, '', $filters);
} else {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error retrieving information'));
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
// DATA
$data = array();
foreach ($vulns as $_asset_id => $asset_vulns) {
$_host_aux = Asset_host::get_object($conn, $_asset_id);
foreach ($asset_vulns as $vuln) {
示例9: session_write_close
require_once 'av_init.php';
Session::logcheck("environment-menu", "PolicyHosts");
// Close session write for real background loading
session_write_close();
$asset_id = GET('asset_id');
$service = GET('service');
$port = GET('port');
ossim_valid($asset_id, OSS_HEX, 'illegal: ' . _('Asset ID'));
ossim_valid($service, OSS_ALPHA, OSS_PUNC_EXT, 'illegal: ' . _('Service name'));
ossim_valid($port, OSS_DIGIT, 'illegal: ' . _('Port number'));
if (ossim_error()) {
throw new Exception(ossim_get_error_clean());
}
$db = new ossim_db();
$conn = $db->connect();
$filters = array('where' => "h.id = UNHEX('{$asset_id}') AND host_services.port = {$port} AND host_services.service = '" . escape_sql($service, $conn) . "'");
$_list_data = Asset_host_services::get_list($conn, $filters);
$services = $_list_data[0];
if (empty($services[$asset_id][0])) {
$db->close();
throw new Exception(_('Service not found'));
}
$service_data = $services[$asset_id][0];
$_host_aux = Asset_host::get_object($conn, $asset_id);
$_ips_aux = array_keys($_host_aux->get_ips()->get_ips());
$_ctx_aux = $_host_aux->get_ctx();
$vulns = Asset_host_services::get_vulns_by_service($conn, $_ips_aux, $_ctx_aux, $service, $port);
// Not matching with software_cpe, but cpe found in version field
if ($service_data['cpe'] == '' && preg_match('/cpe\\:/', $service_data['version'])) {
$service_data['cpe'] = $service_data['version'];
$service_data['version'] = '';
示例10: POST
$selection_type = POST('selection_type');
$selection_filter = POST('selection_filter');
$s_list = POST('items');
$db = new ossim_db();
$conn = $db->connect();
if ($selection_type == 'filter') {
if (empty($selection_filter)) {
$toggle_all = TRUE;
} else {
ossim_valid($selection_filter, OSS_INPUT, 'illegal: ' . _('Selection filter'));
if (ossim_error()) {
$db->close();
Util::response_bad_request(ossim_get_error_clean());
}
//Getting properties
$selection_filter = escape_sql($selection_filter, $conn);
//Create asset object
$asset_host = new Asset_host($conn, $asset_id);
$filters = array('where' => 'AND service LIKE "%' . $selection_filter . '%"');
list($s_list, ) = $asset_host->get_services($conn, $filters);
}
}
$data['status'] = 'success';
$data['data'] = _('Your changes have been saved');
if ($toggle_all == TRUE) {
if (!valid_hex32($asset_id)) {
$db->close();
Util::response_bad_request(_('Error! Asset ID not allowed. Your changes could not be saved'));
} else {
try {
Asset_host_services::toggle_nagios($conn, $asset_id, $nagios);
示例11: service_list
function service_list($conn, $page, $search)
{
$return['error'] = TRUE;
$return['msg'] = '';
$filters = array();
$filters['limit'] = get_query_limits($page);
$filters['order_by'] = 'port';
if ($search != '') {
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$filters['where'] = " (s.port LIKE '%{$search}%' OR p.name LIKE '%{$search}%' OR s.service LIKE '%{$search}%') ";
}
try {
list($services, $total) = Asset_host_services::get_services_available($conn, $filters, TRUE);
} catch (Exception $e) {
$return['error'] = TRUE;
$return['msg'] = $e->getMessage();
return $return;
}
if ($total > 0) {
$selected = get_selected_values(10);
}
$list = array();
//Going through the list to format the elements properly:
foreach ($services as $service) {
$_serv = array();
$id = $service['port'] . ';' . $service['protocol'] . ';' . $service['service'];
$md5 = md5($id);
$name = $service['port'] . '/' . $service['prot_name'] . ' (' . $service['service'] . ')';
$_chk = $selected[$md5] != '' ? TRUE : FALSE;
$_serv = array('id' => $id, 'name' => Util::utf8_encode2($name), 'checked' => $_chk);
$list[$md5] = $_serv;
}
$data['total'] = intval($total);
$data['list'] = $list;
$return['error'] = FALSE;
$return['data'] = $data;
return $return;
}
示例12: elseif
</div>
<?php
}
} elseif ($rule->category) {
// Can not redeclare class Category. Must do queries...
$query = "SELECT name FROM category WHERE id = " . $rule->category;
$rs = $conn->Execute($query);
if (!$rs) {
echo "<i>" . _("Category Unknown") . "</i>";
} else {
if (!$rs->EOF) {
echo _("Category") . ": <strong>" . $rs->fields['name'] . "</strong>";
}
}
if ($rule->subcategory) {
$p_subc = escape_sql($rule->subcategory, $conn);
$query = "SELECT name FROM subcategory WHERE cat_id=" . intval($rule->category) . " AND id IN({$p_subc})";
$rs = $conn->Execute($query);
if (!$rs) {
echo "/<i>" . _("SubCategory Unknown") . "</i>";
} else {
$subcat = array();
while (!$rs->EOF) {
$subcat[] = $rs->fields['name'];
$rs->MoveNext();
}
echo "/<strong>" . implode(', ', $subcat) . "</strong>";
}
}
}
?>
示例13: search
function search($page, $kw, $cve, $family, $risk, $start_date, $end_date)
{
global $dbconn;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$Limit = 20;
$risks = array("7" => _("Info"), "6" => _("Low"), "3" => _("Medium"), "2" => _("High"), "1" => _("Serious"));
$query = "SELECT name FROM vuln_nessus_family WHERE id={$family}";
$result = $dbconn->execute($query);
list($family_name) = $result->fields;
if ($kw == "") {
$txt_kw = "All";
} else {
$txt_kw = $kw;
}
if ($cve == "") {
$txt_cve = "All";
} else {
$txt_cve = $cve;
}
if ($family_name == "") {
$txt_family = "All";
} else {
$txt_family = $family_name;
}
if ($risk == "") {
$txt_risk = "All";
} else {
$txt_risk = $risks[$risk];
}
if ($start_date == "") {
$txt_start_date = "All";
} else {
$txt_start_date = $start_date;
}
if ($end_date == "") {
$txt_end_date = "All";
} else {
$txt_end_date = $end_date;
}
echo '
<table style="margin-top:10px;" class="t_width noborder">
<tr>
<td class="table_header">
<div class="c_back_button">
<input type="button" class="av_b_back" onclick="document.location.href=\'threats-db.php?start_date=' . urlencode($start_date) . '&end_date=' . urlencode($end_date) . '&kw=' . urlencode($kw) . '&risk=' . urlencode($risk) . '&scve=' . urlencode($cve) . '\';return false;"/>
</div>
<div class="sec_title">
' . _("Search results for this criteria") . '
</div>
</td>
</tr>
</table>
<table cellpadding="0" cellspacing="0" class="transparent" align="center" width="100%">
<tr><th>' . gettext("Start Date") . '</th><th>' . gettext("End Date") . '</th><th>' . gettext("Keywords") . '</th><th>' . gettext("CVE Id") . '</th><th>' . gettext("Family") . '</th><th>' . gettext("Risk Factor") . '</th></tr>
<tr>
<td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_start_date) . '</td>
<td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_end_date) . '</td>
<td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_kw) . '</td>
<td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_cve) . '</td>
<td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_family) . '</td>
<td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_risk) . '</td>
</tr>
</table>
<br>
<table class="table_list">
';
$query_filter = "WHERE 1=1 ";
if ($kw != "") {
$skw = escape_sql($kw, $dbconn);
$query_filter .= "AND ( t1.summary LIKE '%{$skw}%' OR t1.cve_id LIKE '%{$skw}%' OR t2.name LIKE '%{$skw}%' OR CONCAT(t2.name, ' - ', t1.summary) LIKE '%{$skw}%' )";
}
if ($cve != "") {
$cve2 = preg_replace("/cve-/i", "CVE ", $cve);
$query_filter .= "AND ( t1.cve_id LIKE '%{$cve}%' OR t1.cve_id LIKE '%{$cve2}%')";
}
if ($family != "") {
$query_filter .= "AND t1.family = '{$family}'";
}
if ($risk != "") {
$query_filter .= "AND t1.risk = '{$risk}'";
}
if ($start_date != "") {
$query_filter .= " AND CONVERT(t1.created,UNSIGNED) >= " . str_replace("-", "", $start_date) . "000000";
}
if ($end_date != "") {
$query_filter .= " AND CONVERT(t1.created,UNSIGNED) <= " . str_replace("-", "", $end_date) . "235959";
}
$query_filter = ltrim($query_filter, "AND ");
if ($query_filter == "") {
$query_filter = "1";
}
if (!preg_match("/t2/", $query_filter)) {
$query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 {$query_filter}";
} else {
$query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 LEFT JOIN vuln_nessus_family t2 ON t1.family = t2.id {$query_filter}";
}
$result = $dbconn->execute($query);
list($numrec) = $result->fields;
//.........这里部分代码省略.........
示例14: strtolower
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("analysis-menu", "ControlPanelAlarms");
$q = strtolower(GET("q"));
ossim_valid($q, OSS_TEXT, 'illegal:' . _("Query"));
// Empty results when error in validation
if (ossim_error()) {
exit;
}
$db = new ossim_db();
$conn = $db->connect();
$q = escape_sql($q, $conn);
$sql = "SELECT DISTINCT sid, plugin_id, name FROM plugin_sid WHERE lower(name) LIKE '%{$q}%';";
if (!($rs = $conn->Execute($sql))) {
Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
} else {
while (!$rs->EOF) {
echo $rs->fields["plugin_id"] . "-" . $rs->fields["sid"] . "###" . $rs->fields["name"] . "\n";
$rs->MoveNext();
}
}
示例15: ossim_valid
ossim_valid($asset_filter, OSS_NULLABLE, OSS_NOECHARS, OSS_ALPHA, OSS_SCORE, OSS_PUNC, '()', 'illegal:' . _('Asset filter'));
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID'));
if (!ossim_error()) {
$_assets = array();
$db = new ossim_db();
$conn = $db->connect();
$q_where = "hsr.host_id = host.id AND hsr.sensor_id=UNHEX('{$sensor_id}')\n AND NOT exists (select 1 FROM hids_agents ha WHERE ha.host_id = host.id)";
if (!empty($asset_filter)) {
$pos = strpos($asset_filter, ' ');
if ($pos === FALSE) {
$asset_filter = escape_sql($asset_filter, $conn, TRUE);
$asset_name = $asset_filter;
$asset_ip = $asset_filter;
$q_where .= " AND (host.hostname LIKE '%{$asset_name}%' OR INET6_NTOA(hi.ip) LIKE '%{$asset_ip}%')";
} else {
$aux_asset_filter = explode(' ', $asset_filter, 2);
$asset_name = $aux_asset_filter[0];
$asset_ip = str_replace(array('(', ')'), '', $aux_asset_filter[1]);
$asset_name = escape_sql($asset_name, $conn, TRUE);
$asset_ip = escape_sql($asset_ip, $conn, TRUE);
$q_where .= " AND (host.hostname LIKE '%{$asset_name}%' AND INET6_NTOA(hi.ip) LIKE '%{$asset_ip}%')";
}
}
$q_filters = array('where' => $q_where, 'limit' => 20);
$_assets = Asset_host::get_list_tree($conn, ', host_sensor_reference hsr', $q_filters);
$db->close();
$assets = array();
foreach ($_assets as $asset_id => $asset_data) {
echo $asset_id . '###' . $asset_data[2] . '###' . $asset_data[3] . '###' . $asset_data[3] . ' (' . $asset_data[2] . ")\n";
}
}