本文整理汇总了PHP中escape_string函数的典型用法代码示例。如果您正苦于以下问题:PHP escape_string函数的具体用法?PHP escape_string怎么用?PHP escape_string使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了escape_string函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: identify_function
function identify_function()
{
global $func;
if (isset($_GET['func'])) {
$func = escape_string($_GET['func']);
}
}示例2: db_update_form
function db_update_form($table_name)
{
global $conn;
$query = "UPDATE {$table_name} SET ";
$comma = "";
$temp = " WHERE ";
$where = "";
foreach ($_POST as $key => $value) {
$prefix = substr($key, 0, 5);
//die($prefix);
switch ($prefix) {
// with update field
case DB_UPDATE_PREFIX:
$field = substr($key, 5);
$query .= $comma . "{$field} = '" . escape_string($value) . "'";
$comma = ", ";
break;
// with where field
// with where field
case DB_WHERE_PREFIX:
$field = $field = substr($key, 5);
$where .= $temp . "{$field} = '" . escape_string($value) . "' ";
$temp = " AND ";
break;
}
}
mysqli_query($conn, $query);
}示例3: dumpTable
function dumpTable($table, $style, $is_view = false)
{
if ($_POST["format"] == "sql_alter") {
$create = create_sql($table, $_POST["auto_increment"]);
if ($is_view) {
echo substr_replace($create, " OR REPLACE", 6, 0) . ";\n\n";
} else {
echo substr_replace($create, " IF NOT EXISTS", 12, 0) . ";\n\n";
// create procedure which iterates over original columns and adds new and removes old
$query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = " . q($table) . " ORDER BY ORDINAL_POSITION";
echo "DELIMITER ;;\nCREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN\n\tDECLARE _column_name, _collation_name, after varchar(64) DEFAULT '';\n\tDECLARE _column_type, _column_default text;\n\tDECLARE _is_nullable char(3);\n\tDECLARE _extra varchar(30);\n\tDECLARE _column_comment varchar(255);\n\tDECLARE done, set_after bool DEFAULT 0;\n\tDECLARE add_columns text DEFAULT '";
$fields = array();
$after = "";
foreach (get_rows($query) as $row) {
$default = $row["COLUMN_DEFAULT"];
$row["default"] = $default !== null ? q($default) : "NULL";
$row["after"] = q($after);
//! rgt AFTER lft, lft AFTER id doesn't work
$row["alter"] = escape_string(idf_escape($row["COLUMN_NAME"]) . " {$row['COLUMN_TYPE']}" . ($row["COLLATION_NAME"] ? " COLLATE {$row['COLLATION_NAME']}" : "") . ($default !== null ? " DEFAULT " . ($default == "CURRENT_TIMESTAMP" ? $default : $row["default"]) : "") . ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL") . ($row["EXTRA"] ? " {$row['EXTRA']}" : "") . ($row["COLUMN_COMMENT"] ? " COMMENT " . q($row["COLUMN_COMMENT"]) : "") . ($after ? " AFTER " . idf_escape($after) : " FIRST"));
echo ", ADD {$row['alter']}";
$fields[] = $row;
$after = $row["COLUMN_NAME"];
}
echo "';\n\tDECLARE columns CURSOR FOR {$query};\n\tDECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1;\n\tSET @alter_table = '';\n\tOPEN columns;\n\tREPEAT\n\t\tFETCH columns INTO _column_name, _column_default, _is_nullable, _collation_name, _column_type, _extra, _column_comment;\n\t\tIF NOT done THEN\n\t\t\tSET set_after = 1;\n\t\t\tCASE _column_name";
foreach ($fields as $row) {
echo "\n\t\t\t\tWHEN " . q($row["COLUMN_NAME"]) . " THEN\n\t\t\t\t\tSET add_columns = REPLACE(add_columns, ', ADD {$row['alter']}', IF(\n\t\t\t\t\t\t_column_default <=> {$row['default']} AND _is_nullable = '{$row['IS_NULLABLE']}' AND _collation_name <=> " . (isset($row["COLLATION_NAME"]) ? "'{$row['COLLATION_NAME']}'" : "NULL") . " AND _column_type = " . q($row["COLUMN_TYPE"]) . " AND _extra = '{$row['EXTRA']}' AND _column_comment = " . q($row["COLUMN_COMMENT"]) . " AND after = {$row['after']}\n\t\t\t\t\t, '', ', MODIFY {$row['alter']}'));";
//! don't replace in comment
}
echo "\n\t\t\t\tELSE\n\t\t\t\t\tSET @alter_table = CONCAT(@alter_table, ', DROP ', '`', REPLACE(_column_name, '`', '``'), '`');\n\t\t\t\t\tSET set_after = 0;\n\t\t\tEND CASE;\n\t\t\tIF set_after THEN\n\t\t\t\tSET after = _column_name;\n\t\t\tEND IF;\n\t\tEND IF;\n\tUNTIL done END REPEAT;\n\tCLOSE columns;\n\tIF @alter_table != '' OR add_columns != '' THEN\n\t\tSET alter_command = CONCAT(alter_command, 'ALTER TABLE " . adminer_table($table) . "', SUBSTR(CONCAT(add_columns, @alter_table), 2), ';\\n');\n\tEND IF;\nEND;;\nDELIMITER ;\nCALL adminer_alter(@adminer_alter);\nDROP PROCEDURE adminer_alter;\n\n";
//! indexes
}
return true;
}
}示例4: request
function request($param)
{
if (isset($_REQUEST[$param])) {
$value = $_REQUEST[$param];
$value = escape_string($value);
} else {
return null;
}
}示例5: PrepareQuery
function PrepareQuery($Query, $Args, $PreNum)
{
$result = '';
$sql_stains = explode('?', $Query);
for ($i = $PreNum; $i < count($Args); $i++) {
$result .= array_shift($sql_stains) . (is_null($Args[$i]) || $Args[$i] === false ? 'NULL' : '\'' . escape_string($Args[$i]) . '\'');
}
$result .= array_shift($sql_stains);
// echo "<code>MySQLQuery: <b>$result</b></code><br>";
return $result;
}示例6: cart
function cart()
{
$total = 0;
$item_quantity = 0;
$item_name = 1;
$item_number = 1;
$amount = 1;
$quantity = 1;
foreach ($_SESSION as $name => $value) {
if ($value > 0) {
if (substr($name, 0, 8) == "product_") {
$length = strlen($name - 8);
$id = substr($name, 8, $length);
$query = query("SELECT * FROM products WHERE product_id = " . escape_string($id) . " ");
confirm($query);
while ($row = fetch_array($query)) {
$sub = $row['product_price'] * $value;
$item_quantity += $value;
$product = <<<DELIMETER
<tr>
<td>{$row['product_title']}</td>
<td>${$row['product_price']}</td>
<td>{$value}</td>
<td>${$sub}</td>
<td>
<a class='btn btn-warning' href="cart.php?remove={$row['product_id']}"><span class='glyphicon glyphicon-minus'></span></a>
<a class='btn btn-success' href="cart.php?add={$row['product_id']}"><span class='glyphicon glyphicon-plus'></span></a>
<a class='btn btn-danger' href="cart.php?delete={$row['product_id']}"><span class='glyphicon glyphicon-remove'></span></a>
</td>
</tr>
<input type="hidden" name="item_name_{$item_name}" value="{$row['product_title']}">
<input type="hidden" name="item_number_{$item_number}" value="{$row['product_id']}">
<input type="hidden" name="amount_{$amount}" value="{$row['product_price']}">
<input type="hidden" name="quantity_{$quantity}" value="{$row['product_quantity']}">
DELIMETER;
echo $product;
$total = 0;
$item_quantity = 0;
$item_name++;
$item_number++;
$amount++;
$quantity++;
}
$_SESSION['item_total'] = $total += $sub;
$_SESSION['item_quantity'] = $item_quantity;
}
}
}
}示例7: login_user
function login_user()
{
if (isset($_POST['submit'])) {
$username = escape_string($_POST['username']);
$password = escape_string($_POST['password']);
$query = query("SELECT * FROM user WHERE username = '{$username}' AND password = '{$password}'");
confirm($query);
if (mysqli_num_rows($query) == 0) {
set_message("Contrasena y usuario no es valida.");
redirect("index.php");
} else {
redirect("public/main.php");
}
}
}示例8: add_news_item
/**
* adds a news item for class $class, with subject $subject and body $body
*/
function add_news_item($class, $subject, $body)
{
$class = escape_string($class);
// class id should be numeric
if (is_numeric($class) != "true") {
cust_die("Class field was not submitted in the correct way.");
}
$subject = escape_string($subject);
// subject can only be 75 characters long
if (strlen($subject) > 75) {
substr($subject, 0, 75);
print "The subject field was too long, so it was shortened to 75 characters.";
}
// the body field uses a blob, so it doesn't matter how long it is
$body = escape_string($body);
$timestamp = time();
$insert = "INSERT INTO `news` (`class`, `timestamp`, `subject`, `body`) VALUES ('{$class}', '{$timestamp}', '{$subject}', '{$body}')";
connect_sql();
@query($insert) or die("Error adding the news item.");
disconnect_sql();
}示例9: query
/**
* Query the database.
*
* @param type $template
* @param type $params
*/
public function query($template, $params = null)
{
// Prefix around?
if ($this->tablePrefix) {
$template = str_replace("}", "", str_replace("{", $this->tablePrefix, $template));
}
// Set params into the SQL template
if ($params != null) {
foreach ($params as $ref => $value) {
$value = escape_string($value);
if (gettype($value) == "string") {
$value = "'" . $value . "'";
}
$template = str_replace($ref, $value, $template);
}
}
// Perform
$result = $this->db - query($template);
if (!$result) {
throw new SQLException("SQL: " . $template . "\nError: " . $this->db->error);
}
}示例10: processRequestArguments
function processRequestArguments()
{
//20151019, standard V3.
$testing = false;
if ($testing) {
echo "Input arguments: <br>";
}
$values = array();
//Change $_REQUEST to $_POST or $_GET when needed.
foreach ($_REQUEST as $key => $value) {
//Add filtering and processing rules here.
switch ($key) {
default:
$value = escape_string($value);
//Simply do the escaping.
}
$values[$key] = $value;
if ($testing) {
echo "\t{$key} => {$value}<br>";
}
}
return $values;
}示例11: pacrypt
function pacrypt($pw, $pw_db = "")
{
$ci =& get_instance();
$pw = stripslashes($pw);
$password = "";
$salt = "";
if ($ci->config->item('encrypt') == 'md5crypt') {
$split_salt = preg_split('/\\$/', $pw_db);
if (isset($split_salt[2])) {
$salt = $split_salt[2];
}
$password = md5crypt($pw, $salt);
} elseif ($ci->config->item('encrypt') == 'md5') {
$password = md5($pw);
} elseif ($ci->config->item('encrypt') == 'system') {
if ($pw_db) {
$password = crypt($pw, $pw_db);
} else {
$password = crypt($pw);
}
} elseif ($ci->config->item('encrypt') == 'cleartext') {
$password = $pw;
} elseif ($ci->config->item('encrypt') == 'mysql_encrypt') {
$pw = escape_string($pw);
if ($pw_db != "") {
$salt = escape_string(substr($pw_db, 0, 2));
$res = db_query("SELECT ENCRYPT('" . $pw . "','" . $salt . "');");
} else {
$res = db_query("SELECT ENCRYPT('" . $pw . "');");
}
$l = db_row($res["result"]);
$password = $l[0];
} else {
show_error('unknown/invalid encrypt settings for pacrypt setting: ' . $ci->config->item("encrypt"));
}
return $password;
}示例12: login
function login($con, $name, $passwd)
{
global $environmentpolicytoken;
//入力内容確認
if (mb_ereg('[^0-9a-zA-Z]', $name) || mb_ereg('[^0-9a-zA-Z]', $passwd)) {
//print "エラー処理\n";
//print "<!-- DEBUG name/passwd format error-->";
redirectlogin();
} else {
//print "正常処理\n";
//db検索
escape_string($name);
escape_string($passwd);
$query = "\n\t\t\tSELECT memberid, userclass, name, passwd1\n\t\t\tFROM foltia_envpolicy\n\t\t\tWHERE foltia_envpolicy.name = '{$name}'\n\t\t\t";
$useraccount = m_query($con, $query, "DBクエリに失敗しました");
$rowdata = $useraccount->fetch();
if (!$rowdata) {
header("HTTP/1.0 401 Unauthorized");
redirectlogin();
}
$memberid = $rowdata[0];
$userclass = $rowdata[1];
$username = $rowdata[2];
$dbpasswd = $rowdata[3];
$rowdata = $useraccount->fetch();
if ($rowdata) {
header("HTTP/1.0 401 Unauthorized");
redirectlogin();
}
// passwdをdbから取りだし
if ($userclass == 0) {
$dbpasswd = "{$dbpasswd}";
} else {
// db passwdとトークンを連結し
$dbpasswd = "{$dbpasswd}" . "{$environmentpolicytoken}";
}
//それが入力と一致すれば認証
if ($passwd == $dbpasswd) {
//print "認証成功<br>$dbpasswd $passwd\n";
} else {
//print "認証失敗<br>$dbpasswd $passwd\n";
header("HTTP/1.0 401 Unauthorized");
//print "<!-- DEBUG passwd unmatch error>";
redirectlogin();
}
}
//end if mb_ereg
}示例13: elseif
}
if (!isset($number)) {
$number = 2;
} elseif ($number > JP_AUTHORS) {
$number = JP_AUTHORS;
}
if (isset($_POST['action_x'])) {
$jpnumber = $_POST['jpNumber'];
for ($n = 1; $n <= $jpnumber; $n++) {
$authors[] = $_POST['author' . $n];
}
/* make a string of the authors */
$postAuthors = implode(',', $authors);
$insert = "INSERT INTO sms_posts (postAuthor, postTitle, postLocation, postTimeline, postContent, postPosted, postMission, ";
$insert .= "postStatus, postTag) VALUES (%s, %s, %s, %s, %s, UNIX_TIMESTAMP(), %d, %s, %s)";
$query = sprintf($insert, escape_string($postAuthors), escape_string($_POST['postTitle']), escape_string($_POST['postLocation']), escape_string($_POST['postTimeline']), escape_string($_POST['postContent']), escape_string($_POST['postMission']), escape_string('activated'), escape_string($_POST['postTag']));
$result = mysql_query($query);
for ($i = 1; $i <= $number; $i++) {
/* set the author var */
$author = $_POST['author' . $i];
if (!is_numeric($author)) {
$author = NULL;
}
/* update the player's last post timestamp */
$updateTimestamp = "UPDATE sms_crew SET lastPost = UNIX_TIMESTAMP() WHERE crewid = {$author} LIMIT 1";
$updateTimestampResult = mysql_query($updateTimestamp);
}
/* optimize the crew table */
optimizeSQLTable("sms_crew");
optimizeSQLTable("sms_posts");
/* if the user wants to send the email out, do it */示例14: query
<?php
require '../../../../core/init.php';
if (isset($_GET['id'])) {
$query = query("DELETE FROM categories WHERE cat_id = " . escape_string($_GET['id']) . " ");
confirm($query);
set_message("Category Deleted");
redirect("/admin?categories");
} else {
redirect("/admin?categories");
}示例15: set_away
/**
* @param string $subject
* @param string $body
* @param string $interval_time
* @param date $activeFrom
* @param date $activeUntil
*/
function set_away($subject, $body, $interval_time, $activeFrom, $activeUntil)
{
$this->remove();
// clean out any notifications that might already have been sent.
$E_username = escape_string($this->username);
$activeFrom = date("Y-m-d 00:00:00", strtotime($activeFrom));
# TODO check if result looks like a valid date
$activeUntil = date("Y-m-d 23:59:59", strtotime($activeUntil));
# TODO check if result looks like a valid date
list(, $domain) = explode('@', $this->username);
$vacation_data = array('email' => $this->username, 'domain' => $domain, 'subject' => $subject, 'body' => $body, 'interval_time' => $interval_time, 'active' => db_get_boolean(true), 'activefrom' => $activeFrom, 'activeuntil' => $activeUntil);
// is there an entry in the vacaton table for the user, or do we need to insert?
$table_vacation = table_by_key('vacation');
$result = db_query("SELECT * FROM {$table_vacation} WHERE email = '{$E_username}'");
if ($result['rows'] == 1) {
$result = db_update('vacation', 'email', $this->username, $vacation_data);
} else {
$result = db_insert('vacation', $vacation_data);
}
# TODO error check
# TODO wrap whole function in db_begin / db_commit (or rollback)?
return $this->updateAlias(1);
}