本文整理汇总了PHP中mysql_escape_string函数的典型用法代码示例。如果您正苦于以下问题:PHP mysql_escape_string函数的具体用法?PHP mysql_escape_string怎么用?PHP mysql_escape_string使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了mysql_escape_string函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: getFileContent
function getFileContent($m)
{
global $xmlrpcerruser;
global $xmlrpcString;
$file_name = $m->getParam(0);
$file_path = $m->getParam(1);
$file_name = $file_name->scalarval();
$file_path = $file_path->scalarval();
$sql = "SELECT * FROM `" . DB_PREFIX . DB_TBL_FILES . "` WHERE \n\t\t`name` = '" . mysql_escape_string($file_name) . "' AND \n\t\t`path` = '" . mysql_escape_string($file_path) . "'";
$sql = mysql_query($sql);
if (false == $sql) {
dbg();
my_die();
}
$aList = array();
while ($row = mysql_fetch_assoc($sql)) {
$aList[] = $row;
}
if (empty($aList)) {
return new xmlrpcresp(0, $xmlrpcerruser, 'file not exist');
}
$aList = current($aList);
if (!defined($aList['path'])) {
return new xmlrpcresp(0, $xmlrpcerruser, 'file path not correct (remote error)');
}
$response = saferead(constant($aList['path']) . '/' . $aList['name']);
// Возвращаем
$response = base64_encode($response);
return new xmlrpcresp(new xmlrpcval($response), $xmlrpcString);
}示例2: escape
function escape($string) {
return addslashes( $string ); // Disable rest for now, causing problems
if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' )
return mysql_escape_string( $string );
else
return mysql_real_escape_string( $string, $this->dbh );
}示例3: ViewLog
function ViewLog()
{
global $db_host, $db_user, $db_pass, $db_name;
global $total, $page, $size, $view_size;
global $client_count_info, $client_from_info, $client_where_info, $client_select_info, $client_order_info;
$page = intval($_GET["page"]);
$role = $_GET["role"];
$Conn = mysql_connect($db_host, $db_user, $db_pass);
mysql_query("SET NAMES 'GBK'");
mysql_select_db($db_name, $Conn);
$role = mysql_escape_string($role);
$qs = "{$client_count_info} {$client_from_info} {$client_where_info} and clc.role_name = '{$role}'";
$result = mysql_query($qs);
$row = mysql_fetch_row($result);
$total = intval($row[0]);
$b = $page * $size - $size;
$e = $size;
printf("<p>查询条件是角色名: <b>{$role}</b><p>");
$qs = "{$client_select_info} {$client_from_info} {$client_where_info} and clc.role_name = '{$role}' {$client_order_info} limit {$b}, {$e}";
$result = mysql_query($qs);
$content = array();
while ($row = mysql_fetch_row($result)) {
$content[count($content)] = $row;
}
printf(GetClientLogHTML($content));
}示例4: searchArticles
/**
* Функція для пошуку інформації про користувачів
*
* @param array $data Дані для пошуку (шуканий текст)
*/
public function searchArticles($data)
{
/*
* Оберігаю дані
*/
$text = strip_tags($data);
$text = mysql_escape_string($text);
/*
* Лайки-шукачі інформації)
*/
$where = "`text` LIKE '%{$text}%' OR `href` LIKE '%{$text}%' OR `en_text` LIKE '%{$text}%'";
$u = $this->db->select('bio_gr_articles', '*', $where);
/** Перевірка присутності результатів * */
/*
* Результати відсутні - виводимо відповідне повідомлення
*/
if ($this->db->getCount() == 0) {
print '<div class="alert alert-danger"><span class="glyphicon glyphicon-remove-circle"></span> За даним запитом не знайдено нічого</div>';
} else {
$users = '<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">';
$users .= '<ul class="list-group">';
for ($i = 0; $i < sizeof($u); $i++) {
$users .= '<li class="list-group-item">';
$users .= '' . $u[$i]['text'] . '<a href="' . $u[$i]['href'] . '">Link</a>';
$users .= '</li>';
}
$users .= '</ul>';
$users .= '</div>';
print $users;
}
}示例5: modul
function modul($posisi)
{
global $koneksi_db, $STYLE_INCLUDE, $SCRIPT_INCLUDE;
$total = 0;
$numb = 0;
if (isset($_GET['pilih'])) {
$pilih = mysql_escape_string(strip_tags($_GET['pilih']));
$numb = mysql_num_rows(mysql_query("SELECT `id` FROM `actions` WHERE `modul` = '{$pilih}'"));
$modulku = mysql_query("SELECT * FROM `actions` LEFT JOIN `modul` ON (`modul`.`id` = `actions`.`modul_id`) WHERE `actions`.`modul` = '{$pilih}' AND `actions`.`posisi` = '{$posisi}' ORDER BY `actions`.`order`");
$total = mysql_num_rows($modulku);
while ($viewmoduls = mysql_fetch_assoc($modulku)) {
if (file_exists($viewmoduls['isi']) && $viewmoduls['type'] == 'module') {
include $viewmoduls['isi'];
kotakjudul($viewmoduls['modul'], @$out, '');
$out = '';
}
if ($viewmoduls['type'] == 'block') {
kotakjudul($viewmoduls['modul'], $viewmoduls['isi'], '');
}
}
}
if ($total == 0 && $numb == 0) {
$modulku = $koneksi_db->sql_query("SELECT * FROM modul WHERE published= 1 AND posisi= '{$posisi}' ORDER BY ordering");
while ($viewmodul = $koneksi_db->sql_fetchrow($modulku)) {
if (file_exists($viewmodul['isi']) && $viewmodul['type'] == 'module') {
include $viewmodul['isi'];
kotakjudul($viewmodul['modul'], @$out, '');
$out = '';
}
if ($viewmodul['type'] == 'block') {
kotakjudul($viewmodul['modul'], $viewmodul['isi'], '');
}
}
}
}示例6: login
function login()
{
global $dbsettings;
$link = opendb();
if (isset($_POST["submit"])) {
$query = doquery("SELECT * FROM {{table}} WHERE username='" . mysql_escape_string($_POST["username"]) . "' AND password='" . md5($_POST["password"]) . "' LIMIT 1", "users");
if (mysql_num_rows($query) != 1) {
die("Invalid username or password. Please go back and try again.");
}
$row = mysql_fetch_array($query);
if (isset($_POST["rememberme"])) {
$expiretime = time() + 31536000;
$rememberme = 1;
} else {
$expiretime = 0;
$rememberme = 0;
}
$cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme;
setcookie("dkgame", $cookie, $expiretime, "/", "", 0);
header("Location: index.php");
die;
}
$page = gettemplate("login");
$title = "Log In";
display($page, $title, false, false, false, false);
}示例7: clean
function clean($n)
{
$n = htmlentities($n);
$n = htmlspecialchars($n);
$n = mysql_escape_string($n);
return $n;
}示例8: saveProtype
public function saveProtype($dataForm, $ptyleId = "")
{
global $mySession;
$db = new Db();
$data_update['ptyle_name'] = $dataForm['ptyle_name'];
if ($ptyleId == "") {
$chkQry = $db->runQuery("select * from " . PROPERTYTYPE . " where ptyle_name='" . mysql_escape_string(trim($dataForm['ptyle_name'])) . "'");
if ($chkQry != "" and count($chkQry) > 0) {
//if Property Type Name is exists than return false / 0
// No Data Inserted
return 0;
} else {
# If Property Type Name Not Already Exista.
# Insert New Record Into Database
$db->save(PROPERTYTYPE, $data_update);
return 1;
}
} else {
$chkQry = $db->runQuery("select * from " . PROPERTYTYPE . " where ptyle_name='" . mysql_escape_string(trim($dataForm['ptyle_name'])) . "' and ptyle_id!=" . $ptyleId);
if ($chkQry != "" and count($chkQry) > 0) {
return 0;
} else {
$condition = 'ptyle_id=' . $ptyleId;
$result = $db->modify(PROPERTYTYPE, $data_update, $condition);
return 1;
}
}
}示例9: article_inp
function article_inp($data)
{
$date = date('Y-m-d H:i:s');
$datetime = array();
if (!empty($data['postdate'])) {
$data['postdate'] = date("Y-m-d H:i:s", strtotime($data['postdate']));
} else {
$data['postdate'] = $date;
}
if (!empty($data['expired_date'])) {
$data['expired_date'] = date("Y-m-d H:i:s", strtotime($data['expired_date']));
} else {
$data['expired_date'] = '0000-00-00';
}
$data['title'] = mysql_escape_string($data['title']);
$data['brief'] = mysql_escape_string($data['brief']);
$data['content'] = mysql_escape_string($data['content']);
if ($data['action'] == 'insert') {
$query = "INSERT INTO \n\t\t\t\t\t\t{$this->prefix}_news_content (title,brief,content,image,file,categoryid,articletype,\n\t\t\t\t\t\t\t\t\t\t\t\tcreated_date,posted_date,expired_date,authorid,n_status)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $data['title'] . "','" . $data['brief'] . "','" . $data['content'] . "','" . $data['image'] . "'\n ,'" . $data['image_url'] . "','" . $data['categoryid'] . "','" . $data['articletype'] . "','" . $date . "'\n ,'" . $data['postdate'] . "','" . $data['expired_date'] . "','" . $data['authorid'] . "','" . $data['n_status'] . "')";
//pr($query);exit;
} else {
if ($data['categoryid'] == '1' && $data['articletype'] == '2' || $data['categoryid'] == '8') {
$date = $data['postdate'];
}
$query = "UPDATE {$this->prefix}_news_content\n\t\t\t\t\t\tSET \n\t\t\t\t\t\t\ttitle = '{$data['title']}',\n\t\t\t\t\t\t\tbrief = '{$data['brief']}',\n\t\t\t\t\t\t\tcontent = '{$data['content']}',\n\t\t\t\t\t\t\timage = '{$data['image']}',\n\t\t\t\t\t\t\tfile = '{$data['image_url']}',\n articletype = '{$data['articletype']}',\n\t\t\t\t\t\t\tposted_date = '{$data['postdate']}',\n expired_date = '{$data['expired_date']}',\n\t\t\t\t\t\t\tauthorid = '{$data['authorid']}',\n\t\t\t\t\t\t\tn_status = {$data['n_status']}\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tid = '{$data['id']}'";
}
// pr($query);
$result = $this->query($query);
return $result;
}示例10: ViewLog
function ViewLog()
{
global $db_host, $db_user, $db_pass, $db_name;
global $total, $page, $size, $view_size;
global $server_count_info, $server_from_info, $server_select_info, $server_where_info, $server_order_info;
$page = intval($_GET["page"]);
$code = $_GET["code"];
$Conn = mysql_connect($db_host, $db_user, $db_pass);
mysql_query("SET NAMES 'GBK'");
mysql_select_db($db_name, $Conn);
$code = mysql_escape_string($code);
$qs = "{$server_count_info} {$server_from_info} {$server_where_info} and li.error_code = '{$code}'";
$result = mysql_query($qs);
$row = mysql_fetch_row($result);
$total = intval($row[0]);
$b = $page * $size - $size;
$e = $size;
printf("<p>查询条件是错误码: <b>{$code}</b><p>");
$qs = "{$server_select_info} {$server_from_info} {$server_where_info} and li.error_code = '{$code}' order by happened_time desc limit {$b}, {$e}";
$result = mysql_query($qs);
$content = array();
while ($row = mysql_fetch_row($result)) {
$content[count($content)] = $row;
}
printf(GetServerLogHTML($content));
}示例11: esc_str
}
private function esc_str($val)
{
if ($val == '') {
return 'NULL';
}
return "'" . mysql_escape_string($val) . "'";示例12: getSuggestions
function getSuggestions($keyword)
{
DbConnect();
$patterns = array('/\\s+/', '/"+/', '/%+/');
$replace = array('');
$keyword = preg_replace($patterns, $replace, $keyword);
if ($keyword != '' and preg_match('/^[ _a-zà-ÿA-ZÀ-ß0-9]*$/i', $keyword)) {
$keyword = mysql_escape_string($keyword);
$query = "SELECT name FROM game_items_factsheet WHERE name LIKE '" . $keyword . "%' ORDER BY BINARY name";
} else {
$query = "SELECT name FROM game_items_factsheet WHERE name=''";
}
$result = myquery($query);
$output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
$output .= '<response>';
if ($result != false) {
if (mysql_num_rows($result)) {
while ($row = mysql_fetch_array($result)) {
$output .= '<name>' . iconv("Windows-1251", "UTF-8//IGNORE", $row['name']) . '</name>';
}
}
}
$output .= '</response>';
mysql_close();
return $output;
}示例13: getNotices
function getNotices()
{
// @fixme there should be a common func for this
if (common_config('db', 'type') == 'pgsql') {
if (!empty($this->out->tag)) {
$tag = pg_escape_string($this->out->tag);
}
} else {
if (!empty($this->out->tag)) {
$tag = mysql_escape_string($this->out->tag);
}
}
$weightexpr = common_sql_weight('fave.modified', common_config('popular', 'dropoff'));
$cutoff = sprintf("fave.modified > '%s'", common_sql_date(time() - common_config('popular', 'cutoff')));
$qry = "SELECT notice.*, {$weightexpr} as weight ";
if (isset($tag)) {
$qry .= 'FROM notice_tag, notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff} and notice.id = notice_tag.notice_id and '{$tag}' = notice_tag.tag";
} else {
$qry .= 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff}";
}
$qry .= ' GROUP BY notice.id,notice.profile_id,notice.content,notice.uri,' . 'notice.rendered,notice.url,notice.created,notice.modified,' . 'notice.reply_to,notice.is_local,notice.source,notice.conversation, ' . 'notice.lat,notice.lon,location_id,location_ns,notice.repeat_of' . ' ORDER BY weight DESC';
$offset = 0;
$limit = NOTICES_PER_SECTION + 1;
$qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset;
$notice = Memcached_DataObject::cachedQuery('Notice', $qry, 1200);
return $notice;
}示例14: newCmtFormHlr
function newCmtFormHlr($author = false, $email = false, $author_id = false, $article_id = false, $content = false, $date = false)
{
if ($content == false) {
$content = $_REQUEST['comment_text'];
}
if ($article_id == false) {
$article_id = $_REQUEST['id'];
}
$reg = Registry::instance();
$_hinfo = $reg->get('hamster_info');
$login_status = $reg->get('login_status');
if ($login_status == 3) {
$author = mysql_escape_string(htmlspecialchars($_hinfo['name']));
$email = '';
$author_id = intval($_hinfo['id']);
if ($_REQUEST['comment_text'] == '') {
return array();
}
require_once 'lib/markdown/markdown.php';
$content = Markdown(strip_tags($content));
} else {
$content = '<p>' . htmlspecialchars($content) . '</p>';
$email = mysql_escape_string(htmlspecialchars($_REQUEST['comment_email']));
if ($_REQUEST['comment_name'] != '' && $name == false) {
$author = mysql_escape_string(htmlspecialchars($_REQUEST['comment_name']));
} else {
$author = 'НЛО';
}
if (strpos($_REQUEST['comment_text'], 'http://') !== false || $_REQUEST['comment_text'] == '' || $_REQUEST['comment_sid'] != $_SESSION['comment_sid'] || !isset($_SESSION['comment_sid']) || time() - $_SESSION['comment_stamp'] < 2) {
return array();
}
}
$prs = array('author' => $author, 'email' => $email, 'author_id' => $author_id, 'article_id' => intval($article_id), 'content' => mysql_escape_string($content), 'date' => local2gm());
return $prs;
}示例15: _get_query_order
protected function _get_query_order($key, $value)
{
/**
* Returns an ORDER BY argument, given an argument from the query string.
*
* The return value of this function goes right after an 'ORDER BY', so it
* might be 'b.reporter ASC' or 'u.date_created DESC'.
*
* @param $key - The resource attribute on which the request says to sort. For
* example, if the QS parameter is 'sort-reporter', $key here will be
* 'reporter'.
* @param $value - The sense of the sort; 1 for ascending, -1 for descending.
*/
if ($key == 'reporter') {
$key .= '_id';
} elseif ($key == 'private') {
$key = 'view_state';
} elseif ($key == 'date_submitted' || $key == 'last_modified') {
$key = mysql_escape_string($key);
} else {
throw new HTTPException(500, "Can't sort bugnotes by attribute '{$key}'");
}
$sql = "n.{$key}";
if ($value == 1) {
$sql .= ' ASC';
} elseif ($value == -1) {
$sql .= ' DESC';
}
return $sql;
}