PHP mysql_prep函数代码示例

function find_distinct_course_date()
{
    global $connection;
    if (isset($_GET["historical_course_date"])) {
        $safe_course_date = mysql_prep($_GET["historical_course_date"]);
    }
    if (isset($_GET["historical_monthname_course_date"])) {
        $safe_monthname_course_date = mysql_prep($_GET["historical_monthname_course_date"]);
    }
    if (isset($_GET["historical_year_course_date"])) {
        $safe_year_course_date = mysql_prep($_GET["historical_year_course_date"]);
    }
    if (isset($_GET["historical_yearweek_course_date"])) {
        $safe_yearweek_course_date = mysql_prep($_GET["historical_yearweek_course_date"]);
    }
    $query = "SELECT * FROM summary_by_course_date_program ";
    if (isset($safe_course_date)) {
        $query .= "WHERE course_date='{$safe_course_date}' ";
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    if (isset($safe_monthname_course_date) && $safe_monthname_course_date) {
        $query .= "{$whereAnd} monthname(course_date)='{$safe_monthname_course_date}' ";
        $whereAnd = " AND ";
    } elseif ($whereAnd == " AND ") {
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    if (isset($safe_year_course_date) && $safe_year_course_date) {
        $query .= "{$whereAnd} year(course_date)='{$safe_year_course_date}' ";
        $whereAnd = " AND ";
    } elseif ($whereAnd == " AND ") {
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    if (isset($safe_yearweek_course_date) && $safe_yearweek_course_date) {
        $query .= "{$whereAnd} yearweek(course_date)='{$safe_yearweek_course_date}' ";
        $whereAnd = " AND ";
    } elseif ($whereAnd == " AND ") {
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    //    if (isset($_GET)  ){
    //        if(isset($_GET["course_date"])){
    //            $safe_course_date= mysql_prep($_GET["course_date"]);
    //            $query="WHERE course_date = {$safe_course_date} ";
    //        }
    //    }
    $date_set = mysqli_query($connection, $query);
    confirm_query($date_set);
    return $date_set;
}

function check_max_field_lengths($field_length_array)
{
    $field_errors = array();
    foreach ($field_length_array as $fieldname => $maxlength) {
        if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) {
            $field_errors[] = $fieldname;
        }
    }
    return $field_errors;
}

function check_max_fields_length($fields, $post)
{
    //ispraviti greske
    foreach ($fields as $polje => $max_duz) {
        if (strlen(trim(mysql_prep($post[$polje]))) > $max_duz) {
            $errors[] = $polje;
        }
    }
    return $errors;
}

function count_modele_by_day($day_no, $visible = 1)
{
    global $connection;
    $safe_day_no = mysql_prep($day_no);
    $safe_visu = mysql_prep($visible);
    $query = "SELECT COUNT(*) AS c FROM programmed_courses_modele WHERE week_day_rank ={$safe_day_no} AND visible=  {$safe_visu} ";
    $result = mysqli_query($connection, $query);
    confirm_query($result);
    $row = mysqli_fetch_assoc($result);
    return $row['c'];
    //
}

function find_name_category_links($name_category = null)
{
    global $connection;
    $safe_name_category = mysql_prep($name_category);
    $query = "SELECT * ";
    $query .= "FROM links ";
    if ($name_category) {
        $query .= "WHERE category = '{$safe_name_category}'";
    }
    $query .= "ORDER BY rank ASC";
    $link_set = mysqli_query($connection, $query);
    confirm_query($link_set);
    return $link_set;
}

function count_prog_by_date_doubled($date_sql, $pseudo, $heure)
{
    global $connection;
    $safe_date = mysql_prep($date_sql);
    $safe_pseudo = mysql_prep($pseudo);
    $safe_heure = mysql_prep($heure);
    $query = "SELECT COUNT(*) AS c FROM programmed_courses WHERE course_date ='{$safe_date}' ";
    $query .= "AND pseudo = '{$safe_pseudo} ";
    $query .= "AND heure = '{$safe_heure} ";
    $result = mysqli_query($connection, $query);
    confirm_query($result);
    $row = mysqli_fetch_assoc($result);
    return $row['c'];
    //
}

function add_member()
{
    global $connection;
    if (($handle = fopen("data/Needtoadd.csv", "r")) !== FALSE) {
        while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
            $username = mysql_prep($data[5], 1, -1);
            $verification_link = random_string();
            $verification_link_send = urlencode($verification_link);
            $idiot_link = urlencode(random_string());
            $email = mysql_prep($data[8], 1, -1);
            $name = mysql_prep($data[0], 1, -1);
            $to = $email;
            $subject = "Set Your Password";
            $message = "Hi {$username}," . "\n" . "\n" . "Click the link below to set your password." . "\n" . "http://www.acmism.org/verification.php?id={$idiot_link}&link={$verification_link_send}" . "\n" . "Thank you for joining us," . "\n" . "Team ACM.";
            $headers = 'From: ACM ISM Student Chapter <local_activities@acmism.org>' . "\r\n" . 'Reply-To: ACM ISM Student Chapter <local_activities@acmism.org>';
            $password = random_string();
            $spoj = mysql_prep($data[5], 1, -1);
            $codechef = mysql_prep($data[6], 1, -1);
            $hackerrank = mysql_prep($data[7], 1, -1);
            $admission = mysql_prep($data[2], 1, -1);
            $member = mysql_prep($data[1], 1, -1);
            $batch = mysql_prep($data[3], 1, -1);
            $branch = mysql_prep($data[4], 1, -1);
            $phone_number = mysql_prep($data[9], 1, -1);
            $hashed_password = sha1($password);
            $query = "INSERT INTO users (\r\n\t\t\t\t\t\tname, username, hashed_password, email, spoj_id, codechef_id, hackerrank_id, admission, member,  batch, branch, phone_number, verification_link\r\n\t\t\t\t\t\t) values (\r\n\t\t\t\t\t\t'{$name}', '{$username}', '{$hashed_password}', '{$email}', '{$spoj}', '{$codechef}', '{$hackerrank}', '{$admission}', '{$member}', '{$batch}', '{$branch}', '{$phone_number}', '{$verification_link}'\r\n\t\t\t\t\t\t)";
            if (mysql_query($query, $connection)) {
                mail($to, $subject, $message, $headers);
                echo "Done " . mysql_prep($data[0], 1, -1);
            } else {
                echo "Left " . mysql_prep($data[0], 1, -1);
                echo mysql_error();
            }
        }
        fclose($handle);
    }
}

function mysql_prep($value)
{
    $magic_quotes_active = get_magic_quotes_gpc();
    $new_enough_php = function_exists("mysql_real_escape_string");
    // i.e. PHP >= v4.3.0
    if ($new_enough_php) {
        // PHP v4.3.0 or higher
        // undo any magic quote effects so mysql_real_escape_string can do the work
        if ($magic_quotes_active) {
            $value = stripslashes($value);
        }
        $value = mysql_real_escape_string($value);
    } else {
        // before PHP v4.3.0
        // if magic quotes aren't already on then add slashes manually
        if (!$magic_quotes_active) {
            $value = addslashes($value);
        }
        // if magic quotes are active, then the slashes already exist
    }
    return $value;
    $name = mysql_prep($_POST['name']);
    $content = mysql_prep($_POST['content']);
    $notes = mysql_prep($_POST['notes']);
    $query = "INSERT INTO songs (\n\t\t\t\ttitle, content, song_notes\n\t\t\t) VALUES (\n\t\t\t\t'{$name}', '{$content}', '{$notes}'\n\t\t\t)";
    $result = mysql_query($query, $connection);
    if ($result) {
        // Success!
        echo "success";
        echo "<p>\"{$name}\" added to database.</p>";
    } else {
        // Display error message.
        echo "<p>Subject creation failed.</p>";
        echo "<p>" . mysql_error() . "</p>";
    }
}

 if ($_POST["question_bank"] == "World Geography") {
     $question_bank = "world_geography";
 } else {
     $question_bank = "geography";
 }
 /*this is copied from new_teacher, make it relevant to new_question*/
 $question_title = mysql_prep($_POST["question_title"]);
 $quiz_name = $_POST["quiz_name"];
 $question = mysql_prep($_POST["Question"]);
 $no_sort = $_POST["no_sort"];
 $image_exist = $_POST["image_exist"];
 $answer_correct = mysql_prep($_POST["AnswerCorrect"]);
 $distractor_one = mysql_prep($_POST["Distractor1"]);
 $distractor_two = mysql_prep($_POST["Distractor2"]);
 $distractor_three = mysql_prep($_POST["Distractor3"]);
 $distractor_four = mysql_prep($_POST["Distractor4"]);
 /*$query  = "INSERT INTO $question_bank (";
   $query .= " QuestionTitle ";
   $query .= ") VALUES (";
   $query .= " '{$question_title}'";
   $query .= ")";*/
 $query = "INSERT INTO {$question_bank} (";
 $query .= " quiz_id, QuestionTitle, quiz_name, Question, no_sort, AnswerCorrect, Distractor1, Distractor2, Distractor3, Distractor4";
 $query .= ") VALUES (";
 $query .= " {$quiz_id}, '{$question_title}', '{$quiz_name}', '{$question}', '{$no_sort}', '{$answer_correct}', '{$distractor_one}', '{$distractor_two}', '{$distractor_three}', '{$distractor_four}' ";
 $query .= ")";
 $result = mysqli_query($connection, $query);
 if ($result) {
     // Success
     $_SESSION["message"] = "Question successfully added!";
     $findID_query = "SELECT * FROM {$question_bank} WHERE quiz_id={$quiz_id} AND QuestionTitle='{$question_title}'";

     // No errors, so update database:
     // Get the variables set in the new_subject.php form and modify them using our
     // mysql_prep() function in functions.php to ensure SQL correctness.
     $get_chapter_id = mysql_prep($_GET['chapter']);
     $chapter_id = intval($get_chapter_id);
     // make sure it's an integer
     $content = mysql_prep($_POST['content']);
     // Execute three queries. One on the chapter table; two on the options table
     // CHAPTER TABLE UPDATE
     $query = "UPDATE \t\tchapters\n\t\t\t\t\t\tSET \t\tcontent\t\t= \t'{$content}', endpoint = {$endpoint}\n\t\t\t\t\t\tWHERE\t\tid\t=\t{$chapter_id}";
     $result = mysql_query($query, $connection);
     if (!$result) {
         $errors[] = mysql_error();
     }
     // Update or create the options
     $options = array("first" => array("id" => intval(mysql_prep($options[0]["id"])), "content" => trim(mysql_prep($_POST['option0']))), "second" => array("id" => intval(mysql_prep($options[1]["id"])), "content" => trim(mysql_prep($_POST['option1']))));
     include "includes/edit_options.php";
     // Test for success (make sure 1 row was changed)
     if (count($errors) < 1) {
         // success -- redirect to new page
         redirect_to("read_chapter.php?chapter={$chapter_id}");
     } else {
         // failure
         echo count($errors);
         $message = "Gee, we seem to have a problem. Try again? <br />";
     }
 } else {
     // errors in form
     $message = "Looks like you have " . count($errors);
     if (count($errors) > 1) {
         $message .= " errors in your form.";

<?php

require_once "../includes/session.php";
?>
 
<?php 
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_function.php";
if (isset($_POST['submit'])) {
    $menu_name = mysql_prep($_POST["menu_name"]);
    $position = (int) $_POST["position"];
    $visible = (int) $_POST["visible"];
    $required_fields = array("menu_name", "position", "visible");
    validate_presences($required_fields);
    $fields_with_max_lenghts = array("menu_name" => 30);
    validate_max_lengths($fields_with_max_lenghts);
    if (!empty($errors)) {
        $_SESSION["errors"] = $errors;
        redirect_to("new_window.php");
    }
    $query = "INSERT INTO windows ( ";
    $query .= "menu_name ,position, visible ";
    $query .= ") VALUES ( ";
    $query .= " '{$menu_name}',{$position} ,{$visible}";
    $query .= ")";
    echo $query;
    $result = mysqli_query($conn, $query);
    if ($result) {
        $_SESSION["message"] = "Window created.";
        redirect_to("manage_content.php");

if (!$admin) {
    redirect_to("index.php");
}
?>
	<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //validation
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $fields_with_max_lenghts = array("username" => 30);
    validate_max_lengths($fields_with_max_lenghts);
    if (empty($errors)) {
        $id = $admin['id'];
        $username = trim($_POST["username"]);
        $password = trim($_POST["password"]);
        $username = mysql_prep($username);
        $password1 = password_encrypt($password);
        $query = "UPDATE admins SET ";
        $query .= " username = '{$username}', ";
        $query .= " hashed_password = '{$password1}' ";
        $query .= " WHERE id = {$id}";
        $query .= " LIMIT 1";
        $result = mysqli_query($connection, $query);
        if ($result) {
            $_SESSION["message"] = "Admin updated";
            redirect_to("manage_admins.php");
        } else {
            $_SESSION["message"] = "Admin is not updated";
            redirect_to("manage_admins.php");
        }
    } else {

            //    unset($_POST);
        }
    }
}
if (isset($_POST['submit_links'])) {
    // see introducing php
    $expected = array("name", "web_address", "description", "category", "sub_category_1", "sub_category_2", "privacy", "rank", "username");
    $required_fields = array("name", "web_address", "category", "username", "rank");
    //  validate_presences($required_fields);
    foreach ($_POST as $key => $value) {
        $temp = is_array($value) ? $value : trim($value);
        if (empty($temp) && in_array($key, $required_fields)) {
            $missing[] = $key;
            ${$key} = '';
        } elseif (in_array($key, $expected)) {
            ${$key} = mysql_prep($temp);
        }
    }
    if (empty($missing) && empty($errors)) {
        $table = "links";
        $query = " INSERT INTO {$table} ";
        $query .= "(";
        $query .= "name, ";
        $query .= "web_address, ";
        $query .= "description, ";
        $query .= "category, ";
        $query .= "sub_category_1, ";
        $query .= "sub_category_2, ";
        $query .= "privacy, ";
        $query .= "rank, ";
        $query .= "username ";

$active_page = "videos";
?>
<link rel="stylesheet" type="text/css" href="stylesheets/videos.css">
<?php 
$admin = logged_in();
global $connection;
$errors = errors();
?>

<?php 
if (isset($_POST["submit"]) && $admin) {
    // User adding a song.
    $requiredfields = array("newvideo");
    validate_presences($requiredfields);
    if (empty($errors)) {
        $newsong = mysql_prep($_POST["newvideo"]);
        $query = "INSERT INTO videos (";
        $query .= " videocode";
        $query .= ") VALUES (";
        $query .= " '{$newsong}'";
        $query .= ")";
        $result = mysqli_query($connection, $query);
        if ($result) {
            // Success
            $_SESSION["message"] = "Video successfully added!";
        } else {
            // Failure
            $_SESSION["message"] = "Video failed to add!";
        }
        redirect_to("index.php?redirect=videos");
    } else {

<?php

require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_functions.php";
prevent_double_teacher_login();
$username = "";
if (isset($_POST['submit'])) {
    // Process the form
    // validations
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $username = mysql_prep($_POST["username"]);
    $password = mysql_prep($_POST["password"]);
    if (empty($errors)) {
        // Attempt login
        $found_admin = attempt_login($username, $password);
        if ($found_admin) {
            // Success. Mark user as logged in
            $_SESSION["admin_id"] = $found_admin["admin_id"];
            $_SESSION["username"] = $found_admin["username"];
            $_SESSION["teacher_last_name"] = $found_admin["teacher_name"];
            $_SESSION["context"] = "teacher";
            redirect_to("teacher_base.php");
        } else {
            // Failure
            $_SESSION["message"] = "Username/password not found.";
        }
    }
} else {