当前位置: 首页>>代码示例>>PHP>>正文

PHP mysqli_real_escape_string函数代码示例

本文整理汇总了PHP中mysqli_real_escape_string函数的典型用法代码示例。如果您正苦于以下问题:PHP mysqli_real_escape_string函数的具体用法?PHP mysqli_real_escape_string怎么用?PHP mysqli_real_escape_string使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了mysqli_real_escape_string函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: search_query

 public static function search_query($keyword = '', $category = '')
 {
     if (isset($_GET)) {
         $keyword_clean = mysqli_real_escape_string(db_connect(), $keyword);
         $category_clean = mysqli_real_escape_string(db_connect(), $category);
         if ($category_clean === 'post') {
             $search_results = db_select("SELECT * FROM post WHERE title LIKE '%" . $keyword_clean . "%' OR body LIKE '%" . $keyword_clean . "%'");
         } elseif ($category_clean === 'category') {
             $search_results = db_select("SELECT * FROM category WHERE title LIKE '%" . $keyword_clean . "%' OR description LIKE '%" . $keyword_clean . "%'");
         } elseif ($category_clean === 'page') {
             $search_results = db_select("SELECT * FROM page WHERE title LIKE '%" . $keyword_clean . "%' OR body LIKE '%" . $keyword_clean . "%'");
         } elseif ($category_clean === 'upload') {
             $search_results = db_select("SELECT * FROM upload WHERE filename LIKE '%" . $keyword_clean . "%' OR filetype LIKE '%" . $keyword_clean . "%' OR filepath LIKE '%" . $keyword_clean . "%'");
         } elseif ($category_clean === 'user') {
             $search_results = db_select("SELECT * FROM user WHERE username LIKE '%" . $keyword_clean . "%'");
         } else {
             // ALL
             $search = new Search();
             $search_results = $search->searchAllDB($keyword_clean);
             //print_r($search_results);
         }
     } else {
         $search_results = '';
         $flash = new Flash();
         $flash->flash('flash_message', 'No keyword entered!', 'danger');
     }
     return $search_results;
 }
开发者ID:gwhitcher,项目名称:gwpress,代码行数:28,代码来源:search.php

示例2: eliminar_promocion

 protected function eliminar_promocion()
 {
     $this->sql_con = new mysqli($this->link['host'], $this->link['user'], $this->link['pass'], $this->link['bd']);
     $this->datos['promocion_id'] = mysqli_real_escape_string($this->sql_con, $_POST['pId']);
     $this->sql_con->set_charset("utf8");
     $filas_afectadas = 0;
     $eliminar_promocion = $this->sql_con->prepare("DELETE FROM promocion WHERE promocion_id = ?");
     $eliminar_promocion->bind_param('i', $this->datos['promocion_id']);
     $eliminar_promocion->execute();
     $eliminacion_exitosa = $this->sql_con->affected_rows;
     if ($eliminacion_exitosa > 0) {
         $filas_afectadas++;
     }
     $eliminar_promocion->close();
     if ($filas_afectadas > 0) {
         $eliminar_promocion_sucursal = $this->sql_con->prepare("DELETE FROM promocion_sucursal WHERE promocion_id = ?");
         $eliminar_promocion_sucursal->bind_param('i', $this->datos['promocion_id']);
         $eliminar_promocion_sucursal->execute();
         $eliminacion_exitosa = $this->sql_con->affected_rows;
         if ($eliminacion_exitosa > 0) {
             $filas_afectadas++;
         }
         $eliminar_promocion_sucursal->close();
     }
     $this->resultado = $filas_afectadas;
 }
开发者ID:llanosCoder,项目名称:mybu,代码行数:26,代码来源:eliminar_promocion.php

示例3: allUsersMadeChoice

function allUsersMadeChoice($eventId)
{
    global $connection;
    //Get the event_date_ids that are associated with the user_choices.
    $qry = "SELECT \n\t\t\t\t\tevent_date.id as event_date_id,\n\t\t\t\t\tevent_date.event_id\n\t\t\t\tFROM \n\t\t\t\t\tevent_date\n\t\t\t\tWHERE \n\t\t\t\t\tevent_date.event_id = '" . mysqli_real_escape_string($connection, $eventId) . "'";
    if ($result = mysqli_query($connection, $qry)) {
        $eventDateIds = array();
        while ($row = mysqli_fetch_array($result)) {
            //Save the event date ids
            $eventDateIds[] = $row['event_date_id'];
        }
        if (count($eventDateIds) > 0) {
            //Create a string from the array of IDS so we can use SQL's IN statement. WHERE id IN (1, 2, 3) etc.
            $eventDateString = '';
            foreach ($eventDateIds as $id) {
                $eventDateString .= $id . ', ';
            }
            $eventDateString = substr($eventDateString, 0, -2);
            $getChoices = "SELECT * FROM date_userchoice WHERE event_date_id IN(" . $eventDateString . ") AND choice = 0";
            if ($result = mysqli_query($connection, $getChoices)) {
                $count = mysqli_num_rows($result);
                //If the count is = 0 it means that all choices are not 0(0 means no choice made)
                if ($count == 0) {
                    return true;
                }
            }
        }
    }
    return false;
}
开发者ID:timenengwerda,项目名称:prikkr,代码行数:30,代码来源:save_user_choice.php

示例4: change_forgot_password

/**
* смена пароля
**/
function change_forgot_password()
{
    global $connection;
    $hash = trim(mysqli_real_escape_string($connection, $_POST['hash']));
    $password = trim($_POST['new_password']);
    if (empty($password)) {
        $_SESSION['forgot']['change_error'] = "Не введен пароль";
        return;
    }
    $query = "SELECT * FROM forgot WHERE hash = '{$hash}' LIMIT 1";
    $res = mysqli_query($connection, $query);
    // если не найден хэш
    if (!mysqli_num_rows($res)) {
        return;
    }
    $now = time();
    $row = mysqli_fetch_assoc($res);
    // если ссылка устарела
    if ($row['expire'] - $now < 0) {
        mysqli_query($connection, "DELETE FROM forgot WHERE expire < {$now}");
        return;
    }
    $password = md5($password);
    mysqli_query($connection, "UPDATE users SET password = '{$password}' WHERE email = '{$row['email']}'");
    mysqli_query($connection, "DELETE FROM forgot WHERE email = '{$row['email']}'");
    $_SESSION['forgot']['ok'] = "Вы успешно сменили пароль. Теперь можно авторизоваться";
}
开发者ID:dimonoov,项目名称:catalog.loc,代码行数:30,代码来源:forgot_model.php

示例5: sanitize

 function sanitize($var, $quotes = true)
 {
     global $connection;
     if (is_array($var)) {
         //run each array item through this function (by reference)
         foreach ($var as &$val) {
             $val = $this->sanitize($val);
         }
     } else {
         if (is_string($var)) {
             //clean strings
             $var = mysqli_real_escape_string($connection, $var);
             if ($quotes) {
                 $var = "'" . $var . "'";
             }
         } else {
             if (is_null($var)) {
                 //convert null variables to SQL NULL
                 $var = "NULL";
             } else {
                 if (is_bool($var)) {
                     //convert boolean variables to binary boolean
                     $var = $var ? 1 : 0;
                 }
             }
         }
     }
     return $var;
 }
开发者ID:salahbj,项目名称:smoothoperator,代码行数:29,代码来源:sanitize.php

示例6: au_login

function au_login()
{
    global $aulis;
    // Error messages!
    $errormsg = array();
    // Are we currently attempting to login?
    if (isset($_POST['au_login'])) {
        // Did we provide our username?
        if (empty($_POST['au_username'])) {
            $errormsg[] = LOGIN_NO_USERNAME;
        }
        // What about our password?
        if (empty($_POST['au_password'])) {
            $errormsg[] = LOGIN_NO_PASSWORD;
        }
        // Create variables that are easier to type
        $login['username'] = $_POST['au_username'];
        $login['password'] = $_POST['au_password'];
        // Usernames don't contain HTML
        if ($login['username'] != htmlspecialchars($login['username'], ENT_NOQUOTES, 'UTF-8', false)) {
            $errormsg[] = LOGIN_USERNAME_NO_HTML;
        }
        // We don't want to mess up the database
        $login['username'] = mysqli_real_escape_string($aulis['connection'], $login['username']);
        // Hash the password
        $login['password'] = au_hash($login['password']);
        // Okay. Now check if the database has any record of the user
        $result = au_query("\n\t\t\tSELECT user_id, user_username, user_password\n\t\t\t\tFROM users\n\t\t\t\tWHERE user_username = '" . $login['username'] . "'\n\t\t");
        // This is only run if the user exists
        foreach ($result as $userlogin) {
            // Get the user id
            $userid = $userlogin['user_id'];
            // Does the password match?
            if ($userlogin['user_password'] == $login['password']) {
                $correctpass = true;
            } else {
                $errormsg[] = LOGIN_PASSWORD_FAIL;
            }
        }
        // Can we login?
        if (!empty($correctpass)) {
            // The user agent
            $login['user_agent'] = mysqli_real_escape_string($aulis['connection'], $_SERVER['HTTP_USER_AGENT']);
            // The IP address
            $login['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
            // How long should we keep the session active?
            $sessionlength = !empty($_POST['au_forever']) ? '0' : '60';
            // Set the session
            $_SESSION[$setting['session_name']] = array('user' => $userid, 'agent' => $login['user_agent'], 'ip' => $login['user_ip'], 'sessionlength' => $sessionlength);
            // Show a nice information page
            template_info('login_success', 'login_success_title', 'user_green.png', $basefilenq, 'login_link');
        }
    }
    // This array is used in the login template
    $logindata = array('errors' => empty($_POST['au_login']) ? 0 : 1, 'error_message' => $errormsg, 'username' => !empty($login['username']) ? $login['username'] : '');
    // Okay, load this app's template
    au_load_template('login', false);
    // Show the registration template
    au_template_login(!empty($login_complete) ? true : false);
}
开发者ID:AulisInternational,项目名称:Aulis,代码行数:60,代码来源:Login.php

示例7: updateProfileInfo

 public function updateProfileInfo()
 {
     $userid = mysqli_real_escape_string($this->mysqli, $_REQUEST['userid']);
     if (!empty($userid)) {
         $arr = array();
         $fname = mysqli_real_escape_string($this->mysqli, $_REQUEST['fname']);
         $lname = mysqli_real_escape_string($this->mysqli, $_REQUEST['lname']);
         $email = mysqli_real_escape_string($this->mysqli, $_REQUEST['email']);
         $mobile = mysqli_real_escape_string($this->mysqli, $_REQUEST['mobile_no']);
         $telno = mysqli_real_escape_string($this->mysqli, $_REQUEST['telephone_no']);
         $postcode = mysqli_real_escape_string($this->mysqli, $_REQUEST['postcode']);
         $address1 = mysqli_real_escape_string($this->mysqli, $_REQUEST['address1']);
         $address2 = mysqli_real_escape_string($this->mysqli, $_REQUEST['address2']);
         $city = mysqli_real_escape_string($this->mysqli, $_REQUEST['city']);
         $country = mysqli_real_escape_string($this->mysqli, $_REQUEST['country']);
         $dob = mysqli_real_escape_string($this->mysqli, $_REQUEST['dob_date']);
         $dateOfAniversary = mysqli_real_escape_string($this->mysqli, $_REQUEST['doa']);
         $query = "UPDATE user_profile a INNER JOIN user b ON a.user_id = b.id SET a.first_name = '{$fname} ', a.last_name = '{$lname}', b.email = '{$email}', a.address1 = '{$address1}', a.address2 = '{$address2}', a.mobile_no = '{$mobile}', a.telephone_no = '{$telno}', a.postcode = '{$postcode}', a.town = '{$city}', a.region = '{$country}', a.date_of_birth = '{$dob}', a.date_of_anniversery = '{$dateOfAniversary}' WHERE a.user_id = '" . $userid . "'";
         $result = $this->mysqli->query($query) or die($this->mysqli->error . __LINE__);
         if ($result) {
             $success = self::ViewProfile($userid);
             echo json_encode($success);
         } else {
             $callback = array('status' => "Failed", 'msg' => "Profile informaiton not updated.");
             echo json_encode($callback);
         }
     } else {
         $callback = array('status' => "Failed", "msg" => "Profile information not found!");
         echo json_encode($callback);
     }
 }
开发者ID:nazrul104,项目名称:AngularJS_ionic_App,代码行数:31,代码来源:UserProfile.php

示例8: prepareData

 public static function prepareData($item, $mysqli)
 {
     include_once getcwd() . '/scripts/data-helpers/elrh_db_extractor.php';
     // determine data according the item request
     if (empty($item)) {
         // if no item selected = show list of all articles
         $data["entries"] = ELRHDataExtractor::retrieveArray($mysqli, "SELECT a.id AS aid, a.cat, a.posted, a.name AS article_name, a.dscr, g.id AS gid, g.name AS gallery_name, u.u_displayed_name AS author_name FROM elrh_articles a LEFT JOIN elrh_gallery_galleries g ON a.gallery=g.id JOIN elrh_users u ON a.author=u.u_name ORDER BY a.posted DESC");
         // notify content renderer, there will be only list of articles
         $data["single"] = false;
     } else {
         // still have to determine between article-id and admin operations
         if (is_numeric($item)) {
             // notify content renderer, there will be only one article
             $data["single"] = true;
             // try to find particular article
             $data["entry"] = ELRHDataExtractor::retrieveRow($mysqli, "SELECT a.id AS aid, a.author, a.cat, a.posted, a.name AS article_name, a.dscr, a.content, g.id AS gid, g.name AS gallery_name, (SELECT count(*) FROM elrh_gallery_images i WHERE i.gallery=g.id) AS images, u.u_displayed_name AS author_name FROM elrh_articles a LEFT JOIN elrh_gallery_galleries g ON a.gallery=g.id JOIN elrh_users u ON a.author=u.u_name WHERE a.id='" . mysqli_real_escape_string($mysqli, $item) . "'");
             if (!empty($data["entry"])) {
                 // page title adjustment
                 $data["item_title"] = ": " . $data["entry"]["article_name"];
                 // notify content renderer, that article exists
                 $data["exists"] = true;
             } else {
                 // notify content renderer, that article not found
                 $data["exists"] = false;
             }
         } else {
             // TODO admin operations
         }
     }
     // save prepared data for renderer
     return $data;
 }
开发者ID:AloisSeckar,项目名称:StaraKrc,代码行数:32,代码来源:elrh_articles_data.php

示例9: addUpdate

 public function addUpdate($title, $body, $target, $source)
 {
     $con = $this->connect();
     $title = mysqli_real_escape_string($con, $title);
     $body = mysqli_real_escape_string($con, $body);
     $target = mysqli_real_escape_string($con, $target);
     $source = mysqli_real_escape_string($con, $source);
     $query = "INSERT INTO news VALUES(null, '{$title}', '{$body}','{$target}', NOW(),'{$source}')";
     $res = mysqli_query($con, $query) or die("Couldn't execute query: " . mysqli_error($con));
     if ($res) {
         $id = mysqli_insert_id($con);
         $query = "SELECT * FROM news WHERE id = {$id}";
         $update = mysqli_query($con, $query);
         if (mysqli_num_rows($update) > 0) {
             $rows = array();
             while ($row = mysqli_fetch_array($update, MYSQLI_ASSOC)) {
                 $rows[] = $row;
             }
             return $rows;
         } else {
             return false;
         }
     } else {
         return false;
     }
     $this->close();
 }
开发者ID:benitkibabu,项目名称:backend,代码行数:27,代码来源:DbUpdate.php

示例10: escapeArray

function escapeArray($db, $array)
{
    foreach ($array as $key => $value) {
        $array['key'] = mysqli_real_escape_string($db->link, $value);
    }
    return $array;
}
开发者ID:CWMCDev,项目名称:Movie-Rental,代码行数:7,代码来源:helper.php

示例11: clearString

function clearString($str)
{
    $str = strip_tags($str);
    $str = mysqli_real_escape_string($mysqli, $str);
    $str = trim($str);
    return $str;
}
开发者ID:nurzhanov,项目名称:shop,代码行数:7,代码来源:functions.php

示例12: GetSQLValueString

 function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
 {
     if (PHP_VERSION < 6) {
         $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
     }
     //$theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($conexion , $theValue) : mysqli_escape_string( $conexion , $theValue);
     if (function_exist) {
         $obj = new database();
         $link = $obj->connect();
         $theValue = mysqli_real_escape_string($link, $theValue);
     }
     switch ($theType) {
         case "text":
             $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
             break;
         case "long":
         case "int":
             $theValue = $theValue != "" ? intval($theValue) : "NULL";
             break;
         case "double":
             $theValue = $theValue != "" ? doubleval($theValue) : "NULL";
             break;
         case "date":
             $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
             break;
         case "defined":
             $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
             break;
     }
     return $theValue;
 }
开发者ID:acronoxine,项目名称:movimientosSFA_V1,代码行数:31,代码来源:cat_categorias_md.php

示例13: api_remove_table

function api_remove_table($activeUser, $con, $character_get)
{
    if (isset($_GET['rm'])) {
        $remove = mysqli_real_escape_string($con, $_GET['rm']);
        $remove_name = utils::mysqli_result(mysqli_query($con, "SELECT name FROM characters WHERE eve_idcharacter = '{$remove}'"), 0, 0);
        //character is only dissossiated with the account, not removed from the database
        $remove_character_account = mysqli_query($con, "DELETE FROM aggr WHERE user_iduser = (SELECT iduser FROM user WHERE username = '{$activeUser}') AND character_eve_idcharacter = '{$remove}'") or die(mysqli_error($con));
        //$remove_character = mysqli_query($con, "DELETE FROM characters WHERE eve_idcharacter = '$remove'") or die(mysqli_error($con));
        echo "Character " . $remove_name . " removed successfully.";
        return;
    } else {
        $charsKeys = mysqli_query($con, "SELECT character_eve_idcharacter, name, username, apikey FROM v_user_characters WHERE username = '{$activeUser}'") or die(mysqli_error($con));
        ?>
   <table class='table table-striped table-bordered table-hover' id='dataTables-api'>
       <tr><th align="center">Character</th>
           <th align="center">API Key</th>
           <th></th>
<?php 
        while ($chars = mysqli_fetch_array($charsKeys)) {
            $name = $chars['name'];
            $api = $chars['apikey'];
            $charid = $chars['character_eve_idcharacter'];
            $imgpath = "https://image.eveonline.com/Character/" . $charid . "_32.jpg";
            echo "<tr><td>" . "<img src=" . $imgpath . ">" . "  " . $name . "</td><td >" . $api . "</td><td align='center'>" . "<a href= 'api_remove.php?character={$character_get}&rm={$charid}'<button type='button' class='btn btn-danger'>Remove</button>" . "</td></tr>";
        }
        ?>
   </table>
<?php 
    }
}
开发者ID:marcfeather,项目名称:EveTradeMaster,代码行数:30,代码来源:api_remove.php

示例14: traer_fichas

 protected function traer_fichas()
 {
     extract($_POST);
     $this->datos_usuario["tipo"] = mysqli_real_escape_string($this->sql_con, $tipo);
     $this->datos_usuario["nmr_folio"] = mysqli_real_escape_string($this->sql_con, $nmr_folio);
     switch ($this->datos_usuario["tipo"]) {
         case 1:
             $this->traer_todo();
             break;
     }
     if (isset($user)) {
         $this->arreglo['cliente'] = array();
         //$this->arreglo['contacto']=array();
         //$this->arreglo['producto']=array();
         //$this->arreglo['folio']=array();
         if ($rol != 1) {
             $consulta = "select * from cliente c left join ingreso i on i.ing_rut_usu = c.cli_rut";
             $consulta .= " left join contacto co on co.con_cli_rut=c.cli_rut";
             $consulta .= " left join servicio s on s.serv_cli_rut=c.cli_rut";
             $consulta .= " left join ingreso_estado ie on i.ing_id = ie.ingreso_id";
             if ($rol == 2) {
                 $consulta .= " where i.ing_id_usuario='" . $user . "'";
             }
         }
         $con = $this->sql_con->query($consulta);
         while ($arr = $con->fetch_assoc()) {
             $clientes = array();
             $clientes = array("cli_rut" => $arr["cli_rut"], "cli_nombre" => $arr["cli_nombre"], "cli_app" => $arr["cli_app"], "cli_apm" => $arr["cli_apm"], "cli_id" => $arr["cli_id"], "cli_fantasia" => $arr["cli_fantasia"], "cli_rut_emp" => $this->rut($arr["cli_rut_emp"]), "nmr_folio" => $arr["ing_nmr_folio"], "fecha_ing" => $arr["ing_fecha_contrato"], "con_nombre" => $arr["con_nombre"], "con_mail" => $arr["con_mail"], "con_tmovil" => $arr["con_tmovil"], "con_tfijo" => $arr["con_tfijo"], "serv_tipoplan" => $this->nombre_plan($arr["serv_tipoplan"]), "serv_cli_rut" => $arr["serv_cli_rut"], "serv_nombre_proveedor" => $arr["serv_nombre_proveedor"], "vendedor" => $arr["serv_vendedor"], "estado" => $arr["ingreso_estado"]);
             array_push($this->arreglo["cliente"], $clientes);
         }
     }
 }
开发者ID:llanosCoder,项目名称:mybu,代码行数:32,代码来源:traer_fichas.php

示例15: traitement_magic_quotes

function traitement_magic_quotes($_value) {
   if (get_magic_quotes_gpc())    $_value = stripslashes($_value);
   if (!is_numeric($_value)) {
        $_value = mysqli_real_escape_string($GLOBALS["mysqli"], $_value);
   }
   return $_value;
}
开发者ID:rhertzog,项目名称:lcs,代码行数:7,代码来源:traitement_data.inc.php


注:本文中的mysqli_real_escape_string函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。