本文整理汇总了PHP中safesql函数的典型用法代码示例。如果您正苦于以下问题:PHP safesql函数的具体用法?PHP safesql怎么用?PHP safesql使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了safesql函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: safesql
function safesql($StrFiltKey, $StrFiltValue, $type)
{
$getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\\s*?\\(\\d+?|sleep\\s*?\\(.*\\)|load_file\\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\\s+?[\\w]+?\\s+?\\bin\\b\\s*?\\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\/\\*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\\s*?\\(\\d+?|sleep\\s*?\\(.*\\)|load_file\\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\\s+?[\\w]+?\\s+?\\bin\\b\\s*?\\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\/\\*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$cookiefilter = "benchmark\\s*?\\(\\d+?|sleep\\s*?\\(.*\\)|load_file\\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\\s+?[\\w]+?\\s+?\\bin\\b\\s*?\\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\/\\*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
if ($type == "GET") {
$ArrFiltReq = $getfilter;
} elseif ($type == "POST") {
$ArrFiltReq = $postfilter;
} elseif ($type == "COOKIE") {
$ArrFiltReq = $cookiefilter;
}
if (is_array($StrFiltValue)) {
foreach ($StrFiltValue as $key => $value) {
safesql($key, $value, $type);
}
} else {
if (preg_match("/" . $ArrFiltReq . "/is", $StrFiltValue) == 1) {
exit(safe_pape());
}
}
if (preg_match("/" . $ArrFiltReq . "/is", $StrFiltKey) == 1) {
exit(safe_pape());
}
}示例2: get_end_pos
function get_end_pos($catid, $parent = 0)
{
global $data;
$catid = safesql($catid, "int");
$pos = 1;
do {
if ($parent == 0) {
$temp = $data->select_query("menu_items", "WHERE cat = {$catid} AND pos = '{$pos}'");
} else {
$temp = $data->select_query("menu_items", "WHERE cat = {$catid} AND pos = '{$pos}' AND parent={$parent}");
}
if ($data->num_rows($temp) != 0) {
$pos++;
}
} while ($data->num_rows($temp) != 0);
return $pos;
}示例3: getSqlList
function getSqlList($type, $field, $userid)
{
global $data;
if ($userid == "") {
$owned = $data->select_fetch_all_rows($number, "owners", "WHERE item_type='{$type}'");
$ownedSql = '';
if ($number > 0) {
for ($i = 0; $i < $number; $i++) {
$ownedSql .= "{$field} != " . safesql($owned[$i]['item_id'], "int");
if ($i != $number - 1) {
$ownedSql .= " AND ";
}
}
} else {
$ownedSql = "{$field} >= 0";
}
} else {
$ownedSql = owner_items_sql_list($field, $type, true, $userid);
}
return $ownedSql;
}示例4: getuseroffset
} else {
include "admin/admin_main.php";
$tpl->assign('file', $filetouse);
}
$tpl->assign("mainpage", $page);
$tpl->assign("pagename", $pagename);
$tpl->assign("ex", $ex);
$tpl->assign("error", $error);
$tpl->assign('menufile', $menufile);
$tpl->assign('message', $message);
$tpl->assign('show', $show);
$tpl->assign('userlevel', $check['level']);
$tpl->assign('notsecond', $notsecond);
$tpl->assign("timeoffset", getuseroffset($check['uname']));
//Check for user message
$uid = safesql($check['uid'], "text");
$messages = $data->select_fetch_one_row("messages", "WHERE uid={$uid} AND type = 3");
$data->delete_query("messages", "uid={$uid} AND type = 3");
if ($messages) {
$tpl->assign("infomessage", $messages['message'] . ($messages['type'] == 3 ? " (Click on the message to hide)" : ""));
if ($messages['post'] != NULL) {
$post = unserialize($messages['post']);
$tpl->assign("repost", $post);
}
if ($messages['type'] == 1) {
$tpl->assign("nohide", true);
}
}
/********************************************End Content Generation*****************************************/
//Compile page
if ($config['softdebug'] == 1) {示例5: safesql
$newtopic = $data->fetch_array($sql);
$data->update_query("forums", "lasttopic='{$newtopic['id']}', lastpost='{$newtopic['lastpost']}', lastdate={$newtopic['lastdate']}", "id={$topic['forum']}", "", "", false);
echo "<script>window.location='index.php?page=forums&action=topic&t={$tid}&menuid={$menuid}';</script>";
exit;
}
}
$pagenum = 7;
$tpl->assign("tid", $tid);
} else {
echo "<script>alert('You don\\'t have the required permisions to delete a post''); window.location='index.php?page=forums&action=topic&t={$tid}';</script>";
exit;
}
break;
case "stopwatching":
$tid = safesql($_GET['tid'], "int");
$user = safesql($_GET['u'], "int");
$data->update_query("forumstopicwatch", "notify=0", "uid = {$user} AND topic_id={$tid}", "", "", false);
show_message("You are no longer watching the topic");
include "forums/view_forum.php";
break;
case "allread":
$sql = $data->delete_query("forumnew", "uid={$check['id']}");
include "forums/view_forum.php";
break;
case "forumread":
$sql = $data->delete_query("forumnew", "uid={$check['id']} AND forum={$f}");
default:
include "forums/view_forum.php";
}
$tpl->assign("username", $check['uname']);
$tpl->assign("userauths", $userauths);示例6: array
//display all photos
$photo = array();
while ($temp = $data->fetch_array($photosql)) {
$temp['caption'] = censor($temp['caption']);
$photo[] = $temp;
}
}
if (!$inarticle) {
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$tpl->assign('editFormAction', $editFormAction);
$id = safesql($albumid, "int");
if (isset($_POST['submit']) && $_POST['submit'] == "Post Comment") {
$comment = safesql(strip_tags($_POST['comment']), "text");
if ($config['confirmcomment'] == 1) {
$allowed = 0;
} else {
$allowed = 1;
}
$timestamp = time();
$data->insert_query("comments", "'', {$id}, '{$check['id']}', 1, {$timestamp}, {$comment}, {$allowed}", "", "", false);
if (confirm('comment')) {
$page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$page .= "?" . $_SERVER['QUERY_STRING'];
}
$comment = $data->select_fetch_one_row("comments", "WHERE uid='{$check['id']}' AND item_id={$id} AND date={$timestamp}");
confirmMail("comment", $comment);
show_message("The comment first needs to be reviewed before it will be visible", $page);示例7: safesql
if ($action == "edit_advancements" && pageauth("troop", "edit") == 1) {
$recordsql = $data->select_query("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}");
if ($data->num_rows($recordsql) > 0) {
$record = safesql(serialize($_POST['requirement']), "text");
$comments = safesql(serialize($_POST['comment']), "text");
$data->update_query("scoutrecord", "requirements={$record}, comment={$comments}", "userid={$safe_memberid} AND scheme= {$safe_scheme}");
} else {
$record = safesql(serialize($_POST['requirement']), "text");
$comments = safesql(serialize($_POST['comment']), "text");
$data->insert_query("scoutrecord", "'', {$safe_memberid}, {$record}, {$comments}, {$safe_scheme}");
}
show_admin_message("Record Updated", "admin.php?page={$page}&subpage=records&id={$id}&action=view_advancements");
} elseif ($action == "addbadge" && pageauth("troop", "edit") == 1) {
$badgeid = safesql($_POST['bid'], "int");
$comment = safesql($_POST['comment'], "text");
$date = safesql(time(), "int");
$data->insert_query("userbadges", "'', {$safe_memberid}, {$badgeid}, {$comment}, {$date}");
show_admin_message("Badge Added", "admin.php?page={$page}&subpage=records&id={$id}&action=view_badges");
}
}
$schemes = $data->select_fetch_all_rows($numschemes, "awardschemes", "ORDER BY name ASC");
$tpl->assign("schemes", $schemes);
$tpl->assign("numschemes", $numschemes);
if ($action == "view_advancements" || $action == "" || $action == "edit_advancements" && pageauth("troop", "edit") == 1) {
$advansql = $data->select_query("advancements", "WHERE scheme = {$safe_scheme} ORDER BY position ASC");
$numadva = $data->num_rows($advansql);
$advancements = array();
$numitems = 0;
$recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}");
$scoutRecord['requirement'] = unserialize($recordsql['requirements']);
$scoutRecord['comment'] = unserialize($recordsql['comment']);示例8: user_auth
/**
* Авторизация пользователя
* Проверка логина и пароля
*
* @param string логин
* @param string пароль (не хеш)
* @param string тип авторизации (по логину или по email)
* @return int|bool возвращает ID пользователя, в случае успеха и false в случае неудачи.
*/
function user_auth($user_login = '', $user_password = '', $type = 'login')
{
if (!$user_login or !$user_password) {
return false;
}
$user_login = safesql($user_login);
switch ($type) {
default:
$query = $this->db->get_where('users', array('login' => $user_login), 1);
break;
case 'email':
$query = $this->db->get_where('users', array('email' => $user_login), 1);
break;
}
if ($query->num_rows > 0) {
$this->user_data = $query->row_array();
$user_data =& $this->user_data;
// Проверка на разрешенные IP
if ($user_data['is_admin'] && isset($this->config->config['admin_ip'])) {
if (!$this->_check_subnet()) {
return false;
}
}
// Используется blowfish
$password_hash = hash_password($user_password, $this->user_data['password']);
} else {
return false;
}
// Проверка пароля
if ($password_hash == $this->user_data['password']) {
$this->auth_id = (int) $user_data['id'];
$this->auth_login = $user_data['login'];
$this->auth_data = $user_data;
$this->auth_data['balance'] = (int) $this->encrypt->decode($user_data['balance']);
return $this->auth_id;
} else {
return false;
}
}示例9: die
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
**************************************************************************/
if (!defined('SCOUT_NUKE')) {
die("You have accessed this page illegally, please go use the main menu");
}
if (isset($_GET['f'])) {
$fid = safesql($_GET['f'], "int");
}
if (isset($_GET['t'])) {
$tid = safesql($_GET['t'], "int");
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$sql = $data->select_query("forums");
$numforums = $data->num_rows($sql);
if (empty($_GET['t'])) {
$sql = $data->select_query("forums", "WHERE id={$fid}");
$forum = $data->fetch_array($sql);
$sql = $data->select_query("forumtopics", "WHERE forum={$fid}");
$numtopics = $data->num_rows($sql);
$topics = array();
while ($topics[] = $data->fetch_array($sql)) {
}示例10: htmlentities
} else {
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$Submit = $_POST['Submit'];
$id = $_GET['id'];
$action = $_GET['action'];
// Edit content
if ($Submit == "Update" && pageauth("emailedit", "edit") == 1) {
$id = safesql($id, "int");
$subject = safesql($_POST['subject'], "text");
$email = safesql($_POST['email'], "text");
if ($data->update_query("emails", "subject={$subject}, email={$email}", "id={$id}")) {
show_admin_message("Email updated", $pagename);
}
}
// Show specific content
if ($id != "" && pageauth("emailedit", "edit") == 1) {
// Show selected content
$id = safesql($id, "int");
$email = $data->select_fetch_one_row("emails", "WHERE id={$id}");
$tpl->assign("email", $email);
}
// Show all news
$emails = $data->select_fetch_all_rows($numemails, "emails", "ORDER BY name ASC");
$tpl->assign('action', $action);
$tpl->assign('numemails', $numemails);
$tpl->assign('emails', $emails);
$filetouse = "admin_emailedit.tpl";
}示例11: safesql
}
$tpl->assign("numalbums", $numalbums);
$tpl->assign("album", $album);
$tpl->assign("numarticles", $numart);
$tpl->assign("article", $articles);
$tpl->assign("numevents", $numevents);
$tpl->assign("event", $events);
$tpl->assign("numdownloads", $numdown);
$tpl->assign("download", $downloads);
$tpl->assign("numnews", $numnews);
$tpl->assign("news", $newsitems);
if ($_POST['submit'] == "Submit") {
if (validate($_POST['validation'])) {
$news = safesql($_POST['story'], "text", false);
$title = safesql($_POST['title'], "text");
$attachment = safesql($_POST['attachment'], "text");
if (confirm('news')) {
$Add = $data->insert_query("newscontent", "NULL, {$title}, {$news}, {$timestamp}, {$attachment}, 0, 0");
$addon = "The news item first needs to be reviewed before it will be available on the site.";
} else {
$Add = $data->insert_query("newscontent", "NULL, {$title}, {$news}, {$timestamp}, {$attachment}, 1, 0");
}
$data->update_query("users", "numnews = numnews + 1", "id='{$check['id']}'");
$article = $data->fetch_array($data->select_query("newscontent", "WHERE title={$title} AND event={$timestamp} ORDER BY id DESC", "id, title, news"));
if (confirm('news')) {
confirmMail("news", $article);
} else {
email('newitem', array("news", $article));
}
$data->insert_query("owners", "'', {$article['id']}, 'newsitem', {$check['id']}, 0, 0, 0");
show_message("Your news item has been added. {$addon}", "index.php?page=mythings&menuid={$menuid}");示例12: strftime
$temp['etime'] = strftime("%H:%M", $temp['enddate']);
$calendar .= "\n <div class=\"newsitem\">\n <h3>" . censor($temp['summary']) . "</h3>\n <span class=\"smalltext\"><b>Start Date: </b>{$temp['sdate']} | <b>Start Time: </b>{$temp['stime']}</span><br />\n <span class=\"smalltext\"><b>End Date: </b>{$temp['edate']} | <b>End Time: </b>{$temp['etime']}</span>";
if ($temp['detail'] != NULL) {
$calendar .= "<p>" . censor($temp['detail']) . "</p>";
}
$calendar .= "</div>";
}
}
} else {
$calendar .= "There are no events happening during {$month}.";
}
$calendar .= "<div class=\"smalltext\">You can see a year view by clicking on the <img src=\"{$templateinfo['imagedir']}calendar.png\" border=\"0\" title=\"Year View\" alt=\"Year View\"/> icon <br />You can see a month view by clicking on the <img src=\"{$templateinfo['imagedir']}view_month.png\" title=\"View Month\" alt=\"View Month\" border=\"0\"/> icon <br />You can goto the current date by clicking on the <img src=\"{$templateinfo['imagedir']}today.png\" border=\"0\" title=\"Today\" alt=\"Today\"/> icon</div>";
}
$add = get_auth('addevent') == 1 ? true : false;
$addlink = "index.php?page=addevent&menuid={$menuid}";
$rssuname = safesql(md5($check['uname']), "text");
if ($data->num_rows($data->select_query("rssfeeds", "WHERE itemid=1 AND type=3 AND uname={$rssuname}", "id"))) {
$rss = 1;
} else {
$rss = 0;
}
$tpl->assign("calendar", $calendar);
$tpl->assign("rss", $rss);
$show_detail = false;
}
} else {
$calendar = new vcalendar();
$calsql = $data->select_query("calendar_items", "WHERE allowed = 1 AND trash=0");
while ($temp = $data->fetch_array($calsql)) {
$groups = unserialize($temp['groups']);
if (is_array($groups)) {示例13: safesql
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
**************************************************************************/
if (!empty($getmodules)) {
$module['Configuration']['Module Manager'] = "modules";
$moduledetails[$modulenumbers]['name'] = "Module Manager";
$moduledetails[$modulenumbers]['details'] = "Manage CMScout modules";
$moduledetails[$modulenumbers]['access'] = "Allowed to access the module manager";
$moduledetails[$modulenumbers]['add'] = "notused";
$moduledetails[$modulenumbers]['edit'] = "notused";
$moduledetails[$modulenumbers]['delete'] = "notused";
$moduledetails[$modulenumbers]['publish'] = "Allowed to deactivate and reactivate modules";
$moduledetails[$modulenumbers]['limit'] = "notused";
$moduledetails[$modulenumbers]['id'] = "modules";
return;
} else {
$id = safesql($_GET['id'], "int");
if ($_GET['action'] == 'activate' && pageauth("modules", "publish")) {
$sqlq = $data->update_query("functions", "active = 1", "id={$id}");
header("Location: {$pagename}");
} elseif ($_GET['action'] == 'deactivate' && pageauth("modules", "publish")) {
$sqlq = $data->update_query("functions", "active = 0", "id={$id}");
header("Location: {$pagename}");
}
$modules = $data->select_fetch_all_rows($nummodule, "functions", "WHERE type != 3 ORDER BY name ASC", "id, name, type, active");
$tpl->assign("modules", $modules);
$tpl->assign("nummodule", $nummodule);
$filetouse = "admin_modules.tpl";
}示例14: htmlentities
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$tpl->assign('editFormAction', $editFormAction);
if (isset($_POST["submit"])) {
if (validate($_POST['validation'])) {
$album_name = strip_tags($_POST['album_name']);
$patrol = $_POST['patrol'];
$insertSQL = sprintf("NULL, %s, %s", safesql($album_name, "text"), safesql($patrol, "int"));
if (confirm('album')) {
$message = "Your album has been added, but first needs to be reviewed by an administrator.";
$insertSQL .= ", 0";
} else {
$message = "Your album has been added.";
$insertSQL .= ", 1";
}
$album_name = safesql($album_name, "text");
if ($data->insert_query("album_track", $insertSQL . ", 0")) {
$album = $data->select_fetch_one_row("album_track", "WHERE album_name={$album_name} ORDER BY ID DESC");
$data->update_query("users", "numalbums = numalbums + 1", "uname='{$check['uname']}'");
$data->insert_query("owners", "'', {$album['ID']}, 'album', {$check['id']}, 0, 0, 0");
if (confirm('album')) {
confirmMail("album", $album);
} else {
email('newitem', array("album", $album));
}
show_message("Your photo album has been created. {$extra}", "index.php?page=mythings&cat=album&action=edit&id={$album['ID']}&menuid={$menuid}");
} else {
show_message("There was an error adding your photo album. If this error persists please contact the site administrator.", "index.php?page=addphotoalbum", true);
}
} else {
show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addphotoalbum&menuid={$menuid}", true);示例15: safesql
$poll['pollq'] = $_POST['question'];
if ($poll['pollq'] != "") {
$poll['pollq'] = safesql($poll['pollq'], "text");
$poll['stopdate'] = $poll['stopdate'] != "" ? safesql(strtotime($poll['stopdate']), "int") : 0;
if (confirm('poll')) {
$message = "Your poll has been added, but first needs to be reviewed by an administrator.";
$allow = 0;
} else {
$message = "Your poll has been added.";
$allow = 1;
}
$results = array();
for ($i = 0; $i < count($_POST['option']); $i++) {
$results[str_replace(' ', '', $_POST['option'][$i])] = 0;
}
$results = safesql(serialize($results), "text");
$sql = $data->insert_query("polls", "NULL, {$poll['pollq']}, {$timestamp}, {$poll['stopdate']}, {$options}, {$results}, {$allow}, 0");
if ($sql) {
$polling = $data->select_fetch_one_row("polls", "WHERE question = {$poll['pollq']} AND date_start={$timestamp} ORDER BY id DESC", "id");
if ($data->insert_query("owners", "'', {$polling['id']}, 'pollitems', {$check['id']}, 0, 0, 0")) {
if (confirm('poll')) {
confirmMail("poll", $polling);
} else {
email('newitem', array("poll", $polling));
}
show_message($message, "index.php?page=mythings&menuid={$menuid}");
} else {
show_message("There was an error adding your poll. If this error persists please contact the site administrator.", "index.php?page=addpoll&menuid={$menuid}", true);
}
}
}