本文整理汇总了PHP中sanitise函数的典型用法代码示例。如果您正苦于以下问题:PHP sanitise函数的具体用法?PHP sanitise怎么用?PHP sanitise使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sanitise函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: login
/**
* Function to login for the admin
* Function return true if the admin
* is successfully identified using provided
* username and password, Otherwise return false.
*
* @param $username
* @param $password
* @return true if successful login, otherwise false.
*/
function login($username, $password)
{
$mysqli = connecttoMysql();
$username = sanitise($username, 40);
$password = sanitise($password, 40);
//$password = sha1($password);
$result = false;
//check if there is an error connecting to database
if ($mysqli->connect_errno) {
echo "Failed to connect to MySql:-> " . $mysqli->connect_error;
}
/* Create and execute statement to get the result set/Statement Object */
if ($stmt = $mysqli->query("SELECT username, password FROM users WHERE username = '{$username}' AND password = '{$password}'")) {
//iterator to match the results
while ($row = $stmt->fetch_array(MYSQLI_ASSOC)) {
if ($row['username'] == $username && $row['password'] == $password) {
$result = true;
break;
}
}
} else {
echo "Error -> " . $mysqli->error;
$result = false;
}
$mysqli->close();
return $result;
}示例2: checklogin
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$account = sanitise('account');
$query = "INSERT INTO accounts (UserID, AccountName) VALUES ('{$user}', '{$account}')";
mysql_query($query) or die(mysql_error());
accountList($user);
accountForm();
} else {
loginform();
}示例3: checklogin
<?php
include_once '../functions.php';
checklogin();
opendb();
if ($loggedin == 1) {
$label = sanitise('label');
//Need a long list of colours!
$colourarray = array('#A00', '#0A0', '#565600', '#00A', '#0F7DEE');
$query = "SELECT * FROM labels WHERE UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
foreach ($colourarray as $key => $colour) {
if ($row['Colour'] == $colour) {
$colourarray[$key] = NULL;
}
}
}
foreach ($colourarray as $key => $colour) {
if ($pickedcolour == NULL) {
if ($colour != NULL) {
$pickedcolour = $colour;
}
}
}
$query = "INSERT INTO labels (LabelName, Colour, UserID) VALUES ('{$label}', '{$pickedcolour}', '{$user}')";
mysql_query($query) or die(mysql_error());
labellist($user);
} else {
loginform();
}示例4: checklogin
<?php
include_once 'functions.php';
checklogin();
if ($loggedin == 0) {
$email = sanitise('email', 'p');
$query = "SELECT * FROM users WHERE Email='{$email}'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
$UserID = $row['UserID'];
$key = $row['ValidationKey'];
if ($row['Validated'] == 0) {
resendvalidationkey($email, $key, $UserID);
$msg .= "We've resent your validation link to your email address. Make sure you check your spam folder too. ";
} else {
$msg .= "You've already validated your account, try logging in instead ";
}
} elseif (mysql_num_rows($result) > 1) {
$msg .= "We couldn't find your email on file. Are you sure you've registered? ";
}
}
include 'index.php';示例5: checklogin
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
$index = sanitise("i");
echo "<select id='otherparty' name='otherparty'>";
$query = "SELECT * FROM accounts WHERE UserID='{$user}' AND Archived='0' ORDER BY AccountName ASC";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
echo "<option value='ThisAccount" . $row['AccountID'] . "'>" . stripslashes($row['AccountName']) . "</option>";
}
echo "</select><span onclick=\"otherParty(" . $index . ")\" class='clickable'>Not between accounts?</span>";示例6: htmlspecialchars
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "team_series";
//check whether the form fields in the register form are set
if (isset($_POST["series_id"])) {
$seriesid = sanitise($_POST["series_id"]);
$teamone = sanitise($_POST["team_one"]);
$teamtwo = sanitise($_POST["team_two"]);
}
$query_one = "INSERT INTO {$sql_table} (SeriesId, TeamId) VALUES ('{$seriesid}', '{$teamone}')";
$query_two = "INSERT INTO {$sql_table} (SeriesId, TeamId) VALUES ('{$seriesid}', '{$teamtwo}')";
$result_one = mysqli_query($conn, $query_one);
$result_two = mysqli_query($conn, $query_two);
if ($result_one && $result_two) {
header("location:series_successful.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a valid Team ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='series_teams.php'>Go Back</a>";示例7: sanitise
public $first_name;
public $last_name;
public $location;
public $user_email;
}
function sanitise($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$first_name = sanitise($_POST['first_name']);
$last_name = sanitise($_POST['last_name']);
$location = sanitise($_POST['location']);
$user_email = sanitise($_POST['user_email']);
$user_name = $_SESSION['user_name'];
echo 'Profile of ' . $_SESSION['user_name'] . '.<br/>';
$update = "UPDATE users SET first_name='{$first_name}' WHERE user_name= '{$user_name}'";
$inserted = mysql_query($update);
$update = "UPDATE users SET last_name='{$last_name}' WHERE user_name= '{$user_name}' ";
$inserted = mysql_query($update);
$update = "UPDATE users SET location='{$location}' WHERE user_name='{$user_name}'";
$inserted = mysql_query($update);
$update = "UPDATE users SET user_email='{$user_email}' WHERE user_name= '{$user_name}'";
$inserted = mysql_query($update);
//session must change
if (!$inserted) {
echo 'Something went wrong. Please try again
later.';
} else {示例8: checklogin
<?php
include_once 'functions.php';
checklogin();
//make sure the user's logged in
if ($loggedin == 1) {
if (!isset($user)) {
$user = mysql_real_escape_string($_COOKIE['userid']);
}
$conn = opendb();
$pass = sanitise('currentpassword', 'p');
$newpass1 = sanitise('newpassword1', 'p');
$newpass2 = sanitise('newpassword2', 'p');
$query = "SELECT * FROM users WHERE UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
$hash = sha1($pass . $row['Salt']);
//check that they've provided the correct password:
if ($hash == $row['Password']) {
//check that provided passwords match:
if ($newpass1 == $newpass2) {
//check that new password is long enough:
if (strlen($newpass1) > 5) {
//generating some salty hashes:
$salt = generatesalt();
$hash = sha1($newpass1 . $salt);
//now we change their password...
$query = "UPDATE users SET Password='{$hash}', Salt='{$salt}' WHERE UserID='{$user}'";
$result = mysql_query($query) or die(mysql_error());
//tell the user that it has been sucessfull:示例9: opendb
<?php
include 'functions.php';
$conn = opendb();
$email = sanitise('email', 'p');
$pass = sanitise('password', 'p');
$repeatpass = sanitise('repeatpassword', 'p');
$msg = NULL;
if (strlen($pass) < 6) {
$msg = $msg . "Your passsword is too short! ";
}
if ($pass != $repeatpass) {
$msg = $msg . "Your passwords don't match! ";
}
if ($email == NULL || $pass == NULL || $repeatpass == NULL) {
$msg = $msg . "One of the fields is empty! ";
}
if ($msg == NULL) {
$query = "SELECT * FROM users WHERE Email='{$email}'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 0) {
$time = time() + 604800;
$salt = generatesalt();
$hash = sha1($pass . $salt);
$validationkey = sha1(generatesalt(64));
$query = "INSERT INTO users (Email, Password, Salt, ValidatedTimeout, ValidationKey, PrefCurrency, PrefPaymentMethod) VALUES ('{$email}', '{$hash}', '{$salt}', '{$time}', '{$validationkey}', '£', 'Card')";
//insrt
mysql_query($query) or die(mysql_error());
$UserID = mysql_insert_id();
$query = "INSERT INTO accounts (UserID, AccountName) VALUES ('{$UserID}', 'Current')";
mysql_query($query) or die(mysql_error());示例10: strlen
<?php
if (isset($_POST['dir_name'])) {
if ($_POST['dir_name'] !== '') {
$name = $_POST['dir_name'];
$lenght = strlen($name);
$newdir = sanitise($name, $lenght);
chdir("storage");
create_dir($newdir);
} else {
echo "Please enter the directory name";
}
}
?>
<div class="col-lg-12">
<div class="panel-body">
<form method="post" action="main.php?tab=storage&id=make_dir" class="form-inline">
<div class="form-group">
<label for="directory_name">Create Directory</label>
<input type="text" name="dir_name" class="form-control" id="directory_name" placeholder="Name">
</div>
<button type="submit" class="btn btn-default">Create</button>
</form>
</div>
</div>示例11: checklogin
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$currency = '&' . sanitise('currency') . ';';
if (isset($currency)) {
$query = "UPDATE users SET PrefCurrency='{$currency}' WHERE UserID='{$user}'";
mysql_query($query) or die(mysql_error());
echo "Success! Your currency has been changed to " . $currency;
}
} else {
loginform();
}示例12: sanitise
$sql_table = "match_team_details";
//check whether the form fields in the register form are set
if (isset($_POST["match_id"])) {
$matchid = sanitise($_POST["match_id"]);
$teamoneid = sanitise($_POST["teamone_id"]);
$teamonescore = sanitise($_POST["teamone_score"]);
$teamoneovers = sanitise($_POST["teamone_overs"]);
$teamonewickets = sanitise($_POST["teamone_wickets"]);
$teamonetoss = sanitise($_POST["teamone_toss"]);
$teamonewon = sanitise($_POST["teamone_won"]);
$teamtwoid = sanitise($_POST["teamtwo_id"]);
$teamtwoscore = sanitise($_POST["teamtwo_score"]);
$teamtwoovers = sanitise($_POST["teamtwo_overs"]);
$teamtwowickets = sanitise($_POST["teamtwo_wickets"]);
$teamtwotoss = sanitise($_POST["teamtwo_toss"]);
$teamtwowon = sanitise($_POST["teamtwo_won"]);
}
$query_one = "INSERT INTO {$sql_table} (MatchId, TeamId, TeamToss, TeamScore, TeamOvers, TeamWickets, TeamWon) VALUES ('{$matchid}', '{$teamoneid}','{$teamonetoss}', '{$teamonescore}', '{$teamoneovers}', '{$teamonewickets}', '{$teamonewon}')";
$query_two = "INSERT INTO {$sql_table} (MatchId, TeamId, TeamToss, TeamScore, TeamOvers, TeamWickets, TeamWon) VALUES ('{$matchid}', '{$teamtwoid}','{$teamtwotoss}', '{$teamtwoscore}', '{$teamtwoovers}', '{$teamtwowickets}', '{$teamtwowon}')";
$result_one = mysqli_query($conn, $query_one);
$result_two = mysqli_query($conn, $query_two);
if ($result_one && $result_two) {
header("location:matchess_player_details.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Oops! seems like you did not enter something right!</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='matches_team_details.php'>Go Back</a>";示例13: checklogin
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$account = sanitise('id');
$archive = sanitise('archive');
checkAccount($user, $account, 0);
$query = "UPDATE accounts SET Archived='{$archive}' WHERE AccountID='{$account}'";
mysql_query($query) or die(mysql_error());
$query = "SELECT * FROM accounts WHERE AccountID='{$account}'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
accountInList($row['AccountID'], $row['AccountName'], $archive);
}示例14: htmlspecialchars
$data = htmlspecialchars($data);
return $data;
}
class Purchase
{
public $credit;
public $item;
public $stock;
public $date_purchased;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$post_purchase = new Purchase();
$credit = sanitise($_POST["purchase_credit"]);
$post_purchase->item = sanitise($_POST["purchase_item "]);
$post_purchase->quantity = sanitise($_POST["purchase_quantity"]);
$post_purchase->date_purchased = sanitise($_POST["purchase_date"]);
$valid = true;
$Errorcode = "";
if (empty($post_purchase->credit)) {
$valid = false;
$Errorcode = "card number empty";
}
$rows = mysql_query("SELECT * purchase WHERE credit = {$credit};");
for ($i = 0; $i < mysql_num_rows($rows); $i++) {
$credit = mysql_result($rows, $i, "purchase_credit");
$item = mysql_result($rows, $i, "purchase_item");
$quantity = mysql_result($rows, $i, "purchase_quantity");
$date_purchased = mysql_result($rows, $i, "purchase_date");
echo "<tr>";
echo "<td>{$credit}</td>";
echo "<td>{$item}</td>";示例15: stripslashes
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
require_once "settings.php";
//connection info
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
// not in production script
} else {
$sql_table = "series";
//check whether the form fields in the register form are set
if (isset($_POST["series_id"])) {
$serieswinner = sanitise($_POST["series_winner"]);
$seriesid = sanitise($_POST["series_id"]);
}
$query_one = "UPDATE {$sql_table} SET SeriesWinner = '{$serieswinner}' WHERE SeriesId = '{$seriesid}'";
$result_one = mysqli_query($conn, $query_one);
if ($result_one) {
header("location:series_winner.php");
} else {
echo "<section id='main' class='wrapper'>";
echo "<div class='container'>";
echo "<header class='major'>";
echo "<h4>Please Enter a valid Series and Team ID</h4>";
echo "</header>";
echo "<div class='container 25%'>";
echo "<a class='button fit' href='series_winner.php'>Go Back</a>";
echo "</div>";
//header("location:index.php");