本文整理汇总了PHP中sanitizeMySQL函数的典型用法代码示例。如果您正苦于以下问题:PHP sanitizeMySQL函数的具体用法?PHP sanitizeMySQL怎么用?PHP sanitizeMySQL使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sanitizeMySQL函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: formatSearchString
function formatSearchString($var)
{
$var = sanitizeString($var);
$var = sanitizeMySQL($var);
//separate out search words by any number of commas or
//space characters which include " ",\r,\t,\n and \f
$words = preg_split('/[\\s,]+/', $var);
$num = count($words);
for ($i = 0; $i < $num; ++$i) {
//all alphabetic characters stored in uppercase
$words[$i] = strtoupper($words[$i]);
}
$var = implode(" +", $words);
$var = "+" . $var;
return $var;
}示例2: sanitizeMySQL
<?php
include 'database.php';
?>
<?php
// this scripts updates an exisiting record based on the id
if (isset($_POST['id']) && isset($_POST['task'])) {
// sanitizeMySQL() is a custom function, written below
// these values came from the form
$id = sanitizeMySQL($conn, $_POST['id']);
$task = sanitizeMySQL($conn, $_POST['task']);
$importance = sanitizeMySQL($conn, $_POST['importance']);
$length = sanitizeMySQL($conn, $_POST['length']);
$due = sanitizeMySQL($conn, $_POST['due']);
// the prepared statement - note: question marks represent
// variables we will send to database separately
// we don't check which fields the user changed - we just update all
$query = "UPDATE list SET task = ?,\n importance = ?,\n length = ?,\n due = ?\n WHERE id = ?";
// prepare the statement in db
if ($stmt = mysqli_prepare($conn, $query)) {
// bind the values to replace the question marks
// the order matters! so id is at end!
// note that 7 letters in 'sssidsi' MUST MATCH data types in table
// Type specification chars:
// i - integer, s - string , d - double (decimal), b - blob
mysqli_stmt_bind_param($stmt, 'ssisi', $task, $importance, $length, $due, $id);
// executes the prepared statement with the values already set, above
mysqli_stmt_execute($stmt);
// close the prepared statement
mysqli_stmt_close($stmt);示例3: sanitizeMySQL
<?php
include 'database.php';
?>
<?php
function sanitizeMySQL($conn, $var)
{
$var = strip_tags($var);
$var = mysqli_real_escape_string($conn, $var);
return $var;
}
if (isset($_POST['language'])) {
$language = sanitizeMySQL($conn, $_POST['language']);
$query = "SELECT * FROM slangdata WHERE language = ?";
if ($stmt = mysqli_prepare($conn, $query)) {
mysqli_stmt_bind_param($stmt, 's', $language);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id, $language, $word, $pronunciation, $translation, $example, $notes, $nsfw);
while (mysqli_stmt_fetch($stmt)) {
printf("<div class='%s'>", $nsfw);
printf("<p><span class='word'>%s</span>", stripslashes($word));
printf("<span class='pronounce'> %s </span></p>", stripslashes($pronunciation));
printf("<p class='translation'>%s</p>", stripslashes($translation));
printf("<p id='notes'>%s</p>", stripslashes($notes));
printf("<p id='ex'>%s</p>", stripslashes($example));
printf("<p class='%s'></p></div>", $nsfw);
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}示例4: sanitizeMySQL
if (isset($_POST['id'])) {
?>
<!-- write into the HTML - table headings -->
<table class="table table-hover">
<tr>
<th>Task</th>
<th>Importance</th>
<th>Length</th>
<th>Due</th>
</tr>
<tr>
<?php
// this calls the function above to make sure id is clean
$id = sanitizeMySQL($conn, $_POST['id']);
// get the row indicated by the id
$query = "SELECT * FROM list WHERE id = ?";
// another if-statement inside the first one ensures that
// code runs only if the statement was prepared
if ($stmt = mysqli_prepare($conn, $query)) {
// bind the id that came from inventory_update.php
mysqli_stmt_bind_param($stmt, 'i', $id);
// execute the prepared statement
mysqli_stmt_execute($stmt);
// next line handles the row that was selected - all fields
// it is "_result" because it is the result of the query
mysqli_stmt_bind_result($stmt, $id, $task, $importance, $length, $due);
// handle the data we fetched with the SELECT statement ...
while (mysqli_stmt_fetch($stmt)) {
// another way to write variables into the HTML!示例5: session_start
* If ok - login and go to index.html
* if not - display error message
*/
session_start();
require_once "functions/function.inputSanitizer.inc.php";
require_once "classes/class.User.inc.php";
require_once "classes/class.DbConnect.inc.php";
require_once "functions/function.inputSanitizer.inc.php";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$db = Conn::getInstance();
$conn = $db->getConnection();
$user = new User($conn);
$email = sanitizeMySQL($conn, $_POST['userEmail']);
$password = sanitizeMySQL($conn, $_POST['userPassword']);
$password2 = sanitizeMySQL($conn, $_POST['userPassword2']);
$nick = sanitizeMySQL($conn, $_POST['userNick']);
if (strlen($nick) < 4) {
echo "Twój nick musi mieć długość conajmniej 4 znaków!";
} elseif (strlen($password) < 6) {
echo "Twoje hasło musi mieć conajmniej 6 znaków! (a-z, A-Z, 0-9)";
} elseif ($password !== $password2) {
echo "Podałeś różne hasła! Spróbuj ponownie.";
} else {
if ($user->registerUser($email, $password, $nick)) {
header("Location: index.php");
} else {
echo "Nie udało się zarejestrować użytkownika";
}
}
}
?>示例6: sanitizeString
$var = sanitizeString($var);
return $var;
}
if (isset($_POST['submit'])) {
//check if the form has been submitted
if (empty($_POST['favoritegraphicnovel']) || empty($_POST['age']) || empty($_POST['gender']) || empty($_POST['genre'])) {
echo "<center><p>Please fill out all of the form fields!</p></center>";
} else {
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) {
die($conn->connect_error);
}
$favoritegraphicnovel = sanitizeMySQL($conn, $_POST['favoritegraphicnovel']);
$age = sanitizeMySQL($conn, $_POST['age']);
$gender = sanitizeMySQL($conn, $_POST['gender']);
$genre = sanitizeMySQL($conn, $_POST['genre']);
$query = "INSERT INTO user_information(user_id,user_age,user_gender,user_genre) VALUES(NULL,\"{$age}\", \"{$gender}\", \"{$genre}\") ";
$result = $conn->query($query);
$theid = $conn->insert_id;
$query2 = "INSERT INTO user_graphic(user_id2,graphic_novel) VALUES({$theid},\"{$favoritegraphicnovel}\")";
$_SESSION['favoritegraphicnovel2'] = $favoritegraphicnovel;
$_SESSION['age2'] = $age;
$_SESSION['gender2'] = $gender;
$_SESSION['genre2'] = $genre;
$result2 = $conn->query($query2);
if (!$result) {
echo "<p>Database access failed</p>";
die("Database access failed: " . $conn->error);
} else {
header("Location: results.php");
}示例7: sanitizeString
require_once 'similarusers.php';
require_once 'basedonstats.php';
function sanitizeString($var)
{
$var = stripslashes($var);
$var = strip_tags($var);
$var = htmlentities($var);
return $var;
}
function sanitizeMySQL($connection, $var)
{
$var = $connection->real_escape_string($var);
$var = sanitizeString($var);
return $var;
}
$favoritegraphicnovel3 = sanitizeMySQL($conn, $_SESSION["favoritegraphicnovel2"]);
echo "<br>";
echo "<p>Since you liked " . $favoritegraphicnovel3 . "...</p>";
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) {
die($conn->connect_error);
}
# This query will do two things - first get the book_id of the baook they submitted
# then use that in a query to get all the recs from the recs table
# then we don't have to have those big chunks of code where you're hard-coding
# every book title and what to do (that is impossible to maintain once you get more
# than a handful of books)
$query = "SELECT books.books_title,books.books_author,books.books_link FROM books JOIN recs ON\nbooks.books_id=recs.recs_id WHERE recs.id_number LIKE \n(SELECT books_id FROM books WHERE books_title LIKE \"%" . $_SESSION["favoritegraphicnovel2"] . "%\")";
$result = $conn->query($query);
if (!$result) {
die("Database access failed: " . $conn->error);示例8: mysqli
</head>
<title>Game of Thrones - View Character</title>
<body>
<?php
/*include files*/
include_once 'header.php';
require_once 'login.php';
/*Create connection*/
$conn = new mysqli($hn, $un, $pw, $db);
/*Check connection*/
if ($conn->connect_error) {
die($conn->connect_error);
}
/*Get character*/
if (isset($_GET['id'])) {
$id = sanitizeMySQL($conn, $_GET['id']);
/*Database query*/
$query = "SELECT * FROM characters WHERE characterID=" . $id;
$result = $conn->query($query);
if (!$result) {
die("Invalid character id.");
}
$rows = $result->num_rows;
/*Is ID valid?*/
if ($rows == 0) {
echo "No character found with id of {$id}<br>";
} else {
while ($row = $result->fetch_assoc()) {
/*Query result is displayed*/
echo "<table><tr><th>ID</th><th>Frist Name</th><th>Last Name</th><th>Also known as</th><th>Origin</th><th>Affiliation</th><th>Role</th></tr>";
echo '<tr>';示例9: mysqli
require_once 'includes/login.php';
require_once 'includes/functions.php';
if (isset($_POST['submit'])) {
//check if the form has been submitted
if (empty($_POST['user_name']) || empty($_POST['password']) || empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email'])) {
$message = '<p>Please fill out all of the form fields!</p>';
} else {
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) {
die($conn->connect_error);
}
$user_name = sanitizeMySQL($conn, $_POST['user_name']);
$password = sanitizeMySQL($conn, $_POST['password']);
$first_name = sanitizeMySQL($conn, $_POST['first_name']);
$last_name = sanitizeMySQL($conn, $_POST['last_name']);
$email = sanitizeMySQL($conn, $_POST['email']);
$salt1 = "rI3l*";
$salt2 = "@6HgY";
$token = hash('ripemd128', $salt1 . $password . $salt2);
$query = "INSERT INTO users (`user_name`, `password`, `first_name`, `last_name`, `email`) VALUES('{$user_name}', '{$token}', '{$first_name}', '{$last_name}', '{$email}' )";
$result = $conn->query($query);
if (!$result) {
die("database access failed: " . $conn->error);
} else {
$goto = '/Haunted-ILS/sign_in.php';
header('Location: ' . $goto);
}
}
}
?>
示例10: mysql_entities_fix_string
function mysql_entities_fix_string($conn, $string)
{
return htmlentities(sanitizeMySQL($conn, $string));
}示例11: mysqli
<?php
include_once 'header.php';
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) {
die($conn->connect_error);
}
?>
<div id="chefpage">
<?php
//Retrieve selected chef
if (isset($_GET['Chef_ID'])) {
$chefid = sanitizeMySQL($conn, $_GET['Chef_ID']);
$query = "SELECT Chefs.*,Family_Members.* FROM Chefs NATURAL JOIN Family_Members WHERE Chefs.Chef_ID=" . $chefid;
$result = $conn->query($query);
if (!$result) {
die("Invalid chef id.");
}
$rows = $result->num_rows;
//checks to see if chef id is valid
if ($rows == 0) {
echo "<p class=\\'error\\'> No chef found with id of {$chefid}<br></p>";
} elseif ($rows > 0) {
while ($row = $result->fetch_assoc()) {
echo '<div class=\'chef\'><h2 class=\'subtitle\'>' . $row['First_Name'] . " " . $row['Last_Name'] . '</h2>';
echo "<div><img src=\"images/" . $row['Image_Path'] . "\" alt=\"chef photo\"width=\"250\" height=\"250\"></img></div></div>";
//Loop through and find chef's recipes
$query2 = "SELECT Recipe_ID, Title FROM Recipe_Information WHERE Chef_ID=" . $chefid;
$result2 = $conn->query($query2);
if (!$result2) {示例12: VALUES
include 'database.php';
?>
<?php
if (isset($_POST['tags'])) {
//Insert a new video entry and bind its id to $video_id
$query = "INSERT INTO videos VALUES (NULL)";
$stmt = mysqli_prepare($conn, $query);
mysqli_stmt_execute($stmt);
$result = mysqli_query($conn, "SELECT id FROM videos ORDER BY ID DESC LIMIT 1");
$row = mysqli_fetch_assoc($result);
$video_id = $row['id'];
mysqli_stmt_close($stmt);
//Retrieve relevant tag IDs
$tags = explode("|", sanitizeMySQL($conn, $_POST['tags']));
$tag_ids = array();
for ($i = 0; $i < count($tags); $i++) {
$query = "SELECT id FROM tags WHERE name=?";
$stmt = mysqli_prepare($conn, $query);
mysqli_stmt_bind_param($stmt, 's', stripslashes($tags[$i]));
mysqli_stmt_execute($stmt);
$result;
mysqli_stmt_bind_result($stmt, $result);
mysqli_stmt_fetch($stmt);
array_push($tag_ids, $result);
mysqli_stmt_close($stmt);
}
//Insert new relations entries
foreach ($tag_ids as $tag_id) {
$query = "INSERT INTO relations VALUES ({$video_id}, {$tag_id})";示例13: header
<?php
if ($_SERVER['REQUEST_METHOD'] = 'POST' && isset($_POST['editUser'])) {
if ($_POST['editUser'] == 'nick') {
if (strlen($_POST['newNick']) < 4) {
echo "Podałeś zbyt krótki nick!";
} else {
if ($user->updateNick(sanitizeMySQL($conn, $_POST['newNick']))) {
header("Location: userEdit.php");
//Refresh page to view updated user name
}
}
} elseif ($_POST['editUser'] == 'password') {
if ($_POST['newPassword1'] !== $_POST['newPassword2']) {
echo "Nowe hasła są różne! Spróbuj jeszcze raz";
} elseif (strlen($_POST['newPassword1']) < 6) {
echo "Twoje nowe hasło jest za krótkie!";
} else {
if ($user->updatePassword(sanitizeMySQL($conn, $_POST['oldPassword']), sanitizeMySQL($conn, $_POST['newPassword1']))) {
echo "Hasło zmienione!";
} else {
echo "Hasło nie zmienione!";
}
}
} elseif ($_POST['editUser'] == 'delete') {
#TODO implement user prompt "ARE YOU SURE?"
$user->deleteUser();
header("Location: index.php");
}
}示例14: sanitizeMySQL
?>
<?php
// this scripts updates an exisiting record based on the id
if (isset($_POST(['id'])) && isset($_POST(['name']))) {
// sanitizeMySQL() is a custom function, written below
// these values came from the form
$id = sanitizeMySQL($conn, $_POST(['id']));
$month = sanitizeMySQL($conn, $_POST(['month']));
$day = sanitizeMySQL($conn, $_POST(['day']));
$year = sanitizeMySQL($conn, $_POST(['year']));
$location = sanitizeMySQL($conn, $_POST(['location']));
$temperature_high = sanitizeMySQL($conn, $_POST(['temperature_high']));
$temperature_low = sanitizeMySQL($conn, $_POST(['temperature_low']));
$conditions = sanitizeMySQL($conn, $_POST(['conditions']));
$rainfall = sanitizeMySQL($conn, $_POST(['rainfall']));
// create a new PHP timestamp
date_default_timezone_set('America/New_York');
$date = date('m-d-Y', time());
// the prepared statement - note: question marks represent
// variables we will send to database separately
// we don't check which fields the user changed - we just update all
$query = "UPDATE weather SET month = ?,\n day = ?,\n year = ?,\n location = ?,\n temperature_high = ?,\n temperature_low = ?,\n conditions = ?,\n rainfall = ?\n WHERE id = ?";
// prepare the statement in db
if ($stmt = mysqli_prepare($conn, $query)) {
// bind the values to replace the question marks
// the order matters! so id is at end!
// note that 7 letters in 'sssidsi' MUST MATCH data types in table
// Type specification chars:
// i - integer, s - string , d - double (decimal), b - blob
mysqli_stmt_bind_param($stmt, 'ssssssssi', $month, $day, $year, $location, $temperature_high, $temperature_low, $conditions, $rainfall, $id);示例15: session_start
<!DOCTYPE html>
<?php
session_start();
include_once 'C:\\xampp\\htdocs\\finalMcCabe\\includes\\header1215.php';
require_once 'C:\\xampp\\htdocs\\finalMcCabe\\includes\\login.php';
require_once 'C:\\xampp\\htdocs\\finalMcCabe\\includes\\functions.php';
if (isset($_POST['submit'])) {
if (empty($_POST['region'])) {
$message = '<p class="error">Please select a region</p>';
} else {
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) {
die($conn->connect_error);
}
$region = sanitizeMySQL($conn, $_POST['region']);
$query = "SELECT title, language, countryDisplay FROM titles WHERE region = {$region} NATURAL JOIN ON countryCode";
$result = $conn->query($query);
if (!$result) {
die("Database access failed: " . $conn->error);
} else {
$message = "<p class=\"message\">Here are some translated reads from {$region} : " . $result;
}
}
}
?>
<html>
<head>
<title>Regions</title>
</head>