本文整理汇总了PHP中sanitize_input函数的典型用法代码示例。如果您正苦于以下问题:PHP sanitize_input函数的具体用法?PHP sanitize_input怎么用?PHP sanitize_input使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sanitize_input函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: add
function add($user_id, $object_type = NULL, $object_id = NULL, $action, $params = NULL)
{
// Add a new entry to the log
global $mysqli;
$user_id = sanitize_input($user_id);
$object_type = sanitize_input($object_type);
$object_id = sanitize_input($object_id);
$action = sanitize_input($action);
$params = sanitize_input($params);
$sql = "INSERT INTO log SET user_id = {$user_id}, object_type = {$object_type}, object_id = {$object_id}, action = {$action}, params = {$params}";
$query = mysqli_query($mysqli, $sql);
}示例2: check_form
function check_form($form_name)
{
// get form
$form = $GLOBALS[$form_name . "_form"];
// check for presence of input
$sanitized_input = sanitize_input($form);
// put input to the right format for treatment
$formatted_input = format_input_forward($sanitized_input, $form);
// save input in case of error
$_SESSION[$form_name . "_form"] = $formatted_input;
// validate input correctness; redirects if not valid
validate_formatted_input($formatted_input, $form);
// unset now useless session variable
unset($_SESSION[$form_name . "_form"]);
// replace $_POST variable with input nicely structured
$_POST = structured_input($formatted_input, $form);
}示例3: list_all
public static function list_all($limit = 10, $offset = 0)
{
global $mysqli;
$config = new Config();
$sql = "SELECT `id` FROM `{$config->database->{$config->site_identifier}->prefix}likes` ORDER BY `date` DESC";
// Limit string
$limit = sanitize_input($limit);
$sql .= " LIMIT {$limit}";
// Offset string
$offset = sanitize_input($offset);
$sql .= " OFFSET {$offset}";
// Get likes
$query = mysqli_query($mysqli, $sql);
// Loop through likes, fetching objects
$likes = array();
while ($query && ($result = mysqli_fetch_assoc($query))) {
$likes[] = Like::get_by_id($result['id']);
}
return $likes;
}示例4: database_user_login
function database_user_login($username, $password)
{
global $mysqli;
$username = sanitize_input($username);
$password = sanitize_input($password);
$userID = database_get_userID($username);
$q = "SELECT password FROM users WHERE userID='{$userID}'";
$result = mysqli_query($mysqli, $q);
$row = mysqli_fetch_array($result);
$datapass = $row['password'];
// If the database password and the passed in password are the same
// the user is verified. Otherwise, return 0.
if (validate_password($password, $datapass)) {
set_user_logged_in($userID);
} else {
set_user_logged_out();
$userID = 0;
}
return $userID;
}示例5: database_get_user_posts
function database_get_user_posts($userID)
{
global $mysqli;
$userID = sanitize_input($userID);
$posts = "";
$q = "SELECT message,timestamp FROM posts WHERE userID='{$userID}' ORDER BY timestamp DESC";
$result = mysqli_query($mysqli, $q);
while ($row = mysqli_fetch_array($result)) {
$message = stripslashes($row['message']);
$timestamp = "<b>" . $row['timestamp'] . "</b>";
$posts = $posts . $timestamp . ":<br>" . $message . "<br /><br />";
}
return $posts;
}示例6: intval
$comment = "";
if (isset($_GET['performanceId'])) {
$performanceId = intval($_GET['performanceId']);
}
if (isset($_GET['artistId'])) {
$artistId = intval($_GET['artistId']);
}
if ($_GET['action'] == "editcomment" && isset($_GET['commentId'])) {
$commentId = intval($_GET['commentId']);
$details = get_comment_by_id($commentId);
$comment = $details['comment'];
$performanceId = $details['performanceId'] == null ? -1 : $details['performanceId'];
$artistId = $details['artistId'] == null ? -1 : $details['artistId'];
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$comment = sanitize_input($_POST['comment']);
$performanceId = intval($_POST['performanceId']);
$artistId = intval($_POST['artistId']);
if (isset($_POST['commentId'])) {
$commentId = intval($_POST['commentId']);
}
$has_error = false;
if (!$has_error) {
// Successful
$postDate = date("Y-m-d");
if ($artistId != -1) {
$redirect_page = "artists.php?action=details&id=" . $artistId;
} else {
if ($performanceId != -1) {
$redirect_page = "performance.php?action=details&id=" . $performanceId;
} else {示例7: checkPostResult
function checkPostResult()
{
global $REPDATA;
$REPDATA = new_repdata();
$REPDATA["id"] = sanitize_input($_POST["reportid"]);
$REPDATA["date"] = sanitize_input($_POST["date"]);
$REPDATA["time"] = sanitize_input($_POST["time"]);
$REPDATA["sightingType"] = isset($_POST["type"]) ? sanitize_input($_POST["type"]) : null;
$REPDATA["comments"] = sanitize_input($_POST["comments"]);
$REPDATA["email"] = sanitize_input($_POST["email"]);
$REPDATA["latitude"] = sanitize_input($_POST["latitude"]);
$REPDATA["longitude"] = sanitize_input($_POST["longitude"]);
$errors = array();
if (empty($REPDATA["time"])) {
$errors["time"] = "Time is a required field";
}
if (empty($REPDATA["sightingType"])) {
$errors["type"] = "Please select 'sighting' or 'encounter'";
}
//if (empty($REPDATA["email"])) $errors["email"] = "Please provide your email";
$REPDATA["errors"] = $errors;
db_checkOrphan();
// this may change $REPDATA["id"]
return count($errors) == 0;
}示例8: intval
$joinDate_error = "";
$leaveDate = "";
$leaveDate_error = "";
$name = "";
$name_error = "";
if ($_GET['action'] == "editmember" && isset($_GET['memberId'])) {
$memberId = intval($_GET['memberId']);
$details = get_member_details($memberId);
$joinDate = $details['joinDate'];
$leaveDate = $details['leaveDate'];
$name = $details['name'];
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$joinDate = sanitize_input($_POST['joinDate']);
$leaveDate = sanitize_input($_POST['leaveDate']);
$name = sanitize_input($_POST['name']);
$artistId = intval($_POST['artistId']);
if (isset($_POST['memberId'])) {
$memberId = intval($_POST['memberId']);
}
$has_error = false;
if (!$has_error) {
// Successful
if ($memberId == -1) {
$ret = add_member_to_artist($artistId, $joinDate, $leaveDate, $name);
} else {
$ret = update_member($memberId, $artistId, $joinDate, $leaveDate, $name);
}
if (!$has_error) {
header('Location: artists.php?action=details&id=' . $artistId, true);
die;示例9: intval
$duration = "";
$duration_error = "";
$track_number = "";
$track_number_error = "";
if ($_GET['action'] == "editsong" && isset($_GET['songId'])) {
$songId = intval($_GET['songId']);
$details = get_song($songId, $albumId);
$title = $details['title'];
$duration = $details['duration'];
$track_number = $details['track_number'];
$artistId = $details['artistId'];
}
$origArtistId = $artistId;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$artistId = intval($_POST['artistid']);
$title = sanitize_input($_POST['title']);
$duration = doubleval($_POST['duration']);
$track_number = intval($_POST['track_number']);
$albumId = intval($_POST['albumId']);
if (isset($_POST['songId'])) {
$songId = intval($_POST['songId']);
}
$has_error = false;
if (empty($title)) {
$title_error = "Title cannot be empty";
$has_error = true;
}
if (empty($duration)) {
$duration_error = "Duration cannot be empty";
$has_error = true;
}示例10: update_item
public static function update_item($id, $title = NULL, $byline = NULL, $content = NULL, $status = 1)
{
global $mysqli;
$config = new Config();
$id = sanitize_input($id);
$update_string = '';
if ($title != NULL) {
$title = sanitize_input($title);
$update_string .= "title = {$title}, ";
}
if ($content != NULL) {
$content = sanitize_input($content);
$update_string .= "content = {$content}, ";
}
$status = sanitize_input($status);
$update_string .= "status = {$status}";
$sql = "UPDATE `{$config->database->{$config->site_identifier}->prefix}items` SET {$update_string} WHERE id = {$id}";
$query = mysqli_query($mysqli, $sql);
}示例11: session_start
requires mySQL access
-->
<?php
session_start();
// We'll keep some variables across pages
include_once 'header.php';
// header info (CSS, etc) is consistent. This will make updating style easier. I think.
include_once 'GetPoints.php';
// Functions used to collect points information
?>
<body>
<div id="container">
<h1> Chapin Hall Points - View Points </h1>
<?php
$netid = strtolower(sanitize_input($_POST['netid']));
$name = GetName($netid);
// This returns 'INVALID_NETID' if it fails to find a single record
if ($name != 'INVALID_NETID') {
$currentmonth = date('n');
// n is format symbol for numerical month, no leading zeros
$currentyear = date('Y');
// Y is format symbol for numerical year, 4 digits
// if it's July or later, we can assume it's fall quarter, and the year is correct.
// If it's earlier than that, it's winter or spring, and the current year is not
// the same as the school year as held by the database (That is defined as the year of fall quarter)
// (See 'AdminSetDates.php for clarification if this doesn't make sense)
if ($currentmonth <= 7) {
$currentyear--;
// the year of fall quarter was the numerical year before 'now'
}示例12: check_password_reset_code
public static function check_password_reset_code($code)
{
global $mysqli;
$config = new Config();
$code = sanitize_input($code);
$sql = "SELECT `user_id` AS id FROM `{$config->database->{$config->site_identifier}->prefix}users_password_reset` WHERE `reset_code` = {$code} AND `date` > DATE_SUB(NOW(), INTERVAL 1 DAY) ORDER BY `date` DESC";
$query = mysqli_query($mysqli, $sql);
$user = mysqli_fetch_assoc($query);
return isset($user['id']) ? $user['id'] : FALSE;
}示例13: sanitize_input
$email = $profile['email'];
$firstname = $profile['firstName'];
$lastname = $profile['lastName'];
$age = $profile['age'];
$zipcode = $profile['zipcode'];
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_GET['action']) && $_GET['action'] == "update" && isset($_GET['id'])) {
$username = $_SESSION['username'];
} else {
$username = sanitize_input($_POST['username']);
}
$email = sanitize_input($_POST['email']);
$password = sanitize_input($_POST['password']);
$firstname = sanitize_input($_POST['firstname']);
$lastname = sanitize_input($_POST['lastname']);
$age = intval($_POST['age']);
$zipcode = intval($_POST['zipcode']);
$has_error = false;
if (empty($username)) {
$username_error = "Username cannot be empty";
$has_error = true;
}
if (empty($email)) {
$email_error = "Email cannot be empty";
$has_error = true;
}
if (empty($password)) {
$password_error = "Password cannot be empty";
$has_error = true;
}示例14: cat
$res = cat(sanitize_input($_GET['file']));
}
break;
case 'head':
if (isset($_GET['file'])) {
isset($_GET['lines']) and $lines = sanitize_input($_GET['lines']) or $lines = 10;
$res = catN(sanitize_input($_GET['file']), $lines);
}
break;
case 'file':
if (isset($_GET['file'])) {
$res = fileinfo(sanitize_input($_GET['file']));
}
break;
case 'info':
if (isset($_GET['dir'])) {
$res = showinfo(sanitize_input($_GET['dir']));
} else {
$res = showinfo('.');
}
break;
/*case 'grep': if (isset($_GET['dir']) and isset($_GET['expr'])) {
$res = grep($_GET['dir'],$_GET['expr']);
}
break;*/
}
$res[1] = sanitize_output($res[1]);
//debug: error_log(implode(" ",$res));
echo json_encode($res);
}示例15: check_code_valid
public static function check_code_valid($code, $email)
{
global $mysqli;
$config = new Config();
if ($code == '') {
return false;
}
$code = sanitize_input($code);
$email = sanitize_input($email);
$sql = "SELECT `result` FROM `{$config->database->{$config->site_identifier}->prefix}invites` WHERE `code` = {$code} AND `email` = {$email}";
$query = mysqli_query($mysqli, $sql);
$status = mysqli_num_rows($query);
if ($status > 0) {
return true;
} else {
return false;
}
}