本文整理汇总了PHP中sqlEscape函数的典型用法代码示例。如果您正苦于以下问题:PHP sqlEscape函数的具体用法?PHP sqlEscape怎么用?PHP sqlEscape使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sqlEscape函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: loadPage
function loadPage($url)
{
global $MARKET_mode;
if ($this->options['enable_pages']) {
if (preg_match('@^\\d+$@', $url)) {
$sql = "SELECT page_template.name AS template_name, page.id, title, summary, text, is_type, market_user.name, market_user.surname, market_user.user_email, DATE_FORMAT(updated, '%d/%m/%Y %H:%i') AS date FROM page LEFT JOIN page_ml USING (id) LEFT JOIN page_ps USING (id) LEFT JOIN market_user ON market_user.user_id=creator LEFT JOIN page_template ON page_template.id=page_template_id WHERE page.id='" . sqlEscape($url) . "' AND publish='1' AND page_ml.lang='" . MARKET_LANG . "'";
} else {
$sql = "SELECT page_template.name AS template_name, page.id, title, summary, text, is_type, market_user.name, market_user.surname, market_user.user_email, DATE_FORMAT(updated, '%d/%m/%Y %H:%i') AS date FROM page LEFT JOIN page_ml USING (id) LEFT JOIN page_ps USING (id) LEFT JOIN market_user ON market_user.user_id=creator LEFT JOIN page_template ON page_template.id=page_template_id WHERE url='" . sqlEscape($url) . "' AND publish='1' AND page_ml.lang='" . MARKET_LANG . "'";
}
if (sqlQuery($sql, $res)) {
$row = sqlFetchAssoc($res);
$this->assignGlobal(array('PAGE.Id' => $row['id'], 'PAGE.Summary' => $row['summary'], 'PAGE.Title' => $row['title'], 'PAGE.Text' => $row['text'], 'PAGE.Author' => $row['name'] . ' ' . $row['surname'] . ', ' . MARKET_Filter::noSpam($row['email']), 'PAGE.Mtime' => $row['date']));
if ($row['is_type'] == 'passthrough') {
return substr($url, 0, strrpos($url, '.'));
} else {
if ($row['is_type'] == 'template') {
$tname = substr($url, 0, strrpos($url, '.'));
$this->preParseTemplate($tname, explode("\n", $row['text']));
$this->parseTemplate('PAGE.Text', $tname, MARKET_DO_NOT_APPEND);
}
}
return $row['template_name'];
}
}
return preg_replace('@\\.html$@', '', $url);
}示例2: sendResetEmail
function sendResetEmail( $username ) {
$username = sqlEscape( $username );
$sql = "SELECT * FROM users WHERE username='$username'";
$result = tmbo_query( $sql );
if( mysql_num_rows( $result ) == 1 ) {
$row = mysql_fetch_assoc( $result );
$code = hashFromUserRow( $row );
$message = "Someone (hopefully you) wants to reset your [this might be offensive] password. To reset your password, please visit the following link:
https://".$_SERVER['HTTP_HOST']."/offensive/pwreset.php?x=$code
";
if( isValidEmail( $row['email'] ) ) {
mail( $row['email'], "resetting your [this might be offensive] password", $message, "From: offensive@thismight.be (this might be offensive)\r\n"/*bcc:ray@mysocalled.com"*/) or trigger_error("could not send email", E_USER_ERROR);
echo "An email has been sent containing instructions for resetting your password.";
}
else {
echo "Unfortunately, we don't have a valid email address for that account. There's nothing we can do for you.";
}
}
}示例3: getReferrerId
function getReferrerId( $refcode ) {
$sql = "SELECT * FROM referrals WHERE referral_code = '".sqlEscape($refcode)."' LIMIT 1";
$result = tmbo_query( $sql );
if( mysql_num_rows( $result ) == 1 ) {
$row = mysql_fetch_assoc( $result );
return $row['userid'];
}
return -1;
}示例4: saveUserData
function saveUserData($var, $val)
{
if ($_SESSION['User']['is_loggedin']) {
if ($val) {
$_SESSION['User']['data'][$var] = $val;
} else {
unset($_SESSION['User']['data'][$var]);
}
$sql = "UPDATE market_user SET data='" . sqlEscape(serialize($_SESSION['User']['data'])) . "' WHERE user_id='" . $_SESSION['User']['user_id'] . "'";
sqlQuery($sql, $res, EXT_DEBUG);
return true;
}
return false;
}示例5: sqlEscape
$update_category = true;
}
if ($_POST['existing_service'][$i]["'description'"] !== $check_services[$i]['name']) {
$new_description = sqlEscape($_POST['existing_service'][$i]["'description'"]);
$update_description_text .= " WHEN {$current} THEN '{$new_description}'";
$rowsToUpdate .= $current . ',';
$update_description = true;
}
if ($_POST['existing_service'][$i]["'price'"] !== $check_services[$i]['price']) {
$new_price = sqlEscape($_POST['existing_service'][$i]["'price'"]);
$update_price_text .= " WHEN {$current} THEN {$new_price}";
$rowsToUpdate .= $current . ',';
$update_price = true;
}
if ($_POST['existing_service'][$i]["'time'"] !== $check_services[$i]['time']) {
$new_time = sqlEscape($_POST['existing_service'][$i]["'time'"]);
$update_time_text .= " WHEN {$current} THEN {$new_time}";
$rowsToUpdate .= $current . ',';
$update_time = true;
}
// }
}
if ($update_description || $update_price || $update_time || $update_category) {
$update = "UPDATE services SET ";
if ($update_description) {
$update .= "name = CASE id {$update_description_text} END, ";
}
if ($update_price) {
$update .= "price = CASE id {$update_price_text} END, ";
}
if ($update_time) {示例6: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
$news_type = sqlEscape($_POST['news_type']);
$userNews = sqlSelect("SELECT users_news_feed.id, have_read, news_type.type, groups.id AS group_id, name AS group_name, story.story_id, title, users.user_id, username FROM users_news_feed LEFT JOIN groups ON groups.id = users_news_feed.group_id LEFT JOIN story ON story.story_id = users_news_feed.story_id LEFT JOIN users ON users.user_id = users_news_feed.writer_id INNER JOIN `news_type` ON news_type.id = users_news_feed.type_id WHERE users_news_feed.user_id = {$_SESSION['me']['id']} AND news_type.type = '{$news_type}' AND have_read = 0;");
if ($userNews) {
echo json_encode($userNews);
die;
} else {
echo 'no news';
}
}示例7: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
if (!isset($_SESSION['user']) && !is_numeric($_POST['group_id'])) {
die;
}
$group_id = sqlEscape($_POST['group_id']);
$groupMembers = sqlSelect("SELECT user_id FROM group_members WHERE group_id = {$group_id};");
if ($groupMembers) {
echo json_encode($groupMembers);
die;
}
}示例8: while
<?php
// Categories
$sql = "SELECT category FROM directory_ml WHERE lang='" . MARKET_LANG . "' AND category <> '' GROUP BY category ORDER BY category";
if (sqlQuery($sql, $res)) {
$i = 1;
while ($row = sqlFetchAssoc($res)) {
$str = '';
$sql = "SELECT prof1, prof2, prof3 FROM directory_ml WHERE lang='" . MARKET_LANG . "' AND category='" . sqlEscape($row['category']) . "'";
if (sqlQuery($sql, $res1)) {
$tags = array();
while ($row1 = sqlFetchAssoc($res1)) {
for ($j = 1; $j <= 3; $j++) {
if ($row1['prof' . $j] && !in_array($row1['prof' . $j], $tags)) {
$tags[] = $row1['prof' . $j];
}
}
}
asort($tags);
if ($_COOKIE['mplace_menu'] & pow(2, $i - 1)) {
$str = '<ul id="ul' . $i . '" class="tags in collapse">';
} else {
$str = '<ul id="ul' . $i . '" class="tags collapse">';
}
foreach ($tags as $tag) {
$str .= '<li><a href="index.html?content=tag&q=' . urlencode($tag) . '">' . htmlspecialchars($tag) . '</a></li>';
}
$str .= '</ul>';
}
$this->assignLocal('category', 'ROW', array('ndx' => $i, 'title' => $row['category'], 'tags' => $str));
$this->lightParseTemplate('CATEGORY', 'category');示例9: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
require '../../../lang/config.php';
$group_id = sqlEscape($_POST['group_id']);
$group_name = sqlEscape($_POST['group_name']);
$group_members = sqlEscape($_POST['group_members']);
$_SESSION['errors'] = array();
if (!is_numeric($group_id)) {
$_SESSION['errors'] = true;
}
if (empty($group_members)) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Fyll i fältet");
header("Location: ../../../groups/{$group_id}/invite");
}
if (!empty($group_members)) {
$users_exists = sqlSelect("SELECT user_id, username FROM `users` WHERE type = 1 AND user_id IN ({$group_members}) OR username IN ('{$group_members}');");
if (!$users_exists) {
if (strlen($group_members) >= 3) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelarna finns inte");
}
if (strlen($group_members) == 1) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelaren finns inte");
}
} else {
$members_exists = sqlSelect("SELECT users.user_id, users.username, group_members.status FROM users INNER JOIN `group_members` ON users.user_id = group_members.user_id WHERE group_members.group_id = {$group_id} AND group_members.user_id IN ({$group_members});");
if ($members_exists) {
foreach ($members_exists as $member) {
if ($member['status'] == 1) {示例10: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
require '../../../lib/Pusher/config.php';
$words = sqlEscape($_POST['words']);
$story = $_POST['story'];
if (strlen($words) >= 1 && strlen($words) <= 50 && is_numeric($story)) {
// Check if my turn
$my_turn = sqlSelect("SELECT id, on_turn, round, story.rounds FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story} AND user_id = {$_SESSION['me']['id']};");
if ($my_turn[0]['on_turn'] != 1) {
die;
}
$insertWords = "INSERT INTO row (user_id, words, story_id, date) VALUES ({$_SESSION['me']['id']}, '{$words}', {$story}, now());";
$finishMyTurn = "UPDATE `story_writers` SET `on_turn` = 0, round = round + 1, `date` = now() WHERE story_id = {$story} AND user_id = {$_SESSION['me']['id']};";
$ok = '';
if (sqlAction($insertWords) && sqlAction($finishMyTurn)) {
$ok = true;
} else {
die;
}
// $round = sqlSelect("SELECT MIN(round) AS current, rounds AS end FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story};");
$round = sqlSelect("SELECT round AS current, rounds AS end FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story} ORDER BY story_writers.id DESC LIMIT 1;");
// Check if story is finished
// $rounds_left = $my_turn[0]['rounds'] - $my_turn[0]['round'] - 1;
$rounds_left = $round[0]['end'] - $round[0]['current'];
if ($rounds_left == -1) {
if (sqlAction("UPDATE story SET status = 2 WHERE story_id = {$story};")) {
$story_writers = sqlSelect("SELECT user_id FROM `story_writers` WHERE story_id = {$story} AND user_id != {$_SESSION['me']['id']};");
if ($story_writers) {示例11: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['group_id']) && is_numeric($_POST['group_id'])) {
$groupId = $_POST['group_id'];
} else {
die;
}
session_start();
require '../../../mysql/query.php';
require '../../../lang/config.php';
$num_of_errors = 0;
$title = sqlEscape($_POST['title']);
$text = sqlEscape($_POST['text']);
$rounds = sqlEscape($_POST['rounds']);
$current_round = 1;
$max_writers = 'null';
$nonsensmode = 1;
$public = 'null';
$with_group = $groupId;
$story = sqlAction("INSERT INTO story (title, rounds, current_round, max_writers, nonsens_mode, join_public, with_group, status, started_by_user, views) VALUES ('{$title}', {$rounds}, {$current_round}, {$max_writers}, {$nonsensmode}, {$public}, {$with_group}, 1, {$_SESSION['me']['id']}, 0);", $getLastId = true);
if ($story) {
if (sqlAction("INSERT INTO row (user_id, words, story_id, date) VALUES ({$_SESSION['me']['id']}, '{$text}', {$story}, now());")) {
$story_writers = "INSERT INTO story_writers (story_id, user_id, on_turn, round, date) VALUES ({$story}, {$_SESSION['me']['id']}, 0, 2, now()), ";
$writers = sqlSelect("SELECT user_id FROM group_members WHERE group_id = {$groupId} AND user_id != {$_SESSION['me']['id']};");
$i = 0;
foreach ($writers as $writer) {
if ($i == 0) {
$on_turn = 1;
} else {
$on_turn = 0;示例12: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
require '../../../lang/config.php';
$friends = sqlEscape($_POST['friends']);
$_SESSION['errors'] = array();
if (empty($friends)) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Fyll i fältet");
header('Location: ../../../profile?view=friends');
}
if (!empty($friends)) {
$users = sqlSelect("SELECT user_id, username FROM `users` WHERE type = 1 AND user_id IN ({$friends}) OR username IN ({$friends});");
if (!$users) {
if (strlen($friends) >= 3) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelarna finns inte");
}
if (strlen($friends) == 1) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelaren finns inte");
}
} else {
$already_friends = sqlSelect("SELECT users.user_id, users.username, friends.status, friends.sender FROM users INNER JOIN `friends` ON users.user_id = friends.user_id WHERE friends.user_id IN ({$friends}) UNION SELECT users.user_id, users.username, friends.status, friends.sender FROM users INNER JOIN `friends` ON users.user_id = friends.friend_user_id WHERE friends.friend_user_id IN ({$friends});");
if ($already_friends) {
foreach ($already_friends as $friend) {
if ($friend['status'] == 1) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Du är redan vän med <a href=\"profile?view={$friend['user_id']}\">{$friend['username']}</a>");
}
if ($friend['status'] == 0 && $friend['sender'] == $_SESSION['user']['id']) {
array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Du har redan skickat vänförfrågan till <a href=\"profile?view={$friend['user_id']}\">{$friend['username']}</a>");
}示例13: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_POST['id'])) {
require '../../mysql/query.php';
$start = sqlEscape($_POST['start']);
if (sqlAction("DELETE FROM bookings WHERE id = {$_POST['id']} AND start = '{$start}';")) {
echo 1;
die;
} else {
echo 0;
die;
}
// $times = sqlSelect("SELECT id, booked_at, start, end, invoice, webpay, in_place FROM `bookings` WHERE DATE(`start`) = '{$day}' AND company_id = {$_SESSION['company']['id']} AND employer_id = {$_SESSION['me']['id']};");
// if ($times)
// echo json_encode($times);
// else
// echo 0;
// die;
}
}示例14: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
$old = sqlEscape($_POST['password']);
$new = sqlEscape($_POST['new_password']);
$new_repeat = sqlEscape($_POST['password_confirm']);
if (strlen($old) > 5 && strlen($old) < 25 && strlen($new) > 5 && strlen($new) < 25 && strlen($new_repeat) > 5 && strlen($new_repeat) < 25 && $new === $new_repeat) {
$password = sqlSelect("SELECT password FROM users WHERE user_id = {$_SESSION['user']['id']};");
if (password_verify($old, $password[0]['password'])) {
$pass = password_hash($new, PASSWORD_DEFAULT);
if (sqlAction("UPDATE users SET password = '{$pass}' WHERE user_id = {$_SESSION['user']['id']};")) {
echo json_encode(array('success' => true));
die;
}
}
}
}示例15: session_start
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
require '../../../mysql/query.php';
if (strlen($_POST['new_password']) < 6) {
echo json_encode(array('password_too_short' => true));
die;
}
if (strlen($_POST['new_password']) > 25) {
echo json_encode(array('password_too_long' => true));
die;
}
$password = sqlEscape($_POST['new_password']);
$email = sqlEscape($_POST['email']);
$token = sqlEscape($_POST['token']);
$getUser = sqlSelect("SELECT user_id FROM users WHERE email = '{$email}' AND reset_password_key = '{$token}';");
if ($getUser) {
$newPassword = password_hash($password, PASSWORD_DEFAULT);
if (sqlAction("UPDATE users SET password = '{$newPassword}', reset_password_key = null WHERE user_id = {$getUser[0]['user_id']} AND email = '{$email}' AND reset_password_key = '{$token}';")) {
echo json_encode(array('success' => true));
die;
}
}
}