本文整理汇总了PHP中sql_escape函数的典型用法代码示例。如果您正苦于以下问题:PHP sql_escape函数的具体用法?PHP sql_escape怎么用?PHP sql_escape使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sql_escape函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: user_atom
function user_atom()
{
global $ical_shifts, $user, $DISPLAY_NEWS;
if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) {
$key = $_REQUEST['key'];
} else {
die("Missing key.");
}
$user = User_by_api_key($key);
if ($user === false) {
die("Unable to find user.");
}
if ($user == null) {
die("Key invalid.");
}
if (!in_array('atom', privileges_for_user($user['UID']))) {
die("No privilege for atom.");
}
$news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS));
header('Content-Type: application/atom+xml; charset=utf-8');
$html = '<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Engelsystem</title>
<id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id>
<updated>' . date('Y-m-d\\TH:i:sP', $news[0]['Datum']) . "</updated>\n";
foreach ($news as $news_entry) {
$html .= " <entry>\n <title>" . htmlspecialchars($news_entry['Betreff']) . "</title>\n <link href=\"" . page_link_to_absolute("news_comments&nid=") . "{$news_entry['ID']}\"/>\n <id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-{$news_entry['ID']}</id>\n <updated>" . date('Y-m-d\\TH:i:sP', $news_entry['Datum']) . "</updated>\n <summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary>\n </entry>\n";
}
$html .= "</feed>";
header("Content-Length: " . strlen($html));
echo $html;
die;
}示例2: isGeokretInCache
function isGeokretInCache($cacheid)
{
$sql = "SELECT wp_oc, wp_gc, wp_nc,wp_ge,wp_tc FROM caches WHERE cache_id = '" . sql_escape(intval($cacheid)) . "'";
$cache_record = mysql_fetch_array(mysql_query($sql));
// get cache waypoint
$cache_wp = '';
if ($cache_record['wp_oc'] != '') {
$cache_wp = $cache_record['wp_oc'];
} else {
if ($cache_record['wp_gc'] != '') {
$cache_wp = $cache_record['wp_gc'];
} else {
if ($cache_record['wp_nc'] != '') {
$cache_wp = $cache_record['wp_nc'];
} else {
if ($cache_record['wp_ge'] != '') {
$cache_wp = $cache_record['wp_ge'];
} else {
if ($cache_record['wp_tc'] != '') {
$cache_wp = $cache_record['wp_tc'];
}
}
}
}
}
$geokret_sql = "SELECT id FROM gk_item WHERE id IN (SELECT id FROM gk_item_waypoint WHERE wp = '" . sql_escape($cache_wp) . "') AND stateid<>1 AND stateid<>4 AND stateid <>5 AND typeid<>2";
$geokret_query = sql($geokret_sql);
if (mysql_num_rows($geokret_query) == 0) {
// no geokrets in this cache
return 0;
} else {
return 1;
}
}示例3: getAPIKey
/**
* url: /?p=api_key
* Returns api_key for user by basic authentication
* {
* api_token: "TOKEN"
* }
*/
function getAPIKey()
{
header("Content-Type: application/json; charset=utf-8");
$user = $_SERVER["PHP_AUTH_USER"];
$password = $_SERVER["PHP_AUTH_PW"];
if ($user == "" || $password == "") {
// user is not authenticated
header("WWW-Authenticate: Basic realm=Authorization Required");
header("HTTP/1.1 401 unauthorized");
echo "{\"error\": \"please send basic auth header\"}";
die;
} else {
// check user
$foundUser = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($user) . "'");
// find user by username
if (count($foundUser) == 1) {
$user = $foundUser[0];
if (verify_password($password, $user['Passwort'], $user['UID'])) {
echo "{\"api_token\": \"" . $user["api_key"] . "\"}";
}
} else {
// TODO: handle wrong auth
header("HTTP/1.1 403 Forbidden");
echo "{\"error\": \"forbidden\"}";
}
die;
}
}示例4: match_tag_list
private function match_tag_list($s)
{
global $database, $config;
$max_rows = $config->get_int("ext_tagger_tag_max", 30);
$limit_rows = $config->get_int("ext_tagger_limit", 30);
$values = array();
// Match
$p = strlen($s) == 1 ? " " : "\\_";
$sq = "%" . $p . sql_escape($s) . "%";
$match = "concat(?,tag) LIKE ?";
array_push($values, $p, $sq);
// Exclude
// $exclude = $event->get_arg(1)? "AND NOT IN ".$this->image_tags($event->get_arg(1)) : null;
// Hidden Tags
$hidden = $config->get_string('ext-tagger_show-hidden', 'N') == 'N' ? "AND substring(tag,1,1) != '.'" : null;
$q_where = "WHERE {$match} {$hidden} AND count > 0";
// FROM based on return count
$count = $this->count($q_where, $values);
if ($count > $max_rows) {
$q_from = "FROM (SELECT * FROM `tags` {$q_where} " . "ORDER BY count DESC LIMIT 0, {$limit_rows}) AS `c_tags`";
$q_where = null;
$count = array("max" => $count);
} else {
$q_from = "FROM `tags`";
$count = null;
}
$tags = $database->Execute("\n\t\t\tSELECT *\n\t\t\t{$q_from}\n\t\t\t{$q_where}\n\t\t\tORDER BY tag", $values);
return $this->list_to_xml($tags, "search", $s, $count);
}示例5: privileges_for_group
function privileges_for_group($group_id)
{
$privileges = array();
$groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group_id) . "'");
foreach ($groups_privs as $guest_priv) {
$privileges[] = $guest_priv['name'];
}
return $privileges;
}示例6: getUsername
function getUsername($userid)
{
$sql = "SELECT username FROM user WHERE user_id='" . sql_escape(intval($userid)) . "'";
$query = mysql_query($sql) or die;
if (mysql_num_rows($query) > 0) {
return mysql_result($query, 0);
}
return null;
}示例7: articles_delete
function articles_delete($id_article)
{
$sql1 = "DELETE FROM `articles` WHERE `id_article`='%s'";
$query = sprintf($sql1, sql_escape($id_article));
$result = mysqli_query(getDbConnect(), $query);
if (!$result) {
die(mysqli_error());
}
return true;
}示例8: processSubscribePageEdit
function processSubscribePageEdit($id)
{
if (!empty($_POST['disposable_mailblocker_enable'])) {
$enabled = 1;
} else {
$enabled = 1;
}
Sql_Query(sprintf('replace into %s (id,name,data) values(%d,"disposable_mailblocker_enable","%s")', $GLOBALS['tables']["subscribepage_data"], $id, sql_escape($enabled)));
Sql_Query(sprintf('replace into %s (id,name,data) values(%d,"disposable_mailblocker_text","%s")', $GLOBALS['tables']["subscribepage_data"], $id, sql_escape($_POST['disposable_mailblocker_text'])));
}示例9: Room
/**
* Returns room by id.
*
* @param $id RID
*/
function Room($id)
{
$room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($id) . "' AND `show` = 'Y'");
if ($room_source === false) {
return false;
}
if (count($room_source) > 0) {
return $room_source[0];
}
return null;
}示例10: articles_edit
function articles_edit($id_article, $name, $content)
{
//Безопасность данных от иньекций
$id_article = (int) $id_article;
$name = sql_escape($name);
$content = sql_escape($content);
//Запрос в бд
$request = "UPDATE `lesson2` SET `name`='{$name}', `content`='{$content}' WHERE `id`='{$id_article}'";
//Выполняем запрос
mysqli_query(getDbConnect(), $request);
}示例11: change_usersetting
/** This function sets a usersetting
* Only the values of the admin user are taken into account for this
*/
function change_usersetting($sn, $value, $is, $uid)
{
global $kfm;
$s = db_fetch_row('SELECT id FROM ' . KFM_DB_PREFIX . 'settings WHERE name="' . sql_escape($sn) . '" and user_id=' . $uid);
if ($s && count($s)) {
$kfm->db->query('UPDATE ' . KFM_DB_PREFIX . 'settings SET value="' . sql_escape($value) . '", usersetting=' . $is . ' WHERE name="' . sql_escape($sn) . '" AND user_id=' . $uid);
} else {
$sql = 'INSERT INTO ' . KFM_DB_PREFIX . 'settings (name, value, user_id, usersetting) VALUES ("' . sql_escape($sn) . '","' . sql_escape($value) . '", ' . $uid . ',' . sql_escape($is) . ')';
$kfm->db->query($sql);
}
}示例12: remove_watch
function remove_watch($cache_id, $user_id)
{
//remove watch
sql('DELETE FROM cache_watches WHERE cache_id=\'' . sql_escape($cache_id) . '\' AND user_id=\'' . sql_escape($user_id) . '\'');
//remove from caches
$rs = sql('SELECT watcher FROM caches WHERE cache_id=\'' . sql_escape($cache_id) . '\'');
if (mysql_num_rows($rs) > 0) {
$record = mysql_fetch_array($rs);
sql('UPDATE caches SET watcher=\'' . ($record['watcher'] - 1) . '\' WHERE cache_id=\'' . sql_escape($cache_id) . '\'');
}
}示例13: ShiftType
/**
* Get a shift type by id.
*
* @param int $shifttype_id
*/
function ShiftType($shifttype_id)
{
$shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'");
if ($shifttype === false) {
return false;
}
if ($shifttype == null) {
return null;
}
return $shifttype[0];
}示例14: sql_validate_value
function sql_validate_value($var, $conn)
{
if (is_null($var)) {
return 'NULL';
} else {
if (is_string($var)) {
return "'" . sql_escape($var, $conn) . "'";
} else {
return is_bool($var) ? intval($var) : $var;
}
}
}示例15: Message_send
/**
* TODO: use validation functions, return new message id
* TODO: global $user con not be used in model!
* send message
*
* @param $id User
* ID of Reciever
* @param $text Text
* of Message
*/
function Message_send($id, $text)
{
global $user;
$text = preg_replace("/([^\\p{L}\\p{P}\\p{Z}\\p{N}\n]{1,})/ui", '', strip_tags($text));
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id));
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0) {
sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'");
return true;
} else {
return false;
}
}