本文整理汇总了PHP中sql_escape_string函数的典型用法代码示例。如果您正苦于以下问题:PHP sql_escape_string函数的具体用法?PHP sql_escape_string怎么用?PHP sql_escape_string使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sql_escape_string函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: town2xy
function town2xy($name)
{
global $table, $casen, $zx;
$xy = array();
$name = sql_escape_string($name);
if (preg_match("/^id:\\d+\$/", $name)) {
$id = (int) substr($name, 3);
$za2 = sql_fetch_row(sql_query("SELECT x,y FROM {$table} WHERE town_id={$id} LIMIT 1"));
} else {
$cmp = $casen ? "=" : "LIKE";
$za2 = sql_fetch_row(sql_query("SELECT x,y FROM {$table} WHERE town_name {$cmp} '{$name}' LIMIT 1"));
}
if ($zx < -256) {
$zx = -256;
}
$xy[0] = $za2['x'] ? $za2['x'] : 0;
$xy[1] = $za2['y'] ? $za2['y'] : 0;
return $xy;
}示例2: sendFinalEmails
function sendFinalEmails($email, $client_key, $final1, $final2, $final3, $final4)
{
//echo 'final email '.$email.' '.$client_key.'<br>';
//find device email and device type
$sql = "call getDeviceInfo(" . sql_escape_string($email, 1) . ");";
echo $sql;
$Result = execute_query($mysqli, $sql);
if ($Result) {
$row = $Result[0]->fetch_assoc();
$device_email = $row['email'];
$device = $row['device'];
$fname = $row['fname'];
$lname = $row['lname'];
$gSQL = 'CALL getOrgByKey(' . sql_escape_string($client_key, 1) . ');';
//echo $gSQL;
//echo '<br>';
$gResult = execute_query($mysqli, $gSQL);
$group_code = $gResult[0]->fetch_array()[0];
//echo $group_code;
//echo '<br>';
//send to Socks
$sMail = getSocksMailer();
$sMail->Subject = "Litesprite User Completed Onboarding";
$sMail->Body = "client key: " . $client_key . "<br>\n\t\t\t\t\t\tgroup: " . $group_code . "<br>\n\t\t\t\t\t\tCodes and Instructions have been sent to: " . $email . "<br> \n\t\t\t\t\t\tDevice: " . ($device == 'A' ? 'Android' : 'iOS') . "<br> \n\t\t\t\t\t\tDevice email: " . $device_email . "<br>\n\t\t\t\t\t\tLast name: " . $lname . "<br>\n\t\t\t\t\t\tFirst name:" . $fname;
//echo $sMail->Body;
//echo '<br>';
$sMail->AddAddress("socks@litesprite.com");
sendMail($sMail);
//send to User
$uMail = getSocksMailer();
$uMail->Subject = "Litesprite Beta Sign-Up Completed!";
$uMail->AddEmbeddedImage('../images/paw.png', 'paw');
$uMail->Body = $final1 . $group_code . $final2 . $client_key . $final3 . $device_email . $final4;
//echo $uMail->Body;
$uMail->AddAddress($email);
sendMail($uMail);
}
}示例3: header
require_once "include/config.inc.php";
require_once 'include/mysqli.inc.php';
require_once "include/utils.inc.php";
require_once 'include/header.php';
require_once 'include/footer.php';
if (isset($_SESSION['user_key']) == false || strlen($_SESSION['user_key']) < 1) {
header('Location: /login');
}
if (strlen($args[1]) < 1) {
$survey_id = 1;
} else {
$survey_id = $args[1];
}
//Validate the user
$sql = "CALL rptSurveySummary(" . sql_escape_string($survey_id, 0) . ");";
//echo $sql.'<br/>';
$Result = execute_query($mysqli, $sql);
if ($Result) {
while ($row = $Result[0]->fetch_assoc()) {
$countm = $row['countm'];
$countf = $row['countf'];
$countm10 = $row['countm10'];
$countm20 = $row['countm20'];
$countm30 = $row['countm30'];
$countm40 = $row['countm40'];
$countm50 = $row['countm50'];
$countm60 = $row['countm60'];
$countm70 = $row['countm70'];
$countm80 = $row['countm80'];
$countm90 = $row['countm90'];示例4: header
require_once "include/config.inc.php";
require_once 'include/mysqli.inc.php';
require_once "include/utils.inc.php";
require_once 'include/header.php';
require_once 'include/footer.php';
if (isset($_SESSION['user_key']) == false || strlen($_SESSION['user_key']) < 1) {
header('Location: /login');
}
if (strlen($args[1]) > 0) {
$OrgID = $args[1];
} else {
$OrgID = 2;
}
//Validate the user
$sql = 'CALL td_journal_by_org(' . sql_escape_string($OrgID, 0) . ');';
//echo $sql.'<br/>';
$Result = execute_query($mysqli, $sql);
if ($Result) {
while ($row = $Result[0]->fetch_assoc()) {
$organization = $row['organization'];
$client_key = $row['client_key'];
$anxiety_id = $row['anxiety_id'];
$client_id = $row['client_id'];
$device_id = $row['device_id'];
$session_id = $row['session_id'];
$anxiety_type = $row['anxiety_type'];
$journal_other_text = $row['journal_other_text'];
$anxiety_rating = $row['anxiety_rating'];
$anxiety_manageable = $row['anxiety_manageable'];
$anxiety_description = $row['anxiety_description'];示例5: rptpssbyUser
\t\t\t\t\t</tr>
\t\t\t\t{$phq_data}
\t\t\t\t</table>
\t\t\t</div>
\t\t\t<div class="reportlegend">
\t\t\t\t<table width="400px">
\t\t\t\t\t<tr>
\t\t\t\t\t\t<th colspan="1">LEGEND</th>
\t\t\t\t\t</tr>
\t\t\t\t\t<tr>\t\t\t\t\t\t
\t\t\t\t\t\t<td colspan="1">Lower score is better.</td>
\t\t\t\t\t</tr>
\t\t\t\t</table>
\t\t\t</div>
EOD;
$sql = "CALL rptpssbyUser(" . sql_escape_string($client_key, 1) . ");";
//echo $sql.'<br/>';
$Result = execute_query($mysqli, $sql);
$i = 1;
if ($Result) {
while ($row = $Result[0]->fetch_assoc()) {
$survey[$i] = $row['survey'];
$survey_id[$i] = $row['survey_id'];
$client_key = $row['client_key'];
$array1[$i] = $row['pss1'];
$array2[$i] = $row['pss2'];
$array3[$i] = $row['pss3'];
$array4[$i] = $row['pss4'];
$array5[$i] = $row['pss5'];
$array6[$i] = $row['pss6'];
$array7[$i] = $row['pss7'];示例6: copy
/**
* this function create a copy of a question and return the corresponding id
*
* @return int return the id of the new question if success else return false
*
* @access public
* @author Fabio Pirovano (fabio@docebo.com)
*/
function copy($new_id_poll, $back_poll = NULL)
{
//retriving question
list($sel_cat, $quest, $sequence, $page) = sql_fetch_row(sql_query("\r\n\t\tSELECT id_category, title_quest, sequence, page\r\n\t\tFROM " . $GLOBALS['prefix_lms'] . "_pollquest\r\n\t\tWHERE id_quest = '" . (int) $this->id . "'"));
//insert question
$ins_query = "\r\n\t\tINSERT INTO " . $GLOBALS['prefix_lms'] . "_pollquest\r\n\t\t( id_poll, id_category, type_quest, title_quest, sequence, page ) VALUES\r\n\t\t( \t'" . (int) $new_id_poll . "',\r\n\t\t\t'" . (int) $sel_cat . "',\r\n\t\t\t'" . $this->getQuestionType() . "',\r\n\t\t\t'" . sql_escape_string($quest) . "',\r\n\t\t\t'" . (int) $sequence . "',\r\n\t\t\t'" . (int) $page . "' ) ";
if (!sql_query($ins_query)) {
return false;
}
//find id of auto_increment colum
list($new_id_quest) = sql_fetch_row(sql_query("SELECT LAST_INSERT_ID()"));
if (!$new_id_quest) {
return false;
}
//retriving new answer
$re_answer = sql_query("\r\n\t\tSELECT answer, sequence\r\n\t\tFROM " . $GLOBALS['prefix_lms'] . "_pollquestanswer\r\n\t\tWHERE id_quest = '" . (int) $this->id . "'\r\n\t\tORDER BY id_answer");
while (list($answer, $sequence) = sql_fetch_row($re_answer)) {
//insert answer
$ins_answer_query = "\r\n\t\t\tINSERT INTO " . $GLOBALS['prefix_lms'] . "_pollquestanswer\r\n\t\t\t( id_quest, answer, sequence ) VALUES\r\n\t\t\t( \t'" . $new_id_quest . "',\r\n\t\t\t\t'" . sql_escape_string($answer) . "',\r\n\t\t\t\t'" . $sequence . "' ) ";
if (!sql_query($ins_answer_query)) {
return false;
}
}
return $new_id_quest;
}示例7: getClientSurveyGAD
}
}
if ($hasresults) {
$q1[$phq1] = 'checked';
$q2[$phq2] = 'checked';
$q3[$phq3] = 'checked';
$q4[$phq4] = 'checked';
$q5[$phq5] = 'checked';
$q6[$phq6] = 'checked';
$q7[$phq7] = 'checked';
$q8[$phq8] = 'checked';
$q9[$phq9] = 'checked';
$q10[$phq10] = 'checked';
}
$hasresults = false;
$sql = "call getClientSurveyGAD(" . sql_escape_string($_SESSION['client_survey_header_id'], 0) . ", " . sql_escape_string($_SESSION['client_id'], 1) . ");";
$Result = execute_query($mysqli, $sql);
if ($Result) {
$rowcount = 0;
while ($row = $Result[0]->fetch_assoc()) {
$hasresults = true;
$gad1 = $row['gad1'];
$gad2 = $row['gad2'];
$gad3 = $row['gad3'];
$gad4 = $row['gad4'];
$gad5 = $row['gad5'];
$gad6 = $row['gad6'];
$gad7 = $row['gad7'];
}
}
if ($hasresults) {示例8: header
<?php
require_once '../../include/config.inc.php';
require_once '../../include/mysqli.inc.php';
require_once '../../include/utils.inc.php';
header('Content-Type: application/json');
$json = "[";
$sql = '';
if (isset($_REQUEST['id'])) {
$sql = 'CALL rptAnxiety(' . sql_escape_string($_REQUEST['id'], 1) . ');';
} else {
$sql = 'CALL rptAnxietyOverview();';
}
$Result = execute_query($mysqli, $sql);
if ($Result) {
$row = $Result[0]->fetch_assoc();
$json .= '{';
$json .= '"type": "' . $row['anxiety_type'] . '", ';
$json .= '"rating": ' . $row['anxiety_rating'] . ',';
$json .= '"manageable": ' . $row['anxiety_manageable'] . ', ';
$json .= '"created": "' . $row['anxiety_added'] . '"';
$json .= '}';
while ($row = $Result[0]->fetch_assoc()) {
$json .= ', {';
$json .= '"type": "' . $row['anxiety_type'] . '", ';
$json .= '"rating": ' . $row['anxiety_rating'] . ',';
$json .= '"manageable": ' . $row['anxiety_manageable'] . ', ';
$json .= '"created": "' . $row['anxiety_added'] . '"';
$json .= '}';
}
}示例9: dupcourse
public function dupcourse()
{
if (!$this->permissions['add']) {
$output = array('success' => false, 'message' => $this->_getMessage("no permission"));
echo $this->json->encode($output);
return;
}
//TO DO: make it a sqltransaction if possible
if (isset($_POST['confirm'])) {
$id_dupcourse = Get::req('id_course', DOTY_INT, 0);
$id_orgs = array();
$array_new_testobject = array();
// read the old course info
$query_sel = "SELECT * FROM %lms_course WHERE idCourse = '" . $id_dupcourse . "' ";
$result_sel = sql_query($query_sel);
$list_sel = sql_fetch_array($result_sel);
foreach ($list_sel as $k => $v) {
$list_sel[$k] = sql_escape_string($v);
}
$new_course_dup = 0;
$new_file_array = array();
if ($list_sel['imgSponsor'] != '') {
$new_name_array = explode('_', str_replace('course_sponsor_logo_', '', $list_sel['imgSponsor']));
$filename = 'course_sponsor_logo_' . mt_rand(0, 100) . '_' . time() . '_' . str_replace('course_sponsor_logo_' . $new_name_array[0] . '_' . $new_name_array[1] . '_', '', $list_sel['imgSponsor']);
$new_file_array[0]['old'] = $list_sel['imgSponsor'];
$new_file_array[0]['new'] = $filename;
$list_sel['imgSponsor'] = $filename;
}
if ($list_sel['img_course'] != '') {
$new_name_array = explode('_', str_replace('course_logo_', '', $list_sel['img_course']));
$filename = 'course_logo_' . mt_rand(0, 100) . '_' . time() . '_' . str_replace('course_logo_' . $new_name_array[0] . '_' . $new_name_array[1] . '_', '', $list_sel['img_course']);
$new_file_array[1]['old'] = $list_sel['img_course'];
$new_file_array[1]['new'] = $filename;
$list_sel['img_course'] = $filename;
}
if ($list_sel['img_material'] != '') {
$new_name_array = explode('_', str_replace('course_user_material_', '', $list_sel['img_material']));
$filename = 'course_user_material_' . mt_rand(0, 100) . '_' . time() . '_' . str_replace('course_user_material_' . $new_name_array[0] . '_' . $new_name_array[1] . '_', '', $list_sel['img_material']);
$new_file_array[2]['old'] = $list_sel['img_material'];
$new_file_array[2]['new'] = $filename;
$list_sel['img_material'] = $filename;
}
if ($list_sel['img_othermaterial'] != '') {
$new_name_array = explode('_', str_replace('course_otheruser_material_', '', $list_sel['img_othermaterial']));
$filename = 'course_otheruser_material_' . mt_rand(0, 100) . '_' . time() . '_' . str_replace('course_otheruser_material_' . $new_name_array[0] . '_' . $new_name_array[1] . '_', '', $list_sel['img_othermaterial']);
$new_file_array[3]['old'] = $list_sel['img_othermaterial'];
$new_file_array[3]['new'] = $filename;
$list_sel['img_othermaterial'] = $filename;
}
if ($list_sel['course_demo'] != '') {
$new_name_array = explode('_', str_replace('course_demo_', '', $list_sel['course_demo']));
$filename = 'course_demo_' . mt_rand(0, 100) . '_' . time() . '_' . str_replace('course_demo_' . $new_name_array[0] . '_' . $new_name_array[1] . '_', '', $list_sel['course_demo']);
$new_file_array[4]['old'] = $list_sel['course_demo'];
$new_file_array[4]['new'] = $filename;
$list_sel['course_demo'] = $filename;
}
// duplicate the entry of learning_course
$query_ins = "INSERT INTO %lms_course\n\t\t\t\t( idCategory, code, name, description, lang_code, status, level_show_user,\n\t\t\t\tsubscribe_method, linkSponsor, imgSponsor, img_course, img_material, img_othermaterial,\n\t\t\t\tcourse_demo, mediumTime, permCloseLO, userStatusOp, difficult, show_progress, show_time, show_extra_info,\n\t\t\t\tshow_rules, valid_time, max_num_subscribe, min_num_subscribe,\n\t\t\t\tmax_sms_budget, selling, prize, course_type, policy_point, point_to_all, course_edition, classrooms, certificates,\n\t\t\t\tcreate_date, security_code, imported_from_connection, course_quota, used_space, course_vote, allow_overbooking, can_subscribe,\n\t\t\t\tsub_start_date, sub_end_date, advance, show_who_online, direct_play, autoregistration_code, use_logo_in_courselist )\n\t\t\t\tVALUES\n\t\t\t\t( '" . $list_sel['idCategory'] . "', '" . $list_sel['code'] . "', '" . "Copia di " . $list_sel['name'] . "', '" . $list_sel['description'] . "', '" . $list_sel['lang_code'] . "', '" . $list_sel['status'] . "', '" . $list_sel['level_show_user'] . "',\n\t\t\t\t'" . $list_sel['subscribe_method'] . "', '" . $list_sel['linkSponsor'] . "', '" . $list_sel['imgSponsor'] . "', '" . $list_sel['img_course'] . "', '" . $list_sel['img_material'] . "', '" . $list_sel['img_othermaterial'] . "',\n\t\t\t\t'" . $list_sel['course_demo'] . "', '" . $list_sel['mediumTime'] . "', '" . $list_sel['permCloseLO'] . "', '" . $list_sel['userStatusOp'] . "', '" . $list_sel['difficult'] . "', '" . $list_sel['show_progress'] . "', '" . $list_sel['show_time'] . "', '" . $list_sel['show_extra_info'] . "',\n\t\t\t\t'" . $list_sel['show_rules'] . "', '" . $list_sel['valid_time'] . "', '" . $list_sel['max_num_subscribe'] . "', '" . $list_sel['min_num_subscribe'] . "',\n\t\t\t\t'" . $list_sel['max_sms_budget'] . "', '" . $list_sel['selling'] . "', '" . $list_sel['prize'] . "', '" . $list_sel['course_type'] . "', '" . $list_sel['policy_point'] . "', '" . $list_sel['point_to_all'] . "', '" . $list_sel['course_edition'] . "', '" . $list_sel['classrooms'] . "', '" . $list_sel['certificates'] . "',\n\t\t\t\t'" . date('Y-m-d H:i:s') . "', '" . $list_sel['security_code'] . "', '" . $list_sel['imported_from_connection'] . "', '" . $list_sel['course_quota'] . "', '" . $list_sel['used_space'] . "', '" . $list_sel['course_vote'] . "', '" . $list_sel['allow_overbooking'] . "', '" . $list_sel['can_subscribe'] . "',\n\t\t\t\t'" . $list_sel['sub_start_date'] . "', '" . $list_sel['sub_end_date'] . "', '" . $list_sel['advance'] . "', '" . $list_sel['show_who_online'] . "', '" . $list_sel['direct_play'] . "', '" . $list_sel['autoregistration_code'] . "', '" . $list_sel['use_logo_in_courselist'] . "' )";
$result_ins = sql_query($query_ins);
if (!$result_ins) {
ob_clean();
ob_start();
echo $this->json->encode(array('success' => false));
die;
}
// the id of the new course created
$new_id_course = $new_course_dup = sql_insert_id();
//Create the new course file
if (isset($_POST['image'])) {
$path = Get::sett('pathcourse');
$path = '/appLms/' . Get::sett('pathcourse') . (substr($path, -1) != '/' && substr($path, -1) != '\\' ? '/' : '');
require_once _base_ . '/lib/lib.upload.php';
sl_open_fileoperations();
foreach ($new_file_array as $file_info) {
sl_copy($path . $file_info['old'], $path . $file_info['new']);
}
sl_close_fileoperations();
}
//--- copy menu data -----------------------------------------------------
// copy the old course menu into the new one
$query_selmen = "SELECT * FROM %lms_menucourse_main WHERE idCourse = '" . $id_dupcourse . "' ";
$result_selmen = sql_query($query_selmen);
while ($list_selmen = sql_fetch_array($result_selmen)) {
$query_dupmen = "INSERT INTO %lms_menucourse_main " . " (idCourse, sequence, name, image) " . " VALUES " . " ( '" . $new_course_dup . "', '" . $list_selmen['sequence'] . "', '" . $list_selmen['name'] . "', '" . $list_selmen['image'] . "' )";
$result_dupmen = sql_query($query_dupmen);
$array_seq[$list_selmen['idMain']] = sql_insert_id();
}
$query_insert_list = array();
$query_selmenun = "SELECT * FROM %lms_menucourse_under WHERE idCourse = '" . $id_dupcourse . "' ";
$result_selmenun = sql_query($query_selmenun);
while ($new_org = sql_fetch_array($result_selmenun)) {
$valore_idn = $new_org['idMain'];
$_idMain = $array_seq[$valore_idn];
$query_insert_list[] = "('" . $_idMain . "', '" . $new_course_dup . "', '" . $new_org['sequence'] . "', '" . $new_org['idModule'] . "', '" . $new_org['my_name'] . "')";
}
$result_dupmen = true;
if (!empty($query_insert_list)) {
$query_dupmen = "INSERT INTO %lms_menucourse_under\n\t\t\t\t\t(idMain, idCourse, sequence, idModule, my_name)\n\t\t\t\t\tVALUES " . implode(",", $query_insert_list);
$result_dupmen = sql_query($query_dupmen);
}
//.........这里部分代码省略.........
示例10: getIfOnboardedKey
<body>
<div class="header container">
<div class="title">
<img class="logo" src="../images/litesprite.png"/>
<div class="titletext">Litesprite Sign-Up</div>
</div>
</div>
<div class="wrapper container">
<br>
<p style="font-weight:bold;color:#447a2d;">This information has also been sent to your email if you wish to complete the sign-up form or survey at a later date.</p>
<?php
echo '<p>Hello!</p>
<p>
Thank you for volunteering to be a beta tester for our game, Sinasprite, that helps people manage stress, anxiety, and depression! To get started please:
</p>';
$sql = 'call getIfOnboardedKey(' . sql_escape_string($client_key, 1) . ');';
$Result = execute_query($mysqli, $sql);
//&& $row = $Res[0]->fetch_array(MYSQL_NUM) && trim($Res[0]->$row[0],"'") == $client_key
if ($Result && strlen($Result[0]->fetch_array()[0]) > 1) {
echo '<p style="color:green;"><img style="vertical-align:bottom;" src="../images/check.png" width="30" height="30"> Sign-up and Survey Competed</p>';
} else {
echo '<p>
<button class="btn btn-success link-same" href="http://test.litesprite.com/signup/index.php?key=' . $client_key . '&">Complete the Sign Up and Survey</button></p>';
}
echo '
<p>
After you\'ve completed the process above, we will send you unique access codes.
</p>
<p>
These <a class="link" href="https://litesprite.com/info/faq.php">FAQs</a> tell you how and why we are doing this Beta.示例11: sql_escape_string
<?php
require_once "database.php";
if ($_GET["mode"] == "servers") {
$country = sql_escape_string($_GET["country"]);
$result = sql_query("SELECT * FROM servers WHERE country='{$country}' AND visible=True ORDER BY num");
while ($row = sql_fetch_row($result)) {
print $row["name"] . "," . ($row["population"] > 1000) . "\n";
}
}示例12: session_start
<?php
require_once "../include/config.inc.php";
require_once "../include/mysqli.inc.php";
require_once "../include/utils.inc.php";
session_start();
if (!isset($_REQUEST['key'])) {
header("Location: https://litesprite.com");
}
$_SESSION['client_key'] = $_REQUEST['key'];
$client_key = $_REQUEST['key'];
$email = "";
if (isset($_SESSION['email']) && strlen($_SESSION['email']) > 1) {
$email = $_SESSION['email'];
} else {
$sql = "SELECT player_email_address from litesprite.players as p where client_key =" . sql_escape_string($client_key, 1) . " ;";
$Result = execute_query($mysqli, $sql);
if ($Result && ($row = $Result[0]->fetch_array())) {
$email = $row[0];
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="Litesprite" />
<link rel="stylesheet" type="text/css" href="../css/bootstrap.min.css">示例13: header
require_once 'include/mysqli.inc.php';
require_once "include/utils.inc.php";
require_once 'include/header.php';
require_once 'include/footer.php';
// echo isset($_SESSION['user_key'])."<br/>";
// echo strlen($_SESSION['user_key'])."<br/>";
if (isset($_SESSION['user_key']) == false || strlen($_SESSION['user_key']) < 1) {
header('Location: /login');
}
if (strlen($args[1]) < 1) {
$client_key = 'null';
} else {
$client_key = $args[1];
}
//Validate the user
$sql = "CALL rptBaselinebyUser(" . sql_escape_string($client_key, 1) . ");";
//echo $sql.'<br/>';
$Result = execute_query($mysqli, $sql);
if ($Result) {
while ($row = $Result[0]->fetch_assoc()) {
$survey = $row['survey'];
$survey_id = $row['client_survey_baseline_id'];
$client_key = $row['client_key'];
$client_age = $row['client_age'];
$client_gender = $row['client_gender'];
$baseline1 = $row['baseline1'];
$baseline2 = $row['baseline2'];
$baseline2a = $row['baseline2a'];
$baseline3 = $row['baseline3'];
$baseline4 = $row['baseline4'];
switch ($row['baseline4a']) {示例14: str_replace
case 'pmph':
$sql = "update client_survey_pmph set " . str_replace("'", "''", $_REQUEST['question']) . " = " . sql_escape_string($_REQUEST['value'], 1) . " where client_id = " . sql_escape_string($_SESSION['client_id'], 1) . " and client_survey_header_id = " . sql_escape_string($_SESSION['client_survey_header_id'], 0) . ";";
break;
case 'phq':
$sql = "update client_survey_phq set " . str_replace("'", "''", $_REQUEST['question']) . " = " . sql_escape_string($_REQUEST['value'], 1) . " where client_id = " . sql_escape_string($_SESSION['client_id'], 1) . " and client_survey_header_id = " . sql_escape_string($_SESSION['client_survey_header_id'], 0) . ";";
break;
case 'gad':
$sql = "update client_survey_gad set " . str_replace("'", "''", $_REQUEST['question']) . " = " . sql_escape_string($_REQUEST['value'], 1) . " where client_id = " . sql_escape_string($_SESSION['client_id'], 1) . " and client_survey_header_id = " . sql_escape_string($_SESSION['client_survey_header_id'], 0) . ";";
break;
case 'cse':
$sql = "update client_survey_cse set " . str_replace("'", "''", $_REQUEST['question']) . " = " . sql_escape_string($_REQUEST['value'], 1) . " where client_id = " . sql_escape_string($_SESSION['client_id'], 1) . " and client_survey_header_id = " . sql_escape_string($_SESSION['client_survey_header_id'], 0) . ";";
break;
case 'lsq':
$sql = "update client_survey_lsq set " . str_replace("'", "''", $_REQUEST['question']) . " = " . sql_escape_string($_REQUEST['value'], 1) . " where client_id = " . sql_escape_string($_SESSION['client_id'], 1) . " and client_survey_header_id = " . sql_escape_string($_SESSION['client_survey_header_id'], 0) . ";";
break;
case 'pss':
$sql = "update client_survey_pss set " . str_replace("'", "''", $_REQUEST['question']) . " = " . sql_escape_string($_REQUEST['value'], 1) . " where client_id = " . sql_escape_string($_SESSION['client_id'], 1) . " and client_survey_header_id = " . sql_escape_string($_SESSION['client_survey_header_id'], 0) . ";";
break;
}
if (strlen($sql) < 1) {
exit;
} else {
echo $sql;
}
$Result = execute_query($mysqli, $sql);
if ($Result) {
$rowcount = 0;
while ($row = $Result[0]->fetch_assoc()) {
$hasresults = 1;
}
}示例15: sql_escape_string
// echo $key;
// echo ": " . $value;
// echo "<br/>";
// }
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['bf_login'])) {
if (strlen($_POST['log']) < 1) {
$logerr = "fielderror";
}
if (strlen($_POST['pwd']) < 1) {
$pwderr = "fielderror";
}
}
if (isset($_POST['log']) && isset($_POST['pwd'])) {
//posted data : yes
$dblogin = sql_escape_string(strtolower($_POST['log']), 1);
$dbpassword = sql_escape_string(hash('sha256', doubleSalt($_POST['pwd'], $dblogin)), 1);
//Validate the user
$sql = "CALL ValidateUser(" . $dblogin . ", " . $dbpassword . ", '" . getRealIpAddr() . "');";
//echo $sql.'<br/>';
$Result = execute_query($mysqli, $sql);
if ($Result) {
while ($row = $Result[0]->fetch_assoc()) {
$validemail = 1;
}
while ($row[1] = $Result[1]->fetch_assoc()) {
$_SESSION['user_id'] = $row[1]['user_id'];
$_SESSION['user_key'] = $row[1]['user_key'];
$_SESSION['company_id'] = $row[1]['company_id'];
$_SESSION['organization_id'] = $row[1]['organization_id'];
$_SESSION['organization_name'] = $row[1]['organization_name'];
$_SESSION['user_email_address'] = $row[1]['user_email_address'];