本文整理汇总了PHP中sql_safe函数的典型用法代码示例。如果您正苦于以下问题:PHP sql_safe函数的具体用法?PHP sql_safe怎么用?PHP sql_safe使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sql_safe函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: mailer_send_newsletter
function mailer_send_newsletter($subject, $message, $type, $scheduled = NULL)
{
if ($scheduled === NULL || $scheduled == "") {
$scheduled = 'NULL';
} else {
$scheduled = "'" . date("YmdHis", strtotime($scheduled)) . "'";
}
$sql = "INSERT INTO newsletter SET subject='" . sql_safe($subject) . "', body='" . sql_safe($message) . "', name='" . sql_safe($type) . "', scheduled={$scheduled}";
mysql_query($sql);
}示例2: category_get
function category_get($user_id, $category_id = NULL)
{
$return = array();
$sql = "SELECT \n\t\ttask_category.id,\n\t\ttask_category.creator,\n\t\tIFNULL(task_category.name,'" . _("Untitled category") . "') as name,\n\t\ttask_category.description,\n\t\ttask_category.assignment_length\n\tFROM task_category \n\tLEFT JOIN task_user_category ON task_user_category.task_category_id=task_category.id\n\tWHERE " . ($category_id !== NULL ? "task_category.id=" . sql_safe($category_id) . " AND " : "") . "\n\t(creator=" . sql_safe($user_id) . "\tOR task_user_category.user_id=" . sql_safe($user_id) . ");";
if ($cc = mysql_query($sql)) {
while ($c = mysql_fetch_assoc($cc)) {
$return[] = $c;
}
}
return $return;
}示例3: flattr_set_flattr_choice
function flattr_set_flattr_choice($user_id, $flattr_choice)
{
// echo "flattr_set_flattr_choice($user_id, $flattr_choice)";
$current_choices = flattr_get_flattr_choices($user_id);
$new_choices = serialize($flattr_choice);
// echo "<pre>current_choices:".print_r($current_choices,1)."</pre>";
if (strcmp($current_choices, $new_choices)) {
if (!$current_choices) {
$sql = "INSERT INTO " . PREFIX . "flattr SET showFlattr=\"" . sql_safe($new_choices) . "\", user_id=" . sql_safe($user_id) . ";";
} else {
$sql = "UPDATE " . PREFIX . "flattr SET showFlattr=\"" . sql_safe($new_choices) . "\" WHERE user_id=" . sql_safe($user_id) . ";";
}
// echo "<pre>".print_r($sql,1)."</pre>";
if (mysql_query($sql)) {
add_message(_("New flattr choices set"));
} else {
add_error(sprintf(_("New flattr choices could not be set. Error: %s"), mysql_error()));
}
}
}示例4: notice_display_notices
function notice_display_notices($user)
{
$sql = "SELECT id, type, subject, message FROM " . PREFIX . "notice WHERE user=" . sql_safe($user) . " AND closed IS NULL";
if ($nn = mysql_query($sql)) {
while ($n = mysql_fetch_assoc($nn)) {
echo '
<div class="row notice">
<div class="panel panel-default ' . $n['type'] . '">
<div class="panel-heading">
<form method="post">
<input type="hidden" name="notice_id" value="' . $n['id'] . '">
<input type="submit" name="notice_close" value="x" class="rightfloat close-button">
</form>
<h3 class="panel-title">' . $n['subject'] . '</h3>
</div>
<div class="panel-body">
' . $n['message'] . '
</div>
</div>
</div>';
}
}
}示例5: VALUES
if (!$category_id) {
$error .= '<li> Category cannot be left blank';
}
if (!$firstname && !$lastname && !$company) {
$error .= '<li> First name / Last name / Company cannot be left blank';
}
if (!$error) {
if ($new_category) {
$base_instance->query('INSERT INTO ' . $base_instance->entity['CONTACT']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')');
$category_id = mysqli_insert_id($base_instance->db_link);
}
$firstname = str_replace('"', '"', $firstname);
$lastname = str_replace('"', '"', $lastname);
$address = str_replace('"', '"', $address);
$company = str_replace('"', '"', $company);
$base_instance->query('UPDATE ' . $base_instance->entity['CONTACT']['MAIN'] . ' SET firstname="' . sql_safe($firstname) . '",lastname="' . sql_safe($lastname) . '",email="' . sql_safe($email) . '",telephone="' . sql_safe($telephone) . '",fax="' . sql_safe($fax) . '",mobile="' . sql_safe($mobile) . '",address="' . sql_safe($address) . '",notes="' . sql_safe($notes) . '",company="' . sql_safe($company) . '",url="' . sql_safe($url) . '",category=' . $category_id . ',public=' . $public . ' WHERE user=' . $userid . ' AND ID=' . $contact_id);
$data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['CONTACT']['CATEGORY']} WHERE user='{$userid}' AND ID='{$category_id}'");
$cat_title = $data[1]->title;
$base_instance->show_message('Contact updated', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelContact(item){if(confirm("Delete Contact?")){http.open(\'get\',\'delete-contact.php?item=\'+item); http.send(null);}}</script>
<a href="add-contact.php?category_id=' . $category_id . '">[Add more]</a> <a href="edit-contact.php?contact_id=' . $contact_id . '">[Edit]</a> <a href="javascript:DelContact(\'' . $contact_id . '\')">[Delete]</a> <a href="send-content.php?contact_id=' . $contact_id . '">[Send]</a><p><a href="show-contact-categories.php">[Show all Categories]</a> <a href="show-contact.php">[Show all Contacts]</a><p><b>Internal Link:</b> [c' . $contact_id . '] <b>Category:</b> ' . $cat_title . ' <a href="show-contact.php?category_id=' . $category_id . '">[Show]</a>');
} else {
$html_instance->error_message = $error;
$company = stripslashes($company);
$address = stripslashes($address);
$notes = stripslashes($notes);
}
} else {
$data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['CONTACT']['MAIN']} WHERE user='{$userid}' AND ID={$contact_id}");
if (!$data) {
$base_instance->show_message('Contact not found', '', 1);示例6: base
require 'class.base.php';
require 'class.html.php';
$base_instance = new base();
$html_instance = new html();
$userid = $base_instance->get_userid();
$datetime = date('Y-m-d H:i:s');
if (empty($_GET['order_type'])) {
$order_type = 'DESC';
} else {
$order_type = sql_safe($_GET['order_type']);
}
if (empty($_GET['order_col'])) {
$order_col = 'ID';
} else {
$order_col = sql_safe($_GET['order_col']);
}
if (empty($_GET['show_all'])) {
$where = "WHERE DATE_ADD(last_reminded, INTERVAL frequency DAY)<'{$datetime}' AND user='{$userid}'";
$header = 'Reminders To Do <a href="' . $_SERVER['PHP_SELF'] . '?show_all=1">[Show all Reminders]</a>';
$show_all = 0;
} else {
$where = "WHERE user='{$userid}'";
$header = 'All Reminders <a href="' . $_SERVER['PHP_SELF'] . '?show_all=0">[Show Reminders To Do]</a>';
$show_all = 1;
}
$html_instance->add_parameter(array('ACTION' => 'show_content', 'ENTITY' => 'REMINDER', 'SUBENTITY' => 'DAYS', 'MAXHITS' => 50, 'WHERE' => "{$where} AND homepage=1", 'ORDER_COL' => "{$order_col}", 'ORDER_TYPE' => "{$order_type}", 'HEADER' => "{$header}", 'SORTBAR' => 6, 'SORTBAR_FIELD1' => 'title', 'SORTBAR_NAME1' => 'Title', 'SORTBAR_FIELD2' => 'bluebox', 'SORTBAR_NAME2' => 'Days due', 'SORTBAR_FIELD3' => 'last_reminded', 'SORTBAR_NAME3' => 'Last Time Done', 'SORTBAR_FIELD4' => 'done', 'SORTBAR_NAME4' => 'Done', 'SORTBAR_FIELD5' => 'frequency', 'SORTBAR_NAME5' => 'Do every', 'SORTBAR_FIELD6' => 'datetime', 'SORTBAR_NAME6' => 'Date added', 'INNER_TABLE_WIDTH' => '95%', 'URL_PARAMETER' => "show_all={$show_all}"));
if ($order_col == 'bluebox') {
$html_instance->para['ORDER_COL'] = '(UNIX_TIMESTAMP("' . $datetime . '")-UNIX_TIMESTAMP(last_reminded)-(frequency*86400))';
}
# translate bluebox ORDER_COL示例7: base
<?php
require 'class.base.php';
$base_instance = new base();
$userid = $base_instance->get_userid();
$where = '';
if (isset($_GET['text_search'])) {
$text_search = sql_safe($_GET['text_search']);
$where = " AND (text LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%') ";
}
if (isset($_GET['category_id'])) {
$category_id = (int) $_GET['category_id'];
$where .= ' AND category=' . $category_id;
} else {
if (isset($_GET['blog_id'])) {
$blog_id = (int) $_GET['blog_id'];
$where = ' AND ID=' . $blog_id;
}
}
$data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['BLOG']['MAIN']} WHERE user='{$userid}'{$where} ORDER BY datetime DESC");
echo '<head><meta http-equiv="content-type" content="text/html;charset=utf-8">
<style type="text/css">
td {font-family:Arial; font-size:10pt}
table.pastel,table.pastel td {border:1px solid #c5c5c5; border-collapse:collapse}
</style>
</head>
<table width="100%" border cellspacing=0 cellpadding=5 class="pastel">';
for ($index = 1; $index <= sizeof($data); $index++) {
$title = $data[$index]->title;
$text = $data[$index]->text;示例8: md5
if (!copy($source, $dest)) {
$error .= '<li> File could not be stored';
}
}
} else {
$error .= '<li> File not supplied or too big';
}
}
if (!$error) {
$datetime = $_POST['datetime'];
if ($public == 2) {
$token = 't' . md5(uniqid(rand(), true));
} else {
$token = '';
}
$base_instance->query('INSERT INTO ' . $base_instance->entity['FILE']['MAIN'] . ' (datetime,text,title,filename,user,category,public,token) VALUES ("' . sql_safe($datetime) . '","' . sql_safe($text) . '","' . sql_safe($title) . '","' . sql_safe($filename) . '",' . $userid . ',' . $category_id . ',' . $public . ',"' . $token . '")');
$file_id = mysqli_insert_id($base_instance->db_link);
$data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['FILE']['CATEGORY']} WHERE user='{$userid}' AND ID='{$category_id}'");
$cat_title = $data[1]->title;
#
$path = pathinfo($filename);
if (isset($path['extension'])) {
$ext = strtolower($path['extension']);
} else {
$ext = '';
}
if ($ext == 'gif' or $ext == 'png' or $ext == 'jpg' or $ext == 'jpeg') {
$display_image = '<p><b>Display Image:</b> [image-' . $file_id . ']';
} else {
$display_image = '';
}示例9: mysqli_insert_id
$select_field_id = mysqli_insert_id($base_instance->db_link);
for ($index = 1; $index <= $number_of_fields; $index++) {
$name_item = sql_safe($_POST['name_select_field_item_' . $index]);
if ($name_item) {
$base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['SELECT_ITEMS']} (title,user,select_field_id) VALUES ('{$name_item}',{$userid},{$select_field_id})");
}
}
$base_instance->show_message('Field saved', '<a href="add-database-number-field.php?category_id=' . $category_id . '">[Add Number Field]</a> <a href="add-database-text-field.php?category_id=' . $category_id . '">[Add Text Field]</a><p>
<a href="add-database-select-field.php?category_id=' . $category_id . '">[Add Select Field]</a> <a href="add-database-checkbox-field.php?category_id=' . $category_id . '">[Add Checkbox Field]</a><p><a href="add-database-data.php?category_id=' . $category_id . '">[Add Data]</a> <a href="edit-database-select-field.php?select_field_id=' . $select_field_id . '">[Edit Field]</a> <a href="show-database-data.php?category_id=' . $category_id . '">[Show all Data]</a>');
}
}
if (empty($number_of_fields)) {
$number_of_fields = 5;
}
if (isset($_POST['title_select_field'])) {
$title_select_field = sql_safe($_POST['title_select_field']);
} else {
$title_select_field = '';
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Select Fields', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '30%', 'BUTTON_TEXT' => 'Save Field'));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'save_it', 'VALUE' => 1));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'number_of_fields', 'VALUE' => "{$number_of_fields}"));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'category_id', 'VALUE' => "{$category_id}"));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title_select_field', 'VALUE' => "{$title_select_field}", 'SIZE' => 35, 'TEXT' => 'Name of Field'));
for ($index = 1; $index <= $number_of_fields; $index++) {
$name = 'name_select_field_item_' . $index;
if (isset($item_value[$index])) {
$value = $item_value[$index];
} else {
$value = '';
}示例10: str_replace
$title = str_replace('"', '"', $title);
}
if (!$text) {
$error .= '<li> Text cannot be left blank';
} else {
$text = trim($text);
if (strlen($text) > 65535) {
$error .= '<li> Text is too long (Max. 65535 Characters)';
}
}
if (!$error) {
if ($new_category) {
$base_instance->query('INSERT INTO ' . $base_instance->entity['KNOWLEDGE']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')');
$category_id = mysqli_insert_id($base_instance->db_link);
}
$base_instance->query('UPDATE ' . $base_instance->entity['KNOWLEDGE']['MAIN'] . ' SET text="' . sql_safe($text) . '",title="' . sql_safe($title) . '",category=' . $category_id . ',value=' . $value . ',public=' . $public . ' WHERE user=' . $userid . ' AND ID=' . $knowledge_id);
$data = $base_instance->get_data('SELECT title FROM ' . $base_instance->entity['KNOWLEDGE']['CATEGORY'] . ' WHERE user=' . $userid . ' AND ID=' . $category_id);
$cat_title = $data[1]->title;
$base_instance->show_message('Knowledge updated', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelKnow(item){if(confirm("Delete Knowledge?")){http.open(\'get\',\'delete-knowledge.php?item=\'+item); http.send(null);}}</script>
<a href="add-knowledge.php?category_id=' . $category_id . '">[Add more]</a> <a href="edit-knowledge.php?knowledge_id=' . $knowledge_id . '">[Edit]</a> <a href="javascript:DelKnow(\'' . $knowledge_id . '\')">[Delete]</a> <a href="send-content.php?knowledge_id=' . $knowledge_id . '">[Send]</a><p><a href="show-knowledge-categories.php">[Show all Categories]</a> <a href="show-knowledge.php">[Show all Knowledge]</a><p><b>Internal Link:</b> [k' . $knowledge_id . '] <b>Category:</b> ' . $cat_title . ' <a href="show-knowledge.php?category_id=' . $category_id . '">[Show]</a>');
} else {
$html_instance->error_message = $error;
$text = stripslashes($text);
$title = stripslashes($title);
}
} else {
$data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['KNOWLEDGE']['MAIN']} WHERE user='{$userid}' AND ID='{$knowledge_id}'");
if (!$data) {
$base_instance->show_message('Knowledge not found', '', 1);
}示例11: base
<?php
require 'class.base.php';
require 'class.html.php';
$base_instance = new base();
$html_instance = new html();
$userid = $base_instance->get_userid();
$text_search = isset($_REQUEST['text_search']) ? sql_safe($_REQUEST['text_search']) : '';
$whole_words = isset($_POST['whole_words']) ? 1 : '';
$category_id = isset($_REQUEST['category_id']) ? (int) $_REQUEST['category_id'] : '';
if ($text_search && $whole_words) {
$query = " AND (text REGEXP '([[:space:]]|[[:<:]]){$text_search}([[:>:]]|[[:space:]])' OR title REGEXP '([[:space:]]|[[:<:]]){$text_search}([[:>:]]|[[:space:]])') ";
$param = 'text_search=' . $text_search . '&';
} else {
if ($text_search) {
$query = " AND (text LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%') ";
$param = 'text_search=' . $text_search . '&';
} else {
$query = '';
$param = '';
}
}
#
if ($category_id) {
$query .= " AND (category={$category_id}) ";
$param .= 'category_id=' . $category_id . '&';
$data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['TO_DO']['CATEGORY']} WHERE ID={$category_id}");
$title = $data[1]->title;
$category_name = '(Category ' . $title . ')';
} else {
$category_name = '';示例12: mysql_num_rows
}
$rows = mysql_num_rows($res);
for ($index = 1; $index <= $rows; $index++) {
$data[$index] = mysql_fetch_object($res);
}
mysql_free_result($res);
if (isset($data)) {
return $data;
} else {
return;
}
}
$message = isset($_REQUEST['message']) ? sql_safe($_REQUEST['message']) : '';
$token = isset($_REQUEST['token']) ? sql_safe($_REQUEST['token']) : '';
$usertoken = isset($_REQUEST['usertoken']) ? sql_safe($_REQUEST['usertoken']) : '';
$name = isset($_REQUEST['name']) ? sql_safe($_REQUEST['name']) : '';
$typing = isset($_REQUEST['typing']) ? (int) $_REQUEST['typing'] : '';
$leave = isset($_REQUEST['leave']) ? 1 : '';
$new_messages = isset($_REQUEST['new_messages']) ? 1 : '';
$timestamp = time();
# post a new message
if ($message != '' && $name != '' && $token != '') {
$datetime = date('Y-m-d H:i:s');
$res = mysql_query("INSERT INTO organizer_chat (datetime,token,username,message) VALUES ('{$datetime}','{$token}','{$name}','{$message}')");
}
# I'm still here
if ($usertoken != '') {
$res = mysql_query("UPDATE organizer_chat_user SET last_active='{$timestamp}',typing='{$typing}' WHERE user_token='{$usertoken}'");
}
# get messages
$msg = '<?xml version="1.0"?><messages>';示例13: sql_safe
$data = $base_instance->get_data('SELECT * FROM ' . $base_instance->entity['USER']['MAIN'] . ' WHERE ID=' . _GUEST_USERID);
$username = $data[1]->username;
$pw = $data[1]->user_password;
} else {
if (isset($_REQUEST['username'])) {
$username = sql_safe($_REQUEST['username']);
} else {
$username = '';
}
if (isset($_REQUEST['pw'])) {
$pw = sql_safe($_REQUEST['pw']);
} else {
$pw = '';
}
if (isset($_GET['secure_pw'])) {
$secure_pw = sql_safe($_GET['secure_pw']);
} else {
$secure_pw = '';
}
}
if (empty($username) && empty($pw)) {
header('Location: sign-up.php');
exit;
}
if ($username && ($pw or $secure_pw)) {
if (isset($_GET['guest'])) {
$pw_sha1 = $pw;
} else {
if (isset($_GET['secure_pw'])) {
$pw_sha1 = $_GET['secure_pw'];
} else {示例14: spam_remove_old
function spam_remove_old($type, $time_str)
{
if ($type == "comment") {
$created = "added";
} else {
if ($type == "feedback") {
$created = "created";
} else {
if ($type == "FAQ") {
$created = "created";
}
}
}
$sql = "DELETE FROM " . PREFIX . sql_safe($type) . " \n\tWHERE is_spam>0 \n\tAND {$created}<'" . date("YmdHis", strtotime("- " . $time_str)) . "';";
// echo "<br />DEBUG2258 ".$sql;
mysql_query($sql);
}示例15: trim
} else {
if (!$followup) {
$error .= '<li> Title cannot be left blank';
}
}
if ($text) {
$text = trim($text);
if (strlen($text) > 65535) {
$error .= '<li> Text is too long (Max. 65535 Characters)';
}
} else {
$error .= '<li> Message cannot be left blank';
}
if (!$error) {
$datetime = $_POST['datetime'];
$base_instance->query('INSERT INTO ' . $base_instance->entity['FORUM']['MAIN'] . ' (datetime,updated,text,title,followup,user) VALUES ("' . sql_safe($datetime) . '","' . sql_safe($datetime) . '","' . sql_safe($text) . '","' . sql_safe($title) . '",' . $followup . ',' . $userid . ')');
if (_FORUM_NOTIFY == 1 && $userid != _ADMIN_USERID) {
$msg = "New Forum Message:\n\n" . $title . "\n\n" . $text;
$base_instance->send_email_from_admin('New Forum Message Notification', $msg, _ADMIN_EMAIL);
}
header('Location: show-forum.php');
exit;
} else {
$html_instance->error_message = $error;
$text = stripslashes($text);
$title = stripslashes($title);
}
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'New Forum Message', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.title.focus()"', 'BUTTON_TEXT' => 'Post new Message'));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'followup', 'VALUE' => "{$followup}"));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title', 'VALUE' => "{$title}", 'SIZE' => 50, 'TEXT' => 'Title'));