本文整理汇总了PHP中unsafeChar函数的典型用法代码示例。如果您正苦于以下问题:PHP unsafeChar函数的具体用法?PHP unsafeChar怎么用?PHP unsafeChar使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了unsafeChar函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: commenttable_new
function commenttable_new($rows)
{
global $CURUSER, $HTTP_SERVER_VARS;
begin_main_frame();
begin_frame();
$count = 0;
foreach ($rows as $row) {
$subres = mysql_query("SELECT name from torrents where id=" . unsafeChar($row["torrent"])) or sqlerr(__FILE__, __LINE__);
$subrow = mysql_fetch_array($subres);
print "<br /><a href=\"details.php?id=" . safeChar($row["torrent"]) . "\">" . safeChar($subrow["name"]) . "</a><br />\n";
print "<p class=sub>#" . $row["id"] . " by ";
if (isset($row["username"])) {
print "<a name=comm" . $row["id"] . " href=userdetails.php?id=" . safeChar($row["user"]) . "><b>" . safechar($row["username"]) . "</b></a>" . ($row["warned"] == "yes" ? "<img src=" . "pic/warned.gif alt=\"Warned\">" : "");
} else {
print "<a name=\"comm" . safeChar($row["id"]) . "\"><i>(orphaned)</i></a>\n";
}
print " at " . safeChar($row["added"]) . " GMT" . "- [<a href=comment.php?action=edit&cid={$row['id']}>Edit</a>]" . "- [<a href=deletecomment.php?id={$row['id']}>Delete</a>]</p>\n";
$avatar = $CURUSER["avatars"] == "yes" ? safechar($row["avatar"]) : "";
if (!$avatar) {
$avatar = "pic/default_avatar.gif";
}
begin_table(true);
print "<tr valign=top>\n";
print "<td align=center width=150 style='padding: 0px'><img width=150 src={$avatar}></td>\n";
print "<td class=text>" . format_comment($row["text"]) . "</td>\n";
print "</tr>\n";
end_table();
}
end_frame();
end_main_frame();
}示例2: sqlesc
function sqlesc($x)
{
if (get_magic_quotes_gpc()) {
$x = stripslashes($x);
}
if (is_numeric($x)) {
return "'" . $x . "'";
}
return "'" . mysql_real_escape_string(unsafeChar($x)) . "'";
}示例3: floor
$s = "sad";
} else {
$s = "cry";
}
}
}
}
}
$sr = floor($sr * 1000) / 1000;
$sr = "<table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded><font color=" . get_ratio_color($sr) . ">" . number_format($sr, 3) . "</font></td><td class=embedded> <img src=/pic/smilies/{$s}.gif></td></tr></table>";
echo "<tr><td class=rowhead style='vertical-align: middle'>Share ratio</td><td align=left valign=center style='padding-top: 1px; padding-bottom: 0px'>{$sr}</td></tr>\n";
}
}
$connectable = "";
// Get connetibility and # of leeches/seeds
$resnew = sql_query("SELECT seeder,connectable,COUNT(userid) as count,userid from peers group by seeder,userid having userid=" . unsafeChar($CURUSER["id"]));
while ($resopt = mysql_fetch_row($resnew)) {
if ($resopt[0] == 'yes') {
$activeseed = $resopt[2];
} else {
$activeleech = $resopt[2];
}
$connect = $resopt[1];
}
if (!$activeseed) {
$activeseed = 0;
}
if (!$activeleech) {
$activeleech = 0;
}
/// Check Connectibility示例4: stderr
//$player = UC_BANNED;
//$player = UC_LEECH;
//$player = UC_USER;
$player = UC_POWER_USER;
//$player = UC_VIP;
//$player = UC_UPLOADER;
//$player = UC_MODERATOR;
//$player = UC_ADMINISTRATOR;
//$player = UC_SYSOP;
//$player = UC_OWNER;
//$player = UC_CODER;
if (get_user_class() < $player) {
stderr("Sorry " . $CURUSER["username"], "The MODERATOR do not allow your class to play casino. Power Users and above only.");
}
if ($_POST["agree"] == "Yes") {
mysql_query("UPDATE users SET casagree = 'yes' WHERE id = '" . unsafeChar($CURUSER['id']) . "'");
header("Location: {$BASEURL}/casino.php");
} elseif ($_POST["agree"] == "No") {
header("Location: {$BASEURL}/index.php");
}
////////////////////////////////////////////////standard html begin
stdhead(casino);
begin_main_frame();
begin_table();
echo "<form name=agree method=post action={$phpself}>";
echo "<table width=\"700\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td class=\"embedded\">";
begin_frame("Casino Agreement");
tr("Yes I have read this agreement and understand this agreement, Please take me to the casino", '<input name="agree" type="radio" checked value="Yes">', 1);
tr("No I do not agree with this agreement, return to the home page ", '<input name="agree" type="radio" value="No">', 1);
tr("Submit:", "<input type=submit value='Submit!' >", 1);
echo "<center><h1>" . safeChar($CURUSER[username]) . "</h1></center>";示例5: sql_query
self.location.href='<?php
$_SERVER["PHP_SELF"];
?>
?action=del&id='+id;
}
}
//-->
</script>
<?php
echo '<table width="100%" border="0" align="center" cellpadding="2" cellspacing="0">';
echo "<tr><td class=colhead align=left>Name</td><td class=colhead>OverForum</td><td class=colhead>Read</td><td class=colhead>Write</td><td class=colhead>Create topic</td><td class=colhead>Modify</td></tr>";
$result = sql_query("SELECT * FROM forums ORDER BY sort ASC");
if ($row = mysql_fetch_array($result)) {
do {
$forid = $row['forid'];
$res2 = sql_query("SELECT name FROM overforums WHERE id=" . unsafeChar($forid) . "");
$arr2 = mysql_fetch_array($res2);
$name = $arr2['name'];
echo "<tr><td><a href=forums.php?action=viewforum&forumid=" . safeChar($row["id"]) . "><b>" . safeChar($row["name"]) . "</b></a><br>" . safeChar($row["description"]) . "</td>";
echo "<td>" . safeChar($name) . "</td><td>" . get_user_class_name($row["minclassread"]) . "</td><td>" . get_user_class_name($row["minclasswrite"]) . "</td><td>" . get_user_class_name($row["minclasscreate"]) . "</td><td align=center nowrap><b><a href=\"" . $PHP_SELF . "?action=editforum&id=" . safeChar($row["id"]) . "\">Edit</a> | <a href=\"javascript:confirm_delete('" . $row["id"] . "');\"><font color=red>Delete</font></a></b></td></tr>";
} while ($row = mysql_fetch_array($result));
} else {
print "<tr><td>Sorry, no records were found!</td></tr>";
}
echo "</table>";
?>
<br><br>
<form method=post action="<?php
echo $_SERVER["PHP_SELF"];
?>
">示例6: safechar
function safechar($var)
{
return htmlspecialchars(unsafeChar($var));
}示例7: stderr
}
$newup = $CURUSER['uploaded'] - $nobits;
$debt = $nobits - $CURUSER['uploaded'];
if ($CURUSER['uploaded'] < $nobits) {
if ($alwdebt != 'y') {
stderr("Sorry", "<h2>Thats " . safeChar(prefixed($debt)) . " more than you got!</h2>{$goback}");
}
}
$betsp = sql_query("SELECT id, amount FROM casino_bets WHERE userid = " . unsafeChar($CURUSER['id']) . " ORDER BY time ASC") or sqlerr(__FILE__, __LINE__);
$tbet2 = mysql_fetch_row($betsp);
$dummy = "<H2>Bet added, you will receive a PM notifying you of the results when someone has taken it</H2>";
sql_query("INSERT INTO casino_bets ( userid, proposed, challenged, amount, time) VALUES ('" . unsafeChar($CURUSER['id']) . "','" . unsafeChar($CURUSER['username']) . "', 'empty', '{$nobits}', '{$time}')") or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE users SET uploaded = {$newup} WHERE id = " . unsafeChar($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE casino SET deposit = deposit + {$nobits} WHERE userid = " . unsafeChar($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
if (mysql_affected_rows() == 0) {
sql_query("INSERT INTO casino (userid, date, deposit) VALUES (" . unsafeChar($CURUSER['id']) . ", '{$time}', '" . unsafeChar($nobits) . "')") or sqlerr(__FILE__, __LINE__);
}
}
$loca = sql_query("SELECT * FROM casino_bets WHERE challenged ='empty'");
$totbets = mysql_num_rows($loca);
// //////////////////////////////////////////////standard html begin
stdhead(Casino);
echo "<h1>bet P2P with other users:</h1>";
echo "<table class=message width=650 cellspacing=0 cellpadding=5>\n";
echo "<tr><td align=center >";
echo $dummy;
// Place bet table
if ($openbet < $maxusrbet) {
if ($totbets >= $maxtotbet) {
echo "<br>There are already " . safeChar($maxtotbet) . " bets open, take an open bet !<br>";
} else {示例8: dbconn
if (!mkglobal("id")) {
die;
}
$id = 0 + $id;
if (!$id) {
die;
}
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
$res = mysql_query("SELECT * FROM torrents WHERE id =" . unsafeChar($id) . "");
$row = mysql_fetch_assoc($res);
if (!$row) {
die;
}
stdhead("Edit torrent \"" . $row["name"] . "\"");
if (!isset($CURUSER) || $CURUSER["id"] != $row["owner"] && get_user_class() < UC_MODERATOR) {
echo "<h1>Can't edit this torrent</h1>\n";
echo "<p>You're not the rightful owner, or you're not <a href=\"login.php?returnto=" . urlencode(substr($_SERVER["REQUEST_URI"], 1)) . "&nowarn=1\">logged in</a> properly.</p>\n";
} else {
echo "<form name=edit method=post action=takeedit.php enctype=multipart/form-data>\n";
echo "<input type=\"hidden\" name=\"id\" value=\"{$id}\">\n";
if (isset($_GET["returnto"])) {
echo "<input type=\"hidden\" name=\"returnto\" value=\"" . safeChar($_GET["returnto"]) . "\" />\n";
}
echo "<table border=\"1\" cellspacing=\"0\" cellpadding=\"10\">\n";示例9: mysql_query
$res1 = mysql_query("SELECT COUNT(*) FROM shoutbox {$limit}") or sqlerr();
$row1 = mysql_fetch_array($res1);
$count = $row1[0];
$shoutsperpage = 30;
list($pagertop, $pagerbottom, $limit) = pager($shoutsperpage, $count, "shistory.php?");
print "{$pagertop}";
$res = sql_query("SELECT * FROM shoutbox ORDER BY date DESC {$limit}") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) {
print "\n";
} else {
print "<table border=0 cellspacing=0 cellpadding=2 width='100%' align='left' class='small'>\n";
$i = 0;
while ($arr = mysql_fetch_assoc($res)) {
$res2 = sql_query("SELECT username,class,donor,warned,downloadpos,chatpost,forumpost,uploadpos,parked FROM users WHERE id=" . unsafeChar($arr[userid]) . "") or sqlerr(__FILE__, __LINE__);
$arr2 = mysql_fetch_array($res2);
$resowner = sql_query("SELECT id, username, class FROM users WHERE id=" . unsafeChar($arr[userid]) . "") or sqlerr(__FILE__, __LINE__);
$rowowner = mysql_fetch_array($resowner);
if ($rowowner["class"] == "7") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "6") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "5") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "4") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "3") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";示例10: mysql_query
$res = mysql_query("SELECT id, name from torrents where id=" . unsafeChar($id) . "");
if (mysql_num_rows($res) == 0) {
stderr("Err", "No torrent with this id ");
} else {
$arr = mysql_fetch_array($res);
stdhead("Bookmarks for " . $arr["name"] . "");
?>
<h2>Bookmarks for torrent <br/><a href=details.php?id=<?php
echo $id;
?>
><?php
echo $arr['name'];
?>
</a></h2><table>
<?php
$res = mysql_query("SELECT b.userid, u.username FROM bookmarks AS b LEFT JOIN users AS u ON b.userid=u.id WHERE torrentid=" . unsafeChar($id) . " AND b.private = 'no' ORDER BY u.username ASC ") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) > 0) {
?>
<tr><td class='colhead'>Username</td></tr>
<?php
while ($ar = mysql_fetch_array($res)) {
?>
<tr><td align='center'><a href='userdetails.php?id=<?php
echo $ar['userid'];
?>
'><?php
echo $ar['username'];
?>
</a></td></tr>
<?php
}示例11: bark
if (!mkglobal("rating:id")) {
bark("missing form data");
}
$id = 0 + $id;
if (!$id) {
bark("invalid id");
}
$rating = 0 + $rating;
if ($rating <= 0 || $rating > 5) {
bark("invalid rating");
}
$res = sql_query("SELECT owner FROM torrents WHERE id = " . unsafeChar($id) . "");
$row = mysql_fetch_array($res);
if (!$row) {
bark("no such torrent");
}
// if ($row["owner"] == $CURUSER["id"])
// bark("You can't vote on your own torrents.");
$res = sql_query("INSERT INTO ratings (torrent, user, rating, added) VALUES ({$id}, " . unsafeChar($CURUSER["id"]) . ", {$rating}, NOW())");
if (!$res) {
if (mysql_errno() == 1062) {
bark("You have already rated this torrent.");
} else {
bark(mysql_error());
}
}
sql_query("UPDATE torrents SET numratings = numratings + 1, ratingsum = ratingsum + {$rating} WHERE id = " . unsafeChar($id) . "");
// ===add karma
sql_query("UPDATE users SET seedbonus = seedbonus+5.0 WHERE id = " . unsafeChar($CURUSER["id"]) . "") or sqlerr(__FILE__, __LINE__);
// ===end
header("Refresh: 0; url=details.php?id={$id}&rated=1");示例12: header
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
if (get_user_class() < UC_SYSOP) {
hacker_dork("Ratio Edit - Nosey Cunt !");
}
if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
if ($HTTP_POST_VARS["username"] == "" || $HTTP_POST_VARS["uploaded"] == "" || $HTTP_POST_VARS["downloaded"] == "") {
stderr("Error", "Missing form data.");
}
$username = unsafeChar($HTTP_POST_VARS["username"]);
$uploaded = unsafeChar($HTTP_POST_VARS["uploaded"]);
$downloaded = unsafeChar($HTTP_POST_VARS["downloaded"]);
// getting the id of user in cause // CyBerFuN
$cyberfun_sql_x = sql_query("SELECT id\nFROM `users`\nWHERE `username` LIKE " . sqlesc($username) . "\nLIMIT 1 ;") or sqlerr(__FILE__, __LINE__);
//
$cyberfun_response_row = mysql_fetch_row($cyberfun_sql_x);
$cfn_id = $cyberfun_response_row[0];
// $cfn_status = $cyberfun_response_row[1];
sql_query("UPDATE users SET uploaded = {$uploaded}, downloaded = {$downloaded} WHERE id = {$cfn_id}") or sqlerr(__FILE__, __LINE__);
write_log("Ratio edited", "{$username} had their ratio adjusted by {$CURUSER['username']} to {$uploaded} bytes uploaded and {$downloaded} bytes downloaded.");
if (!$cyberfun_response_row) {
stderr("Error", "Unable to update account.");
}
header("Location: {$BASEURL}/userdetails.php?id={$cyberfun_response_row['0']}");
die;
}
stdhead("Ratio Edit");示例13: dbconn
require_once "include/bbcode_functions.php";
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
stdhead("Delete Torrent");
begin_main_frame();
if ($_GET[mode] == "delete") {
if (get_user_class() >= UC_MODERATOR) {
$table = "torrents";
$table2 = "sitelog";
$res = sql_query("SELECT id, name,owner,seeders FROM torrents WHERE id IN (" . implode(", ", unsafeChar($_POST[delete])) . ")") or sqlerr(__FILE__, __LINE__);
echo "The following torrents has been deleted:<br><br>";
while ($row = mysql_fetch_array($res)) {
echo "ID: " . safeChar($row[id]) . " - " . safeChar($row[name]) . "<br>";
$reasonstr = "Dead: 0 seeders, 0 leechers = 0 peers total";
$text = "Torrent " . safeChar($row[id]) . " (" . safeChar($row[name]) . ") was deleted by " . safeChar($CURUSER[username]) . "({$reasonstr})\n";
$added = sqlesc(get_date_time());
write_log("torrentdelete", "Torrent {$id} ({$row['name']}) was deleted by '<a href=\"userdetails.php?id={$CURUSER['id']}\">{$CURUSER['username']}</a>' Reason : ({$reasonstr})\n");
}
sql_query("DELETE FROM {$table} where id IN (" . implode(", ", unsafeChar($_POST[delete])) . ")") or sqlerr(__FILE__, __LINE__);
} else {
echo "You are not allowed to view this page";
}
}
end_main_frame();
stdfoot();示例14: stdhead
stdhead();
stdmsg("Thanks failed!", $msg);
stdfoot();
exit;
}
if (!isset($CURUSER)) {
die;
}
if (!mkglobal("id")) {
die;
}
$id = 0 + $id;
if (!$id) {
die;
}
$res = sql_query("SELECT 1 FROM torrents WHERE id = " . unsafeChar($id) . "");
$row = mysql_fetch_array($res);
if (!$row) {
die;
}
$ras = sql_query("select 1 from thanks WHERE torid=" . unsafeChar($id) . " AND uid =" . unsafeChar($CURUSER["id"]) . "") or die(mysql_error());
$raw = mysql_fetch_array($ras);
if ($raw) {
bark("You already thanked.");
}
$text = ":thankyou:";
sql_query("INSERT INTO thanks (uid, torid, thank_date) VALUES (" . unsafeChar($CURUSER["id"]) . ",{$id}, '" . get_date_time() . "')");
sql_query("INSERT INTO comments (user, torrent, added, text, ori_text) VALUES (" . unsafeChar($CURUSER["id"]) . ",{$id}, '" . get_date_time() . "', " . sqlesc($text) . "," . sqlesc($text) . ")");
$newid = mysql_insert_id();
sql_query("UPDATE torrents SET thanks = thanks + 1 WHERE id = " . unsafeChar($id) . "");
header("Refresh: 0; url=details.php?id={$id}&viewcomm={$newid}#comm{$newid}");示例15: die
case 0:
$commentbar = "<p align=center>" . $language['dtrevoked'] . "</p>\n";
break;
case 1:
$commentbar = "<p align=center><a class=index href=comment.php?action=add&tid={$id}>" . $language['dt65'] . "</a></p>\n <a class=index href=takethankyou.php?id={$id}> <img src=" . $pic_base_url . "thankyou.gif border=0></a></p>";
break;
case 2:
$commentbar = "<p align=center>" . $language['dtnocom'] . "</p>\n";
default:
die('Contact Administrator');
break;
}
$subres = sql_query("SELECT COUNT(*) FROM comments WHERE torrent = " . unsafeChar($id) . "");
$subrow = mysql_fetch_array($subres);
$count = $subrow[0];
$tures = sql_query("SELECT id,username FROM users,thanks WHERE users.id = thanks.uid AND thanks.torid = " . unsafeChar($id) . "");
begin_main_frame();
end_main_frame();
if (!$count) {
echo "<h2>" . $language['dt64'] . "</h2>\n";
} else {
list($pagertop, $pagerbottom, $limit) = pager(20, $count, "details.php?id={$id}&", array("lastpagedefault" => 1));
$subres = sql_query("SELECT comments.id, text, user, comments.added, comments.anonymous, editedby, editedat, avatar, warned, " . "username, title, reputation, class, signature, signatures, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE torrent = " . "{$id} ORDER BY comments.id {$limit}") or sqlerr(__FILE__, __LINE__);
$allrows = array();
while ($subrow = mysql_fetch_assoc($subres)) {
$allrows[] = $subrow;
}
echo $commentbar;
echo $pagertop;
commenttable($allrows);
echo $pagerbottom;