PHP DAO::escape方法代码示例

 /**
  * Create a new object for future insertion. Each argument is a value for a column in the database.
  * @param DAO $dao a reference to a instance of DAO
  * @param string $table the name of the table of this object
  * @param array $assoc the associative array describing the properties of this object
  * @return DataObject A new DataObject instance with the variables specified in $assoc which can
  *	be committed to the table $table.
  */
 static function create($dao, $table, $assoc)
 {
     $obj = new DataObject();
     $obj->table = $table;
     $obj->dao = $dao;
     //Reference to the dao stored
     $obj->update = false;
     //This will be inserted on commit
     foreach ($assoc as $key => $arg) {
         $obj->{$key} = $dao->escape($arg);
     }
     return $obj;
 }

<?php

include "script/util/mysql.php";
include "script/util/redirect.php";
$dao = new DAO(false);
$rnd = $dao->escape($_GET["rnd"]);
//Delete the confirmation
//Fix the users email!
//Find the user id first
$confirmation = DataObject::select_one($dao, "confirmation", array("conf_id", "user_id"), array("conf_rnd" => $rnd));
if ($confirmation != NULL) {
    $user_id = $confirmation->user_id;
    //Then delete the confirmation
    if ($confirmation->delete()) {
        //Find the user that it relates to
        $user = DataObject::select_one($dao, "user", array("user_id", "user_email"), array("user_id" => $user_id));
        if ($user != NULL) {
            $user_email = $user->user_email;
            //Correct their email to enable login
            $space_pos = strpos($user_email, " ") + 1;
            $user_email = substr($user_email, $space_pos);
            //Take everything after space
            //Change and commit
            $user->user_email = $user_email;
            if ($user->commit()) {
                redirect("welcome/?m=10");
            } else {
                //Faliure to change the user's email
                //User should be deleted so they can register again
                $user->delete();
                redirect("welcome/?m=6");

<?php

include "../util/session.php";
include "../util/session_var.php";
include_once "../util/mysql.php";
//Return posts from a certain cohort
$query = "";
$dao = new DAO(false);
$page_from = "0";
if (!(isset($_POST["post_id"]) || isset($_POST["comment_id"]))) {
    $page_from = $dao->escape($_POST["page_from"]);
    $page_to = $dao->escape($_POST["page_to"]);
    $PAGE_LENGTH = 10;
    $limit = "LIMIT " . $page_from * $PAGE_LENGTH . "," . ($page_to - $page_from) * $PAGE_LENGTH;
}
$hidden = "(post.post_id in(SELECT post_id FROM hidden_post WHERE user_id=\"{$user->user_id}\"))";
$can_vote = "!(post.post_id in(SELECT post_id FROM post_vote WHERE user_id=\"{$user->user_id}\"))";
$properties = "post.post_id,user.user_id,post.post_time,post.post_content,post.post_rating_up,post.post_rating_dn,user.user_name,user.user_picture,{$hidden} AS post_is_hidden,{$can_vote} AS can_vote";
if (isset($_POST["comment_id"])) {
    $comment = DataObject::select_one($dao, "comment", array("comment_id", "post_id"), array("comment_id" => $_POST["comment_id"]));
    if ($comment) {
        $post_id = $comment->post_id;
    }
    $query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post_id=\"{$post_id}\" ORDER BY post_time;";
} else {
    if (isset($_POST["post_id"])) {
        $post_id = $dao->escape($_POST["post_id"]);
        $query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post_id=\"{$post_id}\" ORDER BY post_time;";
    } else {
        if (isset($selected_user)) {
            $query = "SELECT {$properties} FROM post JOIN user ON user.user_id=post.user_id WHERE post.group_id=\"-1\" AND post.user_id=\"{$selected_user->user_id}\" ORDER BY post_time DESC {$limit};";

<?php

//Get all the members of a group given a group_id
include_once "../util/mysql.php";
$dao = new DAO(false);
$group_id = $dao->escape($_POST["group_id"]);
$query = "SELECT user.user_id,user.user_picture,user.user_name FROM grouping JOIN user ON user.user_id=grouping.user_id WHERE grouping.group_id=\"{$group_id}\";";
$dao->myquery($query);
echo $dao->fetch_json_part(array("user_id", "user_picture", "user_name"));

<?php

include_once "../util/mysql.php";
$dao = new DAO(false);
$uni_id = $dao->escape($_GET["university_id"]);
$course = $dao->escape($_GET["course"]);
$course = strtolower($course);
//Take the query and return a json list of courses that might match this one
$dao->myquery("SELECT course_id,course_name FROM course WHERE LOWER(course_name) LIKE '%{$course}%' AND university_id = '{$uni_id}';");
echo $dao->fetch_json_part(array("course_id", "course_name"));

<?php

include "../util/session.php";
include_once "../util/mysql.php";
include "../util/redirect.php";
$f = "../img/dp1.jpg";
if (isset($_GET["user_id1"])) {
    $dao = new DAO(false);
    $user_id1 = $dao->escape($_GET["user_id1"]);
    $dao->myquery("SELECT user_picture FROM user WHERE user_id=\"{$user_id1}\";");
    $user1 = $dao->fetch_one_obj_part(array("user_picture"));
    $f = "../profile_pictures/" . $user1->user_picture;
    if (!$user1->user_picture || !file_exists($f)) {
        $f = "../img/dp1.jpg";
    }
    header('Content-Type: image/jpeg');
    header("Content-Disposition: inline; filename=\"{$user1->user_picture}\"");
    readfile($f);
}

<?php

//Unhide a post that has been hidden
include "../util/session.php";
include_once "../util/mysql.php";
include "../util/status.php";
$dao = new DAO(false);
if (isset($_GET["post_id"])) {
    $post_id = $dao->escape($_GET["post_id"]);
    $hidden_post = DataObject::select_one($dao, "hidden_post", array("hide_id"), array("post_id" => $post_id, "user_id" => $user->user_id));
    if ($hidden_post) {
        $result = $hidden_post->delete();
        if ($result) {
            echo Status::json(0, "Post unhidden");
        } else {
            echo Status::json(1, "Post could not be unhidden");
        }
    } else {
        echo Status::json(2, "Post not hidden");
    }
} else {
    echo Status::json(3, "No post id");
}

<?php

if (isset($selected_user)) {
    unset($selected_user);
}
if ($logged_in && isset($_GET["user_id"])) {
    $dao = new DAO(false);
    $user_request = $dao->escape($_GET["user_id"]);
    $properties = array("user_id", "user_name", "user_picture", "course_name", "university_name");
    $dao->myquery("SELECT " . implode(",", $properties) . " FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON course.university_id=university.university_id WHERE user_id=\"{$user_request}\";");
    if ($dao->fetch_num_rows() > 0) {
        //User exists
        $selected_user = $dao->fetch_one_obj_part($properties);
        $friends_query = "SELECT * FROM connection WHERE (user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\") OR " . "(user_id2=\"{$user->user_id}\" AND user_id1=\"{$selected_user->user_id}\");";
        $dao->myquery($friends_query);
        $is_friend = $dao->fetch_num_rows() != 0 || $selected_user->user_id == $user->user_id || $selected_user->user_id == 1;
        // I am friends with myself
        $selected_user->is_friend = $is_friend;
        $dao->myquery("SELECT * FROM friend_request WHERE user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\";");
        $selected_user->request_sent = $dao->fetch_num_rows() != 0;
        $_SESSION["selected_user"] = $selected_user;
        unset($_SESSION["selected_cohort"]);
    }
}

<?php

include_once "../util/mysql.php";
include "../util/pwd.php";
$dao = new DAO(true);
$user_password = $dao->escape(salt($_POST["user_password"]));
$user->user_id = $dao->escape($_POST["user_id"]);
$conf_rnd = $dao->escape($_POST["conf_rnd"]);
$query = "SELECT * FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
if ($dao->fetch_num_rows() == 1) {
    $query = "DELETE FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
    $dao->myquery($query);
    $new_password_query = "UPDATE user SET user_password=\"{$user_password}\" WHERE user_id=\"{$user->user_id}\";";
    $dao->myquery($new_password_query);
}
?>
	

<?php

include "../util/session.php";
include "../util/redirect.php";
include "../util/pwd.php";
include_once "../util/mysql.php";
$redirect = "/";
if (isset($_POST["r"]) && $_POST["r"] != "") {
    $redirect = htmlspecialchars($_POST["r"]);
}
if (isset($_POST["user_email"]) && isset($_POST["user_password"]) && $_POST["user_email"] != "" && $_POST["user_password"] != "") {
    $dao = new DAO();
    $user_email = $dao->escape($_POST["user_email"]);
    $user_password = $dao->escape(salt($_POST["user_password"]));
    $user_query = "SELECT user_id,user_name,user_email,cohort_id,user_picture FROM user WHERE user_email=\"{$user_email}\" AND user_password=\"{$user_password}\";";
    $dao->myquery($user_query);
    if ($dao->fetch_num_rows() == 1) {
        $_SESSION["user"] = $dao->fetch_one_obj_part(array("user_id", "user_name", "user_email", "cohort_id", "user_picture"));
        unset($_SESSION["selected_user"]);
        redirect($redirect);
        //Go to the redirect link
    } else {
        redirect("../../welcome/?&m=2&r=" . $redirect . "&user_email=" . htmlspecialchars($user_email));
    }
} else {
    redirect("../../welcome/?m=3" . (isset($_POST["user_email"]) ? "&user_email=" . $_POST["user_email"] : "") . "&r=" . $redirect);
}

<?php

if ($logged_in) {
    $dao = new DAO(false);
    if (isset($_GET["cohort_id"])) {
        $cohort_request = $dao->escape($_GET["cohort_id"]);
        if ($cohort_request == $user->cohort_id) {
            $dao->myquery("SELECT cohort_id,cohort.group_id,group_name,cohort_start,course.course_name,university.university_name FROM cohort \n\t\t\t\t\tJOIN course ON cohort.course_id=course.course_id \n\t\t\t\t\tJOIN university ON university.university_id=course.university_id\n\t\t\t\t\tJOIN user_group ON cohort.group_id=user_group.group_id WHERE cohort_id=\"{$cohort_request}\";");
            $row = $dao->fetch_one_obj();
            if ($dao->fetch_num_rows() > 0) {
                //It exists
                $selected_group = new stdClass();
                $selected_group->cohort_id = $row->cohort_id;
                $selected_group->course_name = $row->course_name;
                $selected_group->university_name = $row->university_name;
                $selected_group->group_id = $row->group_id;
                $selected_group->group_name = $row->course_name . " at " . $row->university_name . " " . date("Y", strtotime($row->cohort_start));
                $selected_group->can_be_added_to = false;
                $d = new DateTime($row->cohort_start);
                $selected_group->cohort_start = $d->format('jS F Y');
                $selected_group->posting_enabled = $selected_group->cohort_id == $user->cohort_id;
                $_SESSION["selected_group"] = $selected_group;
                unset($_SESSION["selected_user"]);
            }
        } else {
            redirect("../");
        }
    }
}

<?php

include "../util/pwd.php";
include_once "../util/mysql.php";
include "../util/redirect.php";
include "../mail/send.php";
$dao = new DAO(false);
if (isset($_POST["user_name"]) && isset($_POST["user_email"]) && isset($_POST["user_password"]) && isset($_POST["university_id"]) && isset($_POST["course_id"]) && isset($_POST["start_year"]) && isset($_POST["start_month"])) {
    $user_name = $dao->escape($_POST["user_name"]);
    $user_email = $dao->escape($_POST["user_email"]);
    $user_password = $dao->escape(salt($_POST["user_password"]));
    $university_id = $dao->escape($_POST["university_id"]);
    $course_id = $dao->escape($_POST["course_id"]);
    $cohort_start = $dao->escape($_POST["start_year"]) . "-" . $dao->escape($_POST["start_month"]) . "-1";
    //Checks
    // - Email is unique
    // - Email confirmation
    // - Cohort exists or not?
    $dao->myquery("SELECT user_email FROM user WHERE user_email LIKE \"%{$user_email}\";");
    if ($dao->fetch_num_rows() == 0) {
        //Insert the user into the database, and retreive the user_id
        $cohort = DataObject::select_one($dao, "cohort", array("cohort_id", "group_id"), array("cohort_start" => $cohort_start, "course_id" => $course_id));
        if (!$cohort) {
            //Cohort does not exist, insert it
            $group = DataObject::create($dao, "user_group", array("group_name" => "Cohort {$cohort_id} Group"));
            $group->commit();
            $group_id = $group->get_primary_id();
            $cohort = DataObject::create($dao, "cohort", array("course_id" => $course_id, "group_id" => $group_id, "cohort_start" => $cohort_start));
            $cohort->commit();
        }
        $uncomfirmed = salt($user_email);

<?php

if ($logged_in) {
    $dao = new DAO(false);
    if (isset($_GET["group_id"])) {
        $group_request = $dao->escape($_GET["group_id"]);
        $user_in_group = NULL != DataObject::select_one($dao, "grouping", array("grouping_id"), array("group_id" => $group_request, "user_id" => $user->user_id));
        if ($user_in_group) {
            $row = DataObject::select_one($dao, "user_group", array("group_id", "group_name"), array("group_id" => $group_request));
            if ($row) {
                $selected_group = new stdClass();
                $selected_group->group_id = $row->group_id;
                $selected_group->group_name = stripslashes($row->group_name);
                $selected_group->posting_enabled = true;
                $selected_group->can_be_added_to = true;
                $_SESSION["selected_group"] = $selected_group;
                unset($_SESSION["selected_user"]);
            } else {
                redirect("../");
            }
        } else {
            redirect("../");
        }
    }
}

<!DOCTYPE>
<html><head><style>*{font-family: Arial,sans-serif}</style></head><body>
<?php 
include "../script/util/mysql.php";
include "../script/util/redirect.php";
if (isset($_POST["user_email"])) {
    include "../script/mail/send.php";
    $dao = new DAO(false);
    $user_email = $dao->escape($_POST["user_email"]);
    $query = "SELECT user_email,user_id,user_name FROM user WHERE user_email=\"{$user_email}\";";
    $dao->myquery($query);
    if ($dao->fetch_num_rows() == 1) {
        //Store intent to reset in the database with a checksum as the old password?
        $user = $dao->fetch_one_obj();
        $names = explode(" ", $user->user_name);
        if (count($names) == 0) {
            $user_first_name = $user->user_name;
        } else {
            $user_first_name = $names[0];
        }
        $conf_rnd = md5("lsdfuh.uh3" . rand(0, 10000000) . "g.adugi213y");
        $query = "INSERT INTO reset_request VALUES (NULL,\"{$user->user_id}\",\"{$conf_rnd}\")" . "ON DUPLICATE KEY UPDATE conf_rnd=\"{$conf_rnd}\";";
        $dao->myquery($query);
        $body = "<p>Hello {$user_first_name},</p>" . "<p>It appears you are having trouble remembering your password for Unify. " . "As such, someone (hopefully you) has requested that you reset your password. " . "If you have no idea what's going on, feel free to take no further action, " . "it's possible someone entered your email by mistake or is dillberately trying to " . "confuse you. However, if you really do want to reset your password, click the " . "link below!</p>" . "<p><a href=\"http://unify.lukebarnard.co.uk/reset-password/confirm.php?user_id={$user->user_id}&conf_rnd={$conf_rnd}\">RESET YOUR PASSWORD</a></p>" . "<p>Best Wishes,<br>" . "The Unify Team</p>";
        if (mail_message($user_email, "Password Reset", $body)) {
            echo "A message has been sent to your email account. When you get the email, click on the link it contains and you will be taken to a page where you can reset your password. ";
        } else {
            echo "Something has gone wrong when trying to email you. <a href=\".\">Try again?</a>";
        }
    } else {
        echo "Your email could not be found in our database. Perhaps you made a mistake when typing it? <a href=\".\">Try again?</a>";