本文整理汇总了PHP中InputFilter::preventSqlInjection方法的典型用法代码示例。如果您正苦于以下问题:PHP InputFilter::preventSqlInjection方法的具体用法?PHP InputFilter::preventSqlInjection怎么用?PHP InputFilter::preventSqlInjection使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类InputFilter的用法示例。
在下文中一共展示了InputFilter::preventSqlInjection方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: checkLock
/**
* checkLock() helper
*
* @param string resource path to check for locks
* @return bool true on success
*/
public function checkLock($path)
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = $filter->validateInput($path, 'nosql');
$result = false;
$query = "SELECT owner, token, expires, exclusivelock\n FROM locks\n WHERE path = '%s' ";
$query = $filter->preventSqlInjection($query, array($path));
$res = mysql_query($query);
if ($res) {
$row = mysql_fetch_array($res);
mysql_free_result($res);
if ($row) {
$result = array("type" => "write", "scope" => $row["exclusivelock"] ? "exclusive" : "shared", "depth" => 0, "owner" => $row['owner'], "token" => $row['token'], "expires" => $row['expires']);
}
}
return $result;
}示例2: testMySQLconnection
/**
* Privates functions section, non callable by http request
*/
private function testMySQLconnection ()
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$info = new StdClass();
$info->result = false;
$info->message = '';
if (! function_exists( "mysql_connect" )) {
$info->message = G::LoadTranslation('ID_PHP_MYSQL_NOT _INSTALL');
return $info;
}
$db_hostname = $_REQUEST['db_hostname'];
$db_hostname = $filter->validateInput($db_hostname);
$db_port = $_REQUEST['db_port'];
$db_port = $filter->validateInput($db_port);
$db_username = $_REQUEST['db_username'];
$db_username = $filter->validateInput($db_username);
$db_password = $_REQUEST['db_password'];
$db_password = $filter->validateInput($db_password);
$fp = @fsockopen( $db_hostname, $db_port, $errno, $errstr, 30 );
if (! $fp) {
$info->message .= G::LoadTranslation('ID_CONNECTION_ERROR', SYS_LANG, Array("$errstr ($errno)"));
return $info;
}
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mysql_connect( $db_host, $db_username, $db_password );
if (! $link) {
$info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG');
return $info;
}
$db_username = $filter->validateInput($db_username, 'nosql');
$db_hostname = $filter->validateInput($db_hostname, 'nosql');
$query = "SELECT * FROM `information_schema`.`USER_PRIVILEGES` where (GRANTEE = \"'%s'@'%s'\" OR GRANTEE = \"'%s'@'%%'\") ";
$query = $filter->preventSqlInjection($query, array($db_username, $db_hostname, $db_username));
$res = @mysql_query( $query, $link );
$row = @mysql_fetch_array( $res );
$hasSuper = is_array( $row );
@mysql_free_result( $res );
@mysql_close( $link );
if (! $hasSuper) {
$info->message .= G::LoadTranslation('ID_CONNECTION_ERROR_PRIVILEGE', SYS_LANG, Array($db_username));
return $info;
}
$info->message .= G::LoadTranslation('ID_MYSQL_SUCCESS_CONNECT');
//.........这里部分代码省略.........
示例3: testConnection
function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName = "")
{
if ($port == 'none' || $port == '' || $port == 0) {
//setting defaults ports
switch ($type) {
case 'mysql':
$port = 3306;
break;
case 'pgsql':
$port = 5432;
break;
case 'mssql':
$port = 1433;
break;
case 'oracle':
$port = 1521;
break;
}
}
G::LoadClass('net');
$Server = new NET($server);
G::LoadSystem('inputfilter');
$filter = new InputFilter();
if ($Server->getErrno() == 0) {
$Server->scannPort($port);
if ($Server->getErrno() == 0) {
$Server->loginDbServer($user, $passwd);
$Server->setDataBase($dbName, $port);
if ($Server->errno == 0) {
$response = $Server->tryConnectServer($type);
if ($response->status == 'SUCCESS') {
if ($Server->errno == 0) {
$message = "";
$response = $Server->tryConnectServer($type);
$server = $filter->validateInput($server);
$user = $filter->validateInput($user);
$passwd = $filter->validateInput($passwd);
$connDatabase = @mysql_connect($server, $user, $passwd);
$dbNameTest = "PROCESSMAKERTESTDC";
$dbNameTest = $filter->validateInput($dbNameTest, 'nosql');
$query = "CREATE DATABASE %s";
$query = $filter->preventSqlInjection($query, array($dbNameTest), $connDatabase);
$db = @mysql_query($query, $connDatabase);
$success = false;
if (!$db) {
$message = mysql_error();
} else {
$usrTest = "wfrbtest";
$chkG = "GRANT ALL PRIVILEGES ON `%s`.* TO %s@'%%' IDENTIFIED BY 'sample' WITH GRANT OPTION";
$chkG = $filter->preventSqlInjection($chkG, array($dbNameTest, $usrTest), $connDatabase);
$ch = @mysql_query($chkG, $connDatabase);
if (!$ch) {
$message = mysql_error();
} else {
$sqlCreateUser = "CREATE USER '%s'@'%%' IDENTIFIED BY '%s'";
$user = $filter->validateInput($user, 'nosql');
$sqlCreateUser = $filter->preventSqlInjection($sqlCreateUser, array($user . "_usertest", "sample"), $connDatabase);
$result = @mysql_query($sqlCreateUser, $connDatabase);
if (!$result) {
$message = mysql_error();
} else {
$success = true;
$message = G::LoadTranslation('ID_SUCCESSFUL_CONNECTION');
}
$sqlDropUser = "DROP USER '%s'@'%%'";
$user = $filter->validateInput($user, 'nosql');
$sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($user . "_usertest"), $connDatabase);
@mysql_query($sqlDropUser, $connDatabase);
$sqlDropUser = "DROP USER %s@'%%'";
$usrTest = $filter->validateInput($usrTest, 'nosql');
$sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($usrTest), $connDatabase);
@mysql_query($sqlDropUser, $connDatabase);
}
$sqlDropDb = "DROP DATABASE %s";
$dbNameTest = $filter->validateInput($dbNameTest, 'nosql');
$sqlDropDb = $filter->preventSqlInjection($sqlDropDb, array($dbNameTest), $connDatabase);
@mysql_query($sqlDropDb, $connDatabase);
}
return array($success, $message != "" ? $message : $Server->error);
} else {
return array(false, $Server->error);
}
} else {
return array(false, $Server->error);
}
} else {
return array(false, $Server->error);
}
} else {
return array(false, $Server->error);
}
} else {
return array(false, $Server->error);
}
}示例4: PROPPATCH
/**
* PROPPATCH method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function PROPPATCH(&$options)
{
global $prefs, $tab;
$msg = "";
$path = $options["path"];
$dir = dirname($path) . "/";
$base = basename($path);
if (!class_exists('G')) {
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$docuroot = explode('/', $realdocuroot);
array_pop($docuroot);
$pathhome = implode('/', $docuroot) . '/';
array_pop($docuroot);
$pathTrunk = implode('/', $docuroot) . '/';
require_once $pathTrunk . 'gulliver/system/class.g.php';
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
foreach ($options["props"] as $key => $prop) {
if ($prop["ns"] == "DAV:") {
$options["props"][$key]['status'] = "403 Forbidden";
} else {
if (isset($prop["val"])) {
$query = "REPLACE INTO properties SET path = '%s', name = '%s', ns= '%s', value = '%s'";
$query = $filter->preventSqlInjection($query, array($options['path'], $prop['name'], $prop['ns'], $prop['val']));
error_log($query);
} else {
$query = "DELETE FROM properties WHERE path = '%s' AND name = '%s' AND ns = '%s'";
$query = $filter->preventSqlInjection($query, array($options['path'], $prop['name'], $prop['ns']));
}
mysql_query($query);
}
}
return "";
}示例5: initIndexes
/** Loads the indexes for this table. */
protected function initIndexes()
{
include_once 'creole/metadata/IndexInfo.php';
// columns have to be loaded first
if (!$this->colsLoaded) {
$this->initColumns();
}
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$docuroot = explode('/', $realdocuroot);
array_pop($docuroot);
$pathhome = implode('/', $docuroot) . '/';
array_pop($docuroot);
$pathTrunk = implode('/', $docuroot) . '/';
require_once $pathTrunk . 'gulliver/system/class.inputfilter.php';
$filter = new InputFilter();
$sql = "PRAGMA index_list('" . $this->name . "')";
$res = sqlite_query($this->conn->getResource(), $sql);
while ($row = sqlite_fetch_array($res, SQLITE_ASSOC)) {
$name = $row['name'];
$name = $filter->validateInput($name);
$this->indexes[$name] = new IndexInfo($name);
// get columns for that index
$query = "PRAGMA index_info('{$name}')";
$res2 = sqlite_query($this->conn->getResource(), $filter->preventSqlInjection($query));
while ($row2 = sqlite_fetch_array($res2, SQLITE_ASSOC)) {
$colname = $row2['name'];
$this->indexes[$name]->addColumn($this->columns[$colname]);
}
}
$this->indexesLoaded = true;
}示例6: isConnected
public function isConnected()
{
if (!$this->oConnection) {
return false;
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$query = $filter->preventSqlInjection("USE %s", array($this->sDataBase));
return $this->executeQuery($query);
}示例7: initPrimaryKey
/** Loads the primary keys for this table. */
protected function initPrimaryKey()
{
include_once 'creole/metadata/PrimaryKeyInfo.php';
// columns have to be loaded first
if (!$this->colsLoaded) {
$this->initColumns();
}
// Primary Keys
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$docuroot = explode('/', $realdocuroot);
array_pop($docuroot);
$pathhome = implode('/', $docuroot) . '/';
array_pop($docuroot);
$pathTrunk = implode('/', $docuroot) . '/';
require_once $pathTrunk . 'gulliver/system/class.inputfilter.php';
$filter = new InputFilter();
$this->oid = $filter->validateInput($this->oid);
$query = "SELECT\n\t\t\t\t\t\t\t\t\t\t\t\t\t DISTINCT ON(cls.relname)\n\t\t\t\t\t\t\t\t\t\t\t\t\t cls.relname as idxname,\n\t\t\t\t\t\t\t\t\t\t\t\t\t indkey,\n\t\t\t\t\t\t\t\t\t\t\t\t\t indisunique\n\t\t\t\t\t\t\t\t\t\t\t\t\tFROM pg_index idx\n\t\t\t\t\t\t\t\t\t\t\t\t\t JOIN pg_class cls ON cls.oid=indexrelid\n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE indrelid = %s AND indisprimary\n\t\t\t\t\t\t\t\t\t\t\t\t\tORDER BY cls.relname";
$result = pg_query($this->conn->getResource(), sprintf($filter->preventSqlInjection($query), $this->oid));
if (!$result) {
throw new SQLException("Could not list primary keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
}
// Loop through the returned results, grouping the same key_name together
// adding each column for that key.
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$docuroot = explode('/', $realdocuroot);
array_pop($docuroot);
$pathhome = implode('/', $docuroot) . '/';
array_pop($docuroot);
$pathTrunk = implode('/', $docuroot) . '/';
require_once $pathTrunk . 'gulliver/system/class.inputfilter.php';
$filter = new InputFilter();
$this->oid = $filter->validateInput($this->oid);
while ($row = pg_fetch_assoc($result)) {
$arrColumns = explode(' ', $row['indkey']);
foreach ($arrColumns as $intColNum) {
$intColNum = $filter->validateInput($intColNum, 'int');
$query = "SELECT a.attname\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tORDER BY a.attnum";
$result2 = pg_query($this->conn->getResource(), sprintf($filter->preventSqlInjection($query), $this->oid, $intColNum));
if (!$result2) {
throw new SQLException("Could not list indexes keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
}
$row2 = pg_fetch_assoc($result2);
if (!isset($this->primaryKey)) {
$this->primaryKey = new PrimaryKeyInfo($row2['attname']);
}
$this->primaryKey->addColumn($this->columns[$row2['attname']]);
}
// foreach ($arrColumns as $intColNum)
}
$this->pkLoaded = true;
}