本文整理汇总了PHP中SQL::quote_smart方法的典型用法代码示例。如果您正苦于以下问题:PHP SQL::quote_smart方法的具体用法?PHP SQL::quote_smart怎么用?PHP SQL::quote_smart使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SQL的用法示例。
在下文中一共展示了SQL::quote_smart方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: forum_do_edit_stick
function forum_do_edit_stick(&$sqlm)
{
global $forum_lang, $user_lvl, $mmfpm_db;
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
if ($user_lvl == 0) {
error($forum_lang['no_access']);
}
if (!isset($_GET['id'])) {
error($forum_lang['no_such_topic']);
} else {
$id = $sqlm->quote_smart($_GET['id']);
}
if (!isset($_GET['state'])) {
error('Bad request, please mail admin and describe what you did to get this error.');
} else {
$state = $sqlm->quote_smart($_GET['state']);
}
$sqlm->query('
UPDATE mm_forum_posts
SET sticked = ' . $state . '
WHERE id = ' . $id . '');
$sqlm->close();
redirect('forum.php?action=view_topic&id=' . $id . '');
// Queries : 1
}示例2: search
function search()
{
global $lang_global, $lang_mail, $output, $itemperpage, $item_datasite, $mangos_db, $characters_db, $realm_id, $sql_search_limit;
wowhead_tt();
if (!isset($_GET['search_value']) || !isset($_GET['search_by'])) {
redirect("mail_on.php?error=2");
}
$sql = new SQL();
$sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$search_value = $sql->quote_smart($_GET['search_value']);
$search_by = $sql->quote_smart($_GET['search_by']);
$search_menu = array('sender', 'receiver');
// if (!array_key_exists($search_by, $search_menu)) $search_by = 'sender';
$start = isset($_GET['start']) ? $sql->quote_smart($_GET['start']) : 0;
$order_by = isset($_GET['order_by']) ? $sql->quote_smart($_GET['order_by']) : "id";
$dir = isset($_GET['dir']) ? $sql->quote_smart($_GET['dir']) : 1;
$order_dir = $dir ? "ASC" : "DESC";
$dir = $dir ? 0 : 1;
$temp = $sql->query("SELECT guid FROM `characters` WHERE name like '%{$search_value}%'");
$search_value = $sql->result($temp, 0, 'guid');
$query_1 = $sql->query("SELECT count(*) FROM `mail`");
$query = $sql->query("SELECT a.id, a.messageType, a.sender, a.receiver, a.subject, a.itemTextId, a.has_items, a.money, a.cod, a.checked, b.item_template\r\n FROM mail a\r\n INNER JOIN mail_items b ON a.id = b.mail_id\r\n WHERE {$search_by} = {$search_value}\r\n ORDER BY {$order_by} {$order_dir} LIMIT {$start}, {$itemperpage}");
$this_page = $sql->num_rows($query);
$all_record = $sql->result($query_1, 0);
$total_found = $sql->num_rows($query);
//==========================top page navigation starts here========================
$output .= "<center><table class=\"top_hidden\">\r\n <tr><td>\r\n <table class=\"hidden\">\r\n <tr><td>\r\n <form action=\"mail_on.php\" method=\"get\" name=\"form\">\r\n <input type=\"hidden\" name=\"action\" value=\"search\" />\r\n <input type=\"hidden\" name=\"error\" value=\"4\" />\r\n <input type=\"text\" size=\"45\" name=\"search_value\" />\r\n <select name=\"search_by\">\r\n <option value=\"sender\">Sender</option>\r\n <option value=\"receiver\">Receiver</option>\r\n </select></form></td><td>";
makebutton($lang_global['search'], "javascript:do_submit()", 80);
$output .= "</td></tr></table>\r\n <td align=\"right\">";
$output .= generate_pagination("mail_on.php?action=search&order_by={$order_by}&dir=" . !$dir, $all_record, $itemperpage, $start);
$output .= "</td></tr></table>";
//==========================top page navigation ENDS here ========================
$output .= "<table class=\"lined\">\r\n <tr>\r\n <th width=\"5%\">" . $lang_mail['id'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['mail_type'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['sender'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['receiver'] . "</th>\r\n <th width=\"15%\">" . $lang_mail['subject'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['has_items'] . "</th>\r\n <th width=\"25%\">" . $lang_mail['text'] . "</th>\r\n <th width=\"20%\">" . $lang_mail['money'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['checked'] . "</th>\r\n </tr>";
while ($mail = $sql->fetch_array($query)) {
$g = floor($mail[7] / 10000);
$mail[7] -= $g * 10000;
$s = floor($mail[7] / 100);
$mail[7] -= $s * 100;
$c = $mail[7];
$money = "";
if ($mail[7] > 0) {
$money = $g . "<img src=\"./img/gold.gif\" /> " . $s . "<img src=\"./img/silver.gif\" /> " . $c . "<img src=\"./img/copper.gif\" /> ";
}
$output .= "<tr valign=top>\r\n <td>{$mail['0']}</td>\r\n <td>" . get_mail_source($mail[1]) . "</td>\r\n <td><a href=\"char.php?id={$mail['2']}\">" . get_char_name($mail[2]) . "</a></td>\r\n <td><a href=\"char.php?id={$mail['3']}\">" . get_char_name($mail[3]) . "</a></td>\r\n <td>{$mail['4']}</td>\r\n ";
$output .= "<td>";
$output .= "\r\n <a style=\"padding:2px;\" href=\"{$item_datasite}{$mail[10]}\" target=\"_blank\">\r\n <img class=\"bag_icon\" src=\"" . get_item_icon($mail[10]) . "\" alt=\"\" />\r\n </a>";
//maketooltip("<img src=\"./img/up.gif\" alt=\"\">", $item_datasite{$mail[10]}, $mail[10], "item_tooltip", "target=\"_blank\"");
$output .= "</td>";
$output .= "<td>" . get_mail_text($mail[5]) . "</td>\r\n <td>{$money}</td>\r\n <td>" . get_check_state($mail[9]) . "</td>\r\n </tr>";
}
/*--------------------------------------------------*/
$output .= "<tr><td colspan=\"6\" class=\"hidden\" align=\"right\">All Mails: {$all_record}</td></tr>\r\n </table></center>";
$sql->close();
}示例3: do_add_entry
function do_add_entry()
{
global $realm_db, $user_name, $output, $action_permission, $user_lvl;
valid_login($action_permission['insert']);
if (empty($_GET['ban_type']) || empty($_GET['entry']) || empty($_GET['bantime'])) {
redirect("banned.php?error=1&action=add_entry");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$ban_type = $sqlr->quote_smart($_GET['ban_type']);
$entry = $sqlr->quote_smart($_GET['entry']);
if ($ban_type == "account_banned") {
$result1 = $sqlr->query("SELECT id FROM account WHERE username ='{$entry}'");
if (!$sqlr->num_rows($result1)) {
redirect("banned.php?error=4&action=add_entry");
} else {
$entry = $sqlr->result($result1, 0, 'id');
}
}
$bantime = time() + 3600 * $sqlr->quote_smart($_GET['bantime']);
$banreason = isset($_GET['banreason']) && $_GET['banreason'] != '' ? $sqlr->quote_smart($_GET['banreason']) : "none";
if ($ban_type === "account_banned") {
$result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$entry}'");
if (!$sqlr->result($result, 0)) {
$sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}', 1)");
}
} else {
$sqlr->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}')");
}
if ($sqlr->affected_rows()) {
redirect("banned.php?error=3&ban_type={$ban_type}");
} else {
redirect("banned.php?error=2&ban_type={$ban_type}");
}
}示例4: backup_user
function backup_user(&$sqlr, &$sqlc)
{
global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $backup_dir, $action_permission;
valid_login($action_permission['insert']);
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
if (isset($_GET['check'])) {
$check = $sqlr->quote_smart($_GET['check']);
} else {
redirect("accounts.php?error=1");
}
require_once "libs/tab_lib.php";
$subdir = "{$backup_dir}/accounts/" . date("m_d_y_H_i_s") . "_partial";
mkdir($subdir, 0777);
for ($t = 0; $t < count($check); $t++) {
if ($check[$t] != "") {
$query = $sqlr->query("SELECT id FROM account WHERE id = {$check[$t]}");
$acc = $sqlr->fetch_array($query);
$file_name_new = $acc[0] . "_{$realm_db['name']}.sql";
$fp = fopen("{$subdir}/{$file_name_new}", 'w') or die($lang_backup['file_write_err']);
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$realm_db['name']};\n\n") or die($lang_backup['file_write_err']);
foreach ($tab_backup_user_realmd as $value) {
$acc_query = $sqlr->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$acc['0']}");
$num_fields = $sqlr->num_fields($acc_query);
$numrow = $sqlr->num_rows($acc_query);
$result = "-- Dumping data for {$value['0']} " . date("m.d.y_H.i.s") . "\n";
$result .= "LOCK TABLES {$value['0']} WRITE;\n";
$result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$acc['0']};\n";
if ($numrow) {
$result .= "INSERT INTO {$value['0']} (";
for ($count = 0; $count < $num_fields; $count++) {
$result .= "`" . $sqlr->field_name($acc_query, $count) . "`";
if ($count < $num_fields - 1) {
$result .= ",";
}
}
$result .= ") VALUES \n";
for ($i = 0; $i < $numrow; $i++) {
$result .= "\t(";
$row = $sqlr->fetch_row($acc_query);
for ($j = 0; $j < $num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
$row[$j] = ereg_replace("\n", "\\n", $row[$j]);
if (isset($row[$j])) {
if ($sqlr->field_type($acc_query, $j) == "int") {
$result .= "{$row[$j]}";
} else {
$result .= "'{$row[$j]}'";
}
} else {
$result .= "''";
}
if ($j < $num_fields - 1) {
$result .= ",";
}
}
if ($i < $numrow - 1) {
$result .= "),\n";
}
}
$result .= ");\n";
}
$result .= "UNLOCK TABLES;\n";
$result .= "\n";
fwrite($fp, $result) or die(error($lang_backup['file_write_err']));
}
fclose($fp);
foreach ($characters_db as $db) {
$file_name_new = $acc[0] . "_{$db[$realm_id]['name']}.sql";
$fp = fopen("{$subdir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err']));
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db[$realm_id]['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$db[$realm_id]['name']};\n\n") or die(error($lang_backup['file_write_err']));
$all_char_query = $sqlc->query("SELECT guid,name FROM `characters` WHERE account = {$acc['0']}");
while ($char = $sqlc->fetch_array($all_char_query)) {
fwrite($fp, "-- Dumping data for character {$char['1']}\n") or die(error($lang_backup['file_write_err']));
foreach ($tab_backup_user_characters as $value) {
$char_query = $sqlc->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$char['0']}");
$num_fields = $sqlc->num_fields($char_query);
$numrow = $sqlc->num_rows($char_query);
$result = "LOCK TABLES {$value['0']} WRITE;\n";
$result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$char['0']};\n";
if ($numrow) {
$result .= "INSERT INTO {$value['0']} (";
for ($count = 0; $count < $num_fields; $count++) {
$result .= "`" . $sqlc->field_name($char_query, $count) . "`";
if ($count < $num_fields - 1) {
$result .= ",";
}
}
$result .= ") VALUES \n";
for ($i = 0; $i < $numrow; $i++) {
$result .= "\t(";
$row = $sqlc->fetch_row($char_query);
for ($j = 0; $j < $num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
$row[$j] = ereg_replace("\n", "\\n", $row[$j]);
if (isset($row[$j])) {
if ($sqlc->field_type($char_query, $j) == "int") {
$result .= "{$row[$j]}";
//.........这里部分代码省略.........
示例5: instances
function instances()
{
global $output, $lang_instances, $realm_id, $world_db, $mmfpm_db, $itemperpage;
$sqlw = new SQL();
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
//-------------------SQL Injection Prevention--------------------------------
// this page has multipage support and field ordering, so we need these
$start = isset($_GET['start']) ? $sqlw->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$order_by = isset($_GET['order_by']) ? $sqlw->quote_smart($_GET['order_by']) : 'levelMin';
if (preg_match('/^[_[:lower:]]{1,11}$/', $order_by)) {
} else {
$order_by = 'levelMin';
}
$dir = isset($_GET['dir']) ? $sqlw->quote_smart($_GET['dir']) : 1;
if (preg_match('/^[01]{1}$/', $dir)) {
} else {
$dir = 1;
}
$order_dir = $dir ? 'ASC' : 'DESC';
$dir = $dir ? 0 : 1;
//-------------------SQL Injection Prevention--------------------------------
// for multipage support
$all_record = $sqlw->result($sqlw->query('SELECT count(*) FROM instance_template'), 0);
// main data that we need for this page, instances
$result = $sqlw->query('
SELECT map, levelMin, levelMax
FROM instance_template
ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ';');
//---------------Page Specific Data Starts Here--------------------------
$output .= '
<center>
<table class="top_hidden">
<tr>
<td width="25%" align="right">';
// multi page links
$output .= $lang_instances['total'] . ' : ' . $all_record . '<br /><br />' . generate_pagination('instances.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1), $all_record, $itemperpage, $start);
// column headers, with links for sorting
$output .= '
</td>
</tr>
</table>
<table class="lined">
<tr>
<th width="20%"><a href="instances.php?order_by=map&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'map' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_instances['map'] . '</a></th>
<th width="5%"><a href="instances.php?order_by=levelMin&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'levelMin' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_instances['level_min'] . '</a></th>
<th width="5%"><a href="instances.php?order_by=levelMax&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'levelMax' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_instances['level_max'] . '</a></th>
<th width="20%">' . $lang_instances['area'] . '</th>
<th width="10%">' . $lang_instances['type'] . '</th>
<th width="5%">' . $lang_instances['expansion'] . '</th>
<th width="5%">' . $lang_instances['ppl'] . '</th>
</tr>';
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
while ($instances = $sqlw->fetch_assoc($result)) {
$output .= '
<tr valign="top">
<td>' . get_map_name($instances['map'], $sqlm) . '</td>
<td>' . char_get_level_color($instances['levelMin']) . '</td>
<td>' . char_get_level_color($instances['levelMax']) . '</td>
<td>' . get_map_zone($instances['map'], $sqlm) . '</td>
<td>' . get_map_type($instances['map'], $sqlm) . '</td>
<td>' . get_map_exp($instances['map'], $sqlm) . '</td>
<td>' . get_map_ppl($instances['map'], $sqlm) . '</td>
</tr>';
}
unset($reset);
unset($hours);
unset($days);
unset($instances);
unset($result);
$output .= '
</table>
<table class="top_hidden">
<tr>
<td width="25%" align="right">';
// multi page links
$output .= $lang_instances['total'] . ' : ' . $all_record . '<br /><br />' . generate_pagination('instances.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1), $all_record, $itemperpage, $start);
unset($start);
$output .= '
</td>
</tr>
</table>
</center>';
}示例6: del_guild
function del_guild()
{
global $lang_guild, $lang_global, $output, $characters_db, $realm_id, $realm_db, $action_permission, $user_lvl, $user_id;
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
if (empty($_GET['realm'])) {
$realmid = $realm_id;
} else {
$realmid = $sqlr->quote_smart($_GET['realm']);
if (!is_numeric($realmid)) {
$realmid = $realm_id;
}
}
if (isset($_GET['id'])) {
$id = $_GET['id'];
} else {
redirect("guild.php?error=1&realm={$realmid}");
}
if (is_numeric($id)) {
} else {
redirect("guild.php?error=5&realm={$realmid}");
}
$sqlc = new SQL();
$sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']);
$q_amIguildleader = $sqlc->query("select 1 from guild where guildid = '{$id}' and leaderguid in (select guid from characters where account = '{$user_id}')");
$amIguildleader = $sqlc->result($q_amIguildleader, 0, '1');
if ($user_lvl < $action_permission['delete'] && !$amIguildleader) {
redirect("guild.php?error=6&realm={$realmid}");
}
$output .= "\r\n <center>\r\n <h1><font class=\"error\">{$lang_global['are_you_sure']}</font></h1>\r\n <br />\r\n <font class=\"bold\">{$lang_guild['guild_id']}: {$id} {$lang_global['will_be_erased']}</font>\r\n <br /><br />\r\n <form action=\"cleanup.php?action=docleanup\" method=\"post\" name=\"form\">\r\n <input type=\"hidden\" name=\"type\" value=\"guild\" />\r\n <input type=\"hidden\" name=\"check\" value=\"-{$id}\" />\r\n <input type=\"hidden\" name=\"override\" value=\"1\" />\r\n <table class=\"hidden\">\r\n <tr>\r\n <td>";
makebutton($lang_global['yes'], "javascript:do_submit()\" type=\"wrn", 130);
$output .= "\r\n </td>\r\n <td>";
makebutton($lang_global['no'], "guild.php?action=view_guild&realm={$realmid}&id={$id}\" type=\"def", 130);
$output .= '
</td>
</tr>
</table>
</form>
</center>
<br />';
}示例7: saveserver
function saveserver()
{
global $corem_db;
$sqlm = new SQL();
$sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]);
$server_id = $sqlm->quote_smart($_GET["index"]);
$new_server_id = $sqlm->quote_smart($_GET["new_index"]);
$server_name = $sqlm->quote_smart($_GET["server_name"]);
$server_hosti = $sqlm->quote_smart($_GET["server_hosti"]);
$server_hostp = $sqlm->quote_smart($_GET["server_hostp"]);
$server_port = $sqlm->quote_smart($_GET["server_port"]);
$server_telnet_port = isset($_GET["server_telnet_port"]) ? $sqlm->quote_smart($_GET["server_telnet_port"]) : NULL;
$server_telnet_user = isset($_GET["server_telnet_user"]) ? strtoupper($sqlm->quote_smart($_GET["server_telnet_user"])) : NULL;
$server_telnet_pass = isset($_GET["server_telnet_pass"]) ? $sqlm->quote_smart($_GET["server_telnet_pass"]) : NULL;
$server_type = $sqlm->quote_smart($_GET["server_type"]);
$server_color = $sqlm->quote_smart($_GET["server_color"]);
$server_timezone = $sqlm->quote_smart($_GET["server_timezone"]);
$server_factions = isset($_GET["server_both"]) ? 1 : 0;
$server_stats = isset($_GET["server_stats"]) ? $sqlm->quote_smart($_GET["server_stats"]) : NULL;
$result = $sqlm->query("UPDATE config_servers SET `Index`='" . $new_server_id . "', Address='" . $server_hosti . "', Port='" . $server_port . "', Telnet_Port='" . $server_telnet_port . "', Telnet_User='" . $server_telnet_user . "', Telnet_Pass='" . $server_telnet_pass . "', Both_Factions='" . $server_factions . "', Stats_XML='" . $server_stats . "', Name='" . $server_name . "', External_Address='" . $server_hostp . "', Port='" . $server_port . "', Icon='" . $server_type . "', Color='" . $server_color . "', Timezone='" . $server_timezone . "' WHERE `Index`='" . $server_id . "'");
redirect("admin.php?section=servers");
}示例8: do_update
function do_update()
{
global $world_db, $realm_id, $action_permission, $user_lvl, $locales_search_option;
// on update, use replace.. and else insert
if ($_POST['insert'] == "1") {
if ($user_lvl < $action_permission['insert']) {
redirect("creature.php?error=9");
}
$db_action_creature = "INSERT";
} else {
if ($user_lvl < $action_permission['update']) {
redirect("creature.php?error=9");
}
$db_action_creature = "REPLACE";
}
//($del_trainer_spell || $del_loot_items || $del_skin_items || $del_pp_items || $del_questrelation || $del_involvedrelation || $del_vendor_item ) &&
if ($user_lvl < $action_permission['delete']) {
redirect("creature.php?error=9");
}
$deplang = get_lang_id();
if (!isset($_POST['entry']) || $_POST['entry'] === '') {
redirect("creature.php?error=1");
}
$sql = new SQL();
$sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$entry = $sql->quote_smart($_POST['entry']);
if (isset($_POST['difficulty_entry_1']) && $_POST['difficulty_entry_1'] != '') {
$difficulty_entry_1 = $sql->quote_smart($_POST['difficulty_entry_1']);
} else {
$difficulty_entry_1 = 0;
}
if (isset($_POST['modelid1']) && $_POST['modelid2'] != '') {
$modelid1 = $sql->quote_smart($_POST['modelid1']);
} else {
$modelid1 = 0;
}
if (isset($_POST['modelid3']) && $_POST['modelid3'] != '') {
$modelid3 = $sql->quote_smart($_POST['modelid3']);
} else {
$modelid3 = 0;
}
if (isset($_POST['name']) && $_POST['name'] != '') {
$name = $sql->quote_smart($_POST['name']);
} else {
$name = "";
}
if (isset($_POST['subname']) && $_POST['subname'] != '') {
$subname = $sql->quote_smart($_POST['subname']);
} else {
$subname = "";
}
if (isset($_POST['minlevel']) && $_POST['minlevel'] != '') {
$minlevel = $sql->quote_smart($_POST['minlevel']);
} else {
$minlevel = 0;
}
if (isset($_POST['maxlevel']) && $_POST['maxlevel'] != '') {
$maxlevel = $sql->quote_smart($_POST['maxlevel']);
} else {
$maxlevel = 0;
}
if (isset($_POST['faction_A']) && $_POST['faction_A'] != '') {
$faction_A = $sql->quote_smart($_POST['faction_A']);
} else {
$faction_A = 0;
}
if (isset($_POST['faction_H']) && $_POST['faction_H'] != '') {
$faction_H = $sql->quote_smart($_POST['faction_H']);
} else {
$faction_H = 0;
}
if (isset($_POST['npcflag'])) {
$npcflag = $sql->quote_smart($_POST['npcflag']);
} else {
$npcflag = 0;
}
if (isset($_POST['speed_walk']) && $_POST['speed_walk'] != '') {
$speed_walk = $sql->quote_smart($_POST['speed_walk']);
} else {
$speed_walk = 0;
}
if (isset($_POST['rank']) && $_POST['rank'] != '') {
$rank = $sql->quote_smart($_POST['rank']);
} else {
$rank = 0;
}
if (isset($_POST['mindmg']) && $_POST['mindmg'] != '') {
$mindmg = $sql->quote_smart($_POST['mindmg']);
} else {
$mindmg = 0;
}
if (isset($_POST['maxdmg']) && $_POST['maxdmg'] != '') {
$maxdmg = $sql->quote_smart($_POST['maxdmg']);
} else {
$maxdmg = 0;
}
if (isset($_POST['dmgschool']) && $_POST['dmgschool'] != '') {
$dmgschool = $sql->quote_smart($_POST['dmgschool']);
} else {
$dmgschool = 0;
//.........这里部分代码省略.........
示例9: do_update
function do_update()
{
global $world_db, $realm_id, $action_permission, $user_lvl;
valid_login($action_permission['update']);
if (!isset($_POST['type']) || $_POST['type'] === '') {
redirect("item.php?error=1");
}
if (!isset($_POST['entry']) || $_POST['entry'] === '') {
redirect("item.php?error=1");
}
$sql = new SQL();
$sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$entry = $sql->quote_smart($_POST['entry']);
if (isset($_POST['class']) && $_POST['class'] != '') {
$class = $sql->quote_smart($_POST['class']);
} else {
$class = 0;
}
if (isset($_POST['subclass']) && $_POST['subclass'] != '') {
$subclass = $sql->quote_smart($_POST['subclass']);
} else {
$subclass = 0;
}
if (isset($_POST['name']) && $_POST['name'] != '') {
$name = $sql->quote_smart($_POST['name']);
} else {
$name = 0;
}
if (isset($_POST['displayid']) && $_POST['displayid'] != '') {
$displayid = $sql->quote_smart($_POST['displayid']);
} else {
$displayid = 0;
}
if (isset($_POST['Quality']) && $_POST['Quality'] != '') {
$Quality = $sql->quote_smart($_POST['Quality']);
} else {
$Quality = 0;
}
if (isset($_POST['Flags']) && $_POST['Flags'] != '') {
$Flags = $sql->quote_smart($_POST['Flags']);
} else {
$Flags = 0;
}
if (isset($_POST['BuyCount']) && $_POST['BuyCount'] != '') {
$BuyCount = $sql->quote_smart($_POST['BuyCount']);
} else {
$BuyCount = 0;
}
if (isset($_POST['BuyPrice']) && $_POST['BuyPrice'] != '') {
$BuyPrice = $sql->quote_smart($_POST['BuyPrice']);
} else {
$BuyPrice = 0;
}
if (isset($_POST['SellPrice']) && $_POST['SellPrice'] != '') {
$SellPrice = $sql->quote_smart($_POST['SellPrice']);
} else {
$SellPrice = 0;
}
if (isset($_POST['InventoryType']) && $_POST['InventoryType'] != '') {
$InventoryType = $sql->quote_smart($_POST['InventoryType']);
} else {
$AllowableClass = 0;
}
if (isset($_POST['AllowableClass'])) {
$AllowableClass = $sql->quote_smart($_POST['AllowableClass']);
} else {
$AllowableClass = -1;
}
if (isset($_POST['AllowableRace'])) {
$AllowableRace = $sql->quote_smart($_POST['AllowableRace']);
} else {
$AllowableRace = -1;
}
if (isset($_POST['ItemLevel']) && $_POST['ItemLevel'] != '') {
$ItemLevel = $sql->quote_smart($_POST['ItemLevel']);
} else {
$ItemLevel = 1;
}
if (isset($_POST['RequiredLevel']) && $_POST['RequiredLevel'] != '') {
$RequiredLevel = $sql->quote_smart($_POST['RequiredLevel']);
} else {
$RequiredLevel = 0;
}
if (isset($_POST['RequiredSkill']) && $_POST['RequiredSkill'] != '') {
$RequiredSkill = $sql->quote_smart($_POST['RequiredSkill']);
} else {
$RequiredSkill = 0;
}
if (isset($_POST['RequiredSkillRank']) && $_POST['RequiredSkillRank'] != '') {
$RequiredSkillRank = $sql->quote_smart($_POST['RequiredSkillRank']);
} else {
$RequiredSkillRank = 0;
}
if (isset($_POST['requiredspell']) && $_POST['requiredspell'] != '') {
$requiredspell = $sql->quote_smart($_POST['requiredspell']);
} else {
$requiredspell = 0;
}
if (isset($_POST['requiredhonorrank']) && $_POST['requiredhonorrank'] != '') {
$requiredhonorrank = $sql->quote_smart($_POST['requiredhonorrank']);
//.........这里部分代码省略.........
示例10: doupdate_commands
function doupdate_commands()
{
global $output, $realm_id, $world_db, $action_permission;
valid_login($action_permission['update']);
$sqlw = new SQL();
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
if (isset($_GET['change'])) {
$change = $sqlw->quote_smart($_GET['change']);
} else {
redirect('command.php?error=1');
}
$commands = array_keys($change);
$n_commands = count($change);
for ($i = 0; $i < $n_commands; ++$i) {
$query = $sqlw->query('UPDATE command SET security = ' . $change[$commands[$i]] . ' WHERE name= \'' . $commands[$i] . '\'');
}
unset($n_commands);
unset($commands);
unset($change);
redirect('command.php');
}示例11: do_pass_activate
function do_pass_activate()
{
global $lang_global, $realm_db;
if (empty($_GET['h']) || empty($_GET['p'])) {
redirect("register.php?action=pass_recovery&err=1");
}
$sql = new SQL();
$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$pass = $sql->quote_smart(trim($_GET['p']));
$hash = $sql->quote_smart($_GET['h']);
$result = $sql->query("SELECT id,username FROM account WHERE sha_pass_hash = '{$hash}'");
if ($sql->num_rows($result) == 1) {
$username = $sql->result($result, 0, 'username');
$id = $sql->result($result, 0, 'id');
if (substr(sha1(strtoupper($sql->result($result, 0, 'username'))), 0, 7) == $pass) {
$sql->query("UPDATE account SET sha_pass_hash=SHA1(CONCAT(UPPER('{$username}'),':',UPPER('{$pass}'))), v=0, s=0 WHERE id = '{$id}'");
redirect("login.php");
}
} else {
redirect("register.php?action=pass_recovery&err=1");
}
redirect("register.php?action=pass_recovery&err=1");
}示例12: SQL
<?php
require_once "header.php";
require_once "libs/char_lib.php";
valid_login($action_permission['read']);
//global $lang_honor, $lang_global, $output, $characters_db, $realm_id, $itemperpage, $realm_db;
$sql = new SQL();
$sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$start = isset($_GET['start']) ? $sql->quote_smart($_GET['start']) : 0;
$order_by = isset($_GET['order_by']) ? $sql->quote_smart($_GET['order_by']) : "honor";
$query = $sql->query("SELECT C.guid, C.name, C.race, C.class, C.totalHonorPoints AS honor , C.totalKills AS kills, C.level, C.arenaPoints AS arena, COALESCE(guild_member.guildid,0) as GNAME, C.gender FROM characters C LEFT JOIN guild_member ON C.guid = guild_member.guid WHERE race in (1,3,4,7,11) ORDER BY {$order_by} DESC LIMIT 25;");
$this_page = $sql->num_rows($query);
$output .= "\r\n <script type=\"text/javascript\">\r\n answerbox.btn_ok='{$lang_global['yes_low']}';\r\n answerbox.btn_cancel='{$lang_global['no']}';\r\n </script>\r\n <center>\r\n <fieldset style=\"width: 776px;\">\r\n <legend><img src='img/alliance.gif' /></legend>\r\n <table class=\"lined\" style=\"width: 705px;\">\r\n <tr class=\"bold\">\r\n <td colspan=\"11\">{$lang_honor['allied']} {$lang_honor['browse_honor']}</td>\r\n </tr>\r\n <tr>\r\n <th width=\"30%\">{$lang_honor['guid']}</th>\r\n <th width=\"7%\">{$lang_honor['race']}</th>\r\n <th width=\"7%\">{$lang_honor['class']}</th>\r\n <th width=\"7%\">{$lang_honor['level']}</th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor points']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=kills\"" . ($order_by == 'kills' ? " class=DESC" : "") . ">Kills</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=arena\"" . ($order_by == 'arena' ? " class=DESC" : "") . ">AP</a></th>\r\n <th width=\"30%\">{$lang_honor['guild']}</th>\r\n </tr>";
while ($char = $sql->fetch_row($query)) {
$guild_name = $sql->fetch_row($sql->query("SELECT `name` FROM `guild` WHERE `guildid`=" . $char[8] . ";"));
$output .= "\r\n <tr>\r\n <td><a href=\"char.php?id={$char['0']}\">" . htmlentities($char[1]) . "</a></td>\r\n <td><img src='img/c_icons/{$char[2]}-{$char[9]}.gif' onmousemove='toolTip(\"" . char_get_race_name($char[2]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td><img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"" . char_get_class_name($char[3]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td>" . char_get_level_color($char[6]) . "</td>\r\n <td><span onmouseover='toolTip(\"" . char_get_pvp_rank_name($char[4], char_get_side_id($char[2])) . "\",\"item_tooltip\")' onmouseout='toolTip()' style='color: white;'><img src='img/ranks/rank" . char_get_pvp_rank_id($char[4], char_get_side_id($char[2])) . ".gif'></span></td>\r\n <td>{$char['4']}</td>\r\n <td>{$char['5']}</td>\r\n <td>{$char['7']}</td>\r\n <td><a href=\"guild.php?action=view_guild&error=3&id={$char['8']}\">" . htmlentities($guild_name[0]) . "</a></td>\r\n </tr>";
}
$output .= "\r\n </table>\r\n <br />\r\n </fieldset>";
$query = $sql->query("SELECT C.guid, C.name, C.race, C.class, C.todayHonorPoints AS honor , C.totalKills AS kills, C.level, C.arenaPoints AS arena, COALESCE(guild_member.guildid,0) as GNAME, C.gender FROM characters C LEFT JOIN guild_member ON C.guid = guild_member.guid WHERE race not in (1,3,4,7,11) ORDER BY {$order_by} DESC LIMIT 25;");
$this_page = $sql->num_rows($query);
$output .= "\r\n <script type=\"text/javascript\">\r\n answerbox.btn_ok='{$lang_global['yes_low']}';\r\n answerbox.btn_cancel='{$lang_global['no']}';\r\n </script>\r\n <center>\r\n <fieldset style=\"width: 776px;\">\r\n <legend><img src='img/horde.gif' /></legend>\r\n <table class=\"lined\" style=\"width: 705px;\">\r\n <tr class=\"bold\">\r\n <td colspan=\"11\">{$lang_honor['horde']} {$lang_honor['browse_honor']}</td>\r\n </tr>\r\n <tr>\r\n <th width=\"30%\">{$lang_honor['guid']}</th>\r\n <th width=\"7%\">{$lang_honor['race']}</th>\r\n <th width=\"7%\">{$lang_honor['class']}</th>\r\n <th width=\"7%\">{$lang_honor['level']}</th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor points']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=kills\"" . ($order_by == 'kills' ? " class=DESC" : "") . ">Kills</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=arena\"" . ($order_by == 'arena' ? " class=DESC" : "") . ">AP</a></th>\r\n <th width=\"30%\">{$lang_honor['guild']}</th>\r\n </tr>";
while ($char = $sql->fetch_row($query)) {
$guild_name = $sql->fetch_row($sql->query("SELECT `name` FROM `guild` WHERE `guildid`=" . $char[8] . ";"));
$output .= "\r\n <tr>\r\n <td><a href=\"char.php?id={$char['0']}\">" . htmlentities($char[1]) . "</a></td>\r\n <td><img src='img/c_icons/{$char[2]}-{$char[9]}.gif' onmousemove='toolTip(\"" . char_get_race_name($char[2]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td><img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"" . char_get_class_name($char[3]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td>" . char_get_level_color($char[6]) . "</td>\r\n <td><span onmouseover='toolTip(\"" . char_get_pvp_rank_name($char[4], char_get_side_id($char[2])) . "\",\"item_tooltip\")' onmouseout='toolTip()' style='color: white;'><img src='img/ranks/rank" . char_get_pvp_rank_id($char[4], char_get_side_id($char[2])) . ".gif'></span></td>\r\n <td>{$char['4']}</td>\r\n <td>{$char['5']}</td>\r\n <td>{$char['7']}</td>\r\n <td><a href=\"guild.php?action=view_guild&error=3&id={$char['8']}\">" . htmlentities($guild_name[0]) . "</a></td>\r\n </tr>";
}
$output .= "\r\n </table>\r\n <br />\r\n </fieldset>";
require_once "footer.php";示例13: saveforum
function saveforum()
{
global $corem_db;
$sqlm = new SQL();
$sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]);
$forum_item = $sqlm->quote_smart($_GET["forum_item"]);
$forum = $sqlm->quote_smart($_GET["category"]);
$name = $sqlm->quote_smart($_GET["name"]);
$desc = $sqlm->quote_smart($_GET["desc"]);
$sideaccess = $sqlm->quote_smart($_GET["sideaccess"]);
$min_security_level_read = $sqlm->quote_smart($_GET["min_security_level_read"]);
$min_security_level_post = $sqlm->quote_smart($_GET["min_security_level_post"]);
$min_security_level_create_topic = $sqlm->quote_smart($_GET["min_security_level_create_topic"]);
$result = $sqlm->query("SELECT * FROM config_forums WHERE `Index`='" . $forum_item . "'");
if ($sqlm->num_rows($result)) {
$result = $sqlm->query("UPDATE config_forums SET Category='" . $forum . "', Name='" . $name . "', `Desc`='" . $desc . "', Side_Access='" . $sideaccess . "', Min_Security_Level_Read='" . $min_security_level_read . "', Min_Security_Level_Post='" . $min_security_level_post . "', Min_Security_Level_Create_Topic='" . $min_security_level_create_topic . "' WHERE `Index`='" . $forum_item . "'");
} else {
$result = $sqlm->query("INSERT INTO config_forums (Category, Name, Desc, Side_Access, Min_Security_Level_Read, Min_Security_Level_Post, Min_Security_Level_Create_Topic) VALUES ('" . $forum . "', '" . $name . "', '" . $desc . "', '" . $sideaccess . "', '" . $min_security_level_read . "', '" . $min_security_level_post . "', '" . $min_security_level_create_topic . "')");
}
redirect("admin.php?section=forum");
}示例14: forum_do_move_topic
function forum_do_move_topic(&$sqlm)
{
global $forum_lang, $forum_skeleton, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db;
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
//==========================$_POST and SECURE=================================
if (!isset($_POST['forum'])) {
error($forum_lang['no_such_forum']);
} else {
$forum = $sqlm->quote_smart($_POST['forum']);
}
if (!isset($_POST['id'])) {
error($forum_lang["no_such_topic"]);
} else {
$id = $sqlm->quote_smart($_POST['id']);
}
//==========================$_POST and SECURE end=============================
$sqlm->query('
UPDATE mm_forum_posts
SET forum = ' . $forum . '
WHERE topic = ' . $id . '');
// update topic' s last post id
redirect('forum.php?action=view_topic&id=' . $id . '');
// Queries : 1
}示例15: forum_do_edit_post
function forum_do_edit_post(&$sqlm)
{
global $forum_lang, $user_lvl, $user_name, $user_id, $mmfpm_db;
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
//==========================$_POST and SECURE=================================
if (!isset($_POST['forum'])) {
error($forum_lang["no_such_forum"]);
} else {
$forum = $sqlm->quote_smart($_POST['forum']);
}
if (!isset($_POST['post'])) {
error($forum_lang["no_such_post"]);
} else {
$post = $sqlm->quote_smart($_POST['post']);
}
if (!isset($_POST['name'])) {
$topic = 0;
} else {
$topic = 1;
// htmlspecialchars($_POST['name']);
$name = $sqlm->quote_smart($_POST['name']);
if (strlen($name) > 49) {
$sqlm->close();
error($forum_lang["name_too_long"]);
}
if (strlen($name) < 5) {
$sqlm->close();
error($forum_lang["name_too_short"]);
}
}
// $_POST['msg'] = htmlspecialchars($_POST['msg']);
$msg = trim($sqlm->quote_smart($_POST['msg']), " ");
if (strlen($msg) < 5) {
$sqlm->close();
error($forum_lang["msg_too_short"]);
}
//==========================$_POST and SECURE end==============================
$msg = str_replace('\\n', '<br />', $msg);
// $msg = str_replace('\r', '<br />', $msg);
$result = $sqlm->query('
SELECT topic
FROM mm_forum_posts
WHERE id = ' . $post . '');
$topicid = $sqlm->fetch_assoc($result);
$sqlm->query('
UPDATE mm_forum_posts
SET text = \'' . $msg . '\'
WHERE id = ' . $post . '');
if ($topic == 1) {
$sqlm->query('
UPDATE mm_forum_posts
SET name = \'' . $name . '\'
WHERE topic = ' . $topicid['topic'] . '');
}
$result = $sqlm->query('
SELECT topic
FROM mm_forum_posts
WHERE id = ' . $post . '');
$topicid = $sqlm->fetch_assoc($result);
$sqlm->close();
redirect('forum.php?action=view_topic&id=' . $topicid['topic'] . '');
// Queries : 3 (+1 if topic)
}