本文整理汇总了PHP中Security::sqlsecure方法的典型用法代码示例。如果您正苦于以下问题:PHP Security::sqlsecure方法的具体用法?PHP Security::sqlsecure怎么用?PHP Security::sqlsecure使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Security
的用法示例。
在下文中一共展示了Security::sqlsecure方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: change_issuer
function change_issuer($Ticket_Number, $issuer)
{
global $GO_SECURITY, $hlpdsk_prefix, $prefix;
$acl_read = get_cross_value("{$prefix}{$hlpdsk_prefix}_tickets", 'acl_read', "where ticket_number='{$Ticket_Number}'");
if (!$GO_SECURITY->user_in_acl($issuer, $acl_read)) {
$GO_SECURITY->add_user_to_acl($issuer, $acl_read);
}
$last_issuer_uid = Ticket::get_ticket_issuer_uid($Ticket_Number);
$new_issuer_uid = Security::sqlsecure($issuer);
if ($last_issuer_uid != $new_issuer_uid) {
$last_issuer = Security::get_uname($last_issuer_uid);
$result = Ticket::change_issuer($Ticket_Number, $new_issuer_uid);
$new_issuer = Security::get_uname($new_issuer_uid);
$comment = "Ticket re-issued from \\'{$last_issuer}\\' to: \\'{$new_issuer}\\' ";
add_task($Ticket_Number, $comment);
notify_change($Ticket_Number, $comment);
}
}
示例2: mod_globals
function mod_globals($mod_varname = FALSE, $mod_definition = FALSE, $mod_action = "show_form")
{
global $prefix, $hlpdsk_prefix, $tts, $name, $cmdOk, $admin_tabtable;
switch ($mod_action) {
case "update":
if ($mod_varname) {
$mod_varname = Security::sqlsecure($mod_varname);
$mod_definition = Security::sqlsecure($mod_definition);
$query = "update {$prefix}{$hlpdsk_prefix}_config set definition='{$mod_definition}' where varname='{$mod_varname}'";
if ($tts->query($query, $tts)) {
return TRUE;
}
}
return FALSE;
break;
case "insert":
if ($mod_varname) {
$mod_varname = Security::sqlsecure($mod_varname);
$mod_definition = Security::sqlsecure($mod_definition);
$query = "insert into {$prefix}{$hlpdsk_prefix}_config (varname,definition) values ('{$mod_varname}','{$mod_definition}')";
#echo "$query";exit();
if ($tts->query($query, $tts)) {
return TRUE;
}
}
return FALSE;
break;
case "delete":
if ($mod_varname) {
$mod_varname = Security::sqlsecure($mod_varname);
$mod_definition = Security::sqlsecure($mod_definition);
$query = "delete from {$prefix}{$hlpdsk_prefix}_config where varname='{$mod_varname}'";
if ($tts->query($query, $tts)) {
return TRUE;
}
}
return FALSE;
break;
}
$response = "<form action=\"admin.php?admin_tabtable={$admin_tabtable}&func=mod_globals\" method=POST>";
$response .= "<table border=1><tr>";
$response .= "<td><font class=content>varname<input name=mod_varname type=text></td>";
$response .= "<td><font class=content>definition<textarea name=mod_definition style=\"HEIGHT: 145px; WIDTH: 500px\"></textarea></td>" . "<td><font class=content>delete<input name=mod_action type=radio value=\"delete\"></td>" . "<td><font class=content>add<input name=mod_action type=radio value=\"insert\"></td>" . "<td><font class=content>modify<input name=mod_action type=radio value=\"update\" checked></td>";
$response .= "</tr></table>";
$button = new button();
$button_submit = $button->get_button($cmdOk, "javascript:this.form.submit();");
$response .= $button_submit . "</form>";
return $response;
}
示例3: menu
}
$my_ticket->due_date = $due_date;
$my_ticket->end_date = $end_date;
$my_ticket->post_date = $post_date;
$my_ticket->change_date = $change_date;
if (isset($_POST['complete'])) {
$my_ticket->complete = Security::sqlsecure($_POST['complete']);
}
if (isset($_POST['t_priv_msg'])) {
$my_ticket->notify_priv_msg = Security::sqlsecure($_POST['t_priv_msg']);
}
if (isset($_POST['t_email'])) {
$my_ticket->notify_email = Security::sqlsecure($_POST['t_email']);
}
if (isset($_POST['project_id'])) {
$my_ticket->project_id = Security::sqlsecure($_POST['project_id']);
}
$acl_read = $GO_SECURITY->get_new_acl('ticket read');
$acl_write = $GO_SECURITY->get_new_acl('ticket write');
$my_ticket->acl_read = $acl_read;
$my_ticket->acl_write = $acl_write;
$GO_SECURITY->add_user_to_acl($GO_SECURITY->user_id, $acl_read);
$GO_SECURITY->add_user_to_acl($my_ticket->assigned_id, $acl_write);
$my_ticket->sql_insert();
$Ticket_Number = $my_ticket->ticket_nr;
$textmenu = menu("Show_Tickets", '');
eval($textmenu);
$tabtable = new tabtable('newticket_tabtable', 'Adding new ticket ...', '100%', '400');
$tabtable->print_head();
$statusbar = new statusbar();
$statusbar->info_text = "Adding new ticket";
示例4: querydb
function querydb($extra_condition = "")
{
global $agent, $t_showall, $search, $strtosearch, $orderby, $name, $tts, $prefix, $hlpdsk_prefix, $limit, $limit_rows, $search_status, $submit, $temptime, $hlpdsk_theme, $field, $filter_field, $filter_value, $show_hidden, $hidden_check, $GO_SECURITY;
$querytext = "select * from {$prefix}{$hlpdsk_prefix}_tickets ";
if ($limit == "") {
$limit = 0;
}
if ($limit_rows == "") {
$limit_rows = -1;
}
$query_limit = " limit {$limit},{$limit_rows} ";
$query_condition = "where 1 {$extra_condition}";
$strtosearch = Security::sqlsecure($strtosearch);
if (isset($submit)) {
$search = 1;
if ($field) {
$field = Security::sqlsecure($field);
$query_condition .= " and ( {$field}='{$strtosearch}')";
} else {
$array_to_search = split(" ", $strtosearch);
$query_condition .= " and ( ";
foreach ($array_to_search as $to_search) {
$query_condition .= " (t_subject like '%{$to_search}%' or t_description like '%{$to_search}%') and";
}
$query_condition = substr($query_condition, 0, -3);
$query_condition .= " ) ";
}
}
if (is_array($search_status)) {
$search_condition = '';
foreach (array_keys($search_status) as $check_key) {
$search_condition .= "t_status={$check_key} ";
}
# show only open tickets
if (trim($search_condition) != "") {
$query_condition .= " and (" . str_replace(" ", " or ", trim($search_condition)) . ")";
}
}
if ($show_hidden == 'on') {
} else {
$query_condition .= " and t_stage=1 ";
}
if ($strtosearch) {
$search_uid = Security::get_uid("{$strtosearch}");
} else {
$search_uid = "";
}
if ($search_uid != "") {
$query_condition = "where 1 and (t_assigned='{$search_uid}' or t_from='{$search_uid}') ";
}
# FILTERS
if (isset($filter_field)) {
foreach ($filter_field as $key => $value) {
$query_condition .= " and ( {$value}='{$filter_value[$key]}') ";
}
}
# END OF SEARCH CONDITIONS
if (strcmp($orderby, "")) {
$query_order_by = " {$orderby} DESC";
} else {
$query_order_by = " order by Ticket_Number DESC";
}
#
$response_raw[0]['querytext'] = $querytext . $query_condition . $query_order_by . $query_limit;
$tts->query($response_raw[0]['querytext']);
$response_raw[0]['recordcount'] = $tts->num_rows();
$response_raw[0]['querytotal'] = $response_raw[0]['recordcount'];
if ($response_raw[0]['recordcount'] == 0) {
return serialize($response_raw);
}
$row = 1;
if (Security::is_action_allowed("view_all_tickets")) {
$tts->query($response_raw[0]['querytext']);
while ($tts->next_record()) {
$response_raw[$row]['ticket_number'] = $tts->f('ticket_number');
$response_raw[$row]['t_status'] = $tts->f('t_status');
$response_raw[$row]['t_priority'] = $tts->f('t_priority');
$response_raw[$row]['t_from'] = $tts->f('t_from');
$response_raw[$row]['t_subject'] = $tts->f('t_subject');
$response_raw[$row]['t_assigned'] = $tts->f('t_assigned');
$response_raw[$row]['t_stage'] = $tts->f('t_stage');
$response_raw[$row]['t_category'] = $tts->f('t_category');
$response_raw[$row]['post_date'] = $tts->f('post_date');
$response_raw[$row]['due_date'] = $tts->f('due_date');
$response_raw[$row]['end_date'] = $tts->f('end_date');
$response_raw[$row]['complete'] = $tts->f('complete');
$response_raw[$row]['change_date'] = $tts->f('change_date');
$response_raw[$row]['activity_id'] = $tts->f('activity_id');
$response_raw[$row]['project_id'] = $tts->f('project_id');
$row++;
}
} else {
$tts->query($response_raw[0]['querytext']);
while ($tts->next_record()) {
if ($GO_SECURITY->user_in_acl(whoami(), $tts->f('acl_read')) or $GO_SECURITY->user_in_acl(whoami(), $tts->f('acl_write'))) {
$response_raw[$row]['ticket_number'] = $tts->f('ticket_number');
$response_raw[$row]['t_status'] = $tts->f('t_status');
$response_raw[$row]['t_priority'] = $tts->f('t_priority');
$response_raw[$row]['t_from'] = $tts->f('t_from');
$response_raw[$row]['t_subject'] = $tts->f('t_subject');
//.........这里部分代码省略.........
示例5: change_activity_id
function change_activity_id($Ticket_Number, $activity_id)
{
global $tts, $user, $name, $prefix, $hlpdsk_prefix;
$activity_id = Security::sqlsecure($activity_id);
$Ticket_Number = Security::sqlsecure($Ticket_Number);
$query = "update {$prefix}{$hlpdsk_prefix}_tickets set activity_id='{$activity_id}' where ticket_number='{$Ticket_Number}'";
if ($tts->query($query)) {
return TRUE;
} else {
return FALSE;
}
}
示例6: showrecords
function showrecords()
{
global $Ticket_Number, $name, $tts, $prefix, $hlpdsk_prefix, $hlpdsk_theme, $nuke_user_table, $nuke_user_last_name_fieldname, $nuke_username_fieldname, $hours, $mins, $javascript, $nuke_user_id_fieldname, $nuke_user_first_name_fieldname, $datepicker, $cmdOk, $cmdReset, $GO_SECURITY, $acl_read, $acl_write, $GO_LANGUAGE;
require $GO_LANGUAGE->get_language_file('opentts');
$acl_read = get_cross_value("{$prefix}{$hlpdsk_prefix}_tickets", 'acl_read', "where ticket_number='{$Ticket_Number}'");
$acl_write = get_cross_value("{$prefix}{$hlpdsk_prefix}_tickets", 'acl_write', "where ticket_number='{$Ticket_Number}'");
if ($GO_SECURITY->user_in_acl(whoami(), $acl_read) or $GO_SECURITY->user_in_acl(whoami(), $acl_write) or Security::is_action_allowed("view_all_tickets")) {
$query_condition = " ";
} else {
$query_condition = " and (t_from='" . whoami() . "' or t_assigned='" . whoami() . "')";
}
$querytext = "select * from {$prefix}{$hlpdsk_prefix}_tickets where Ticket_Number='{$Ticket_Number}' {$query_condition} ";
$tts->query($querytext);
$recordcount = $tts->num_rows();
$row = 0;
if ($recordcount = 0) {
return 'missing';
}
while ($tts->next_record()) {
$post_date = $tts->f('post_date');
$due_date = $tts->f('due_date');
$end_date = $tts->f('end_date');
$complete = $tts->f('complete');
$t_from = $tts->f('t_from');
$t_stage = $tts->f('t_stage');
$t_category = $tts->f('t_category');
$t_priority = $tts->f('t_priority');
$t_subject = htmlspecialchars($tts->f('t_subject'));
$t_description = htmlspecialchars($tts->f('t_description'));
#$t_description=str_replace("\n"," <br> ",$t_description);
$t_assigned = $tts->f('t_assigned');
$t_email = $tts->f('t_email');
$t_sms = $tts->f('t_sms');
$t_status = $tts->f('t_status');
$change_date = htmlspecialchars($tts->f('change_date'));
$activity_id = $tts->f('activity_id');
$project_id = $tts->f('project_id');
$due_date = date("Y/m/d H:i", $due_date);
$end_date = date("Y/m/d H:i", $end_date);
$action_changes = $javascript;
if ($t_sms == "on") {
$t_sms = " CHECKED";
}
if ($t_email == "on") {
$t_email = " CHECKED";
}
if ($GO_SECURITY->user_in_acl(whoami(), $acl_write)) {
$button = new button();
$action_changes .= $button->get_button($cmdOk, "javascript:document.change_status.submit()");
$action_changes .= $button->get_button($cmdReset, "javascript:document.change_status.reset()");
} else {
$action_changes .= '';
}
$action_changes .= "</form></center>";
$tts_lang_ticket_number = "Ticket Number:";
$tts_lang_post_date_value = date("{$_SESSION['GO_SESSION']['date_format']} H:i", $post_date);
$fullname = opentts::get_fullname($t_from);
if (Security::is_action_allowed("imperson", 0, $acl_write)) {
$select = new select('user', 'change_status', 't_from', $t_from);
$tts_lang_issuer = $select->get_link("{$tts_lang_issuer}");
$tts_lang_issuer_value = $select->get_field();
} else {
$tts_lang_issuer_value = "{$fullname}";
}
$stage_name = Security::htmlsecure(get_cross_value("{$prefix}{$hlpdsk_prefix}_stages", "stage_name", " where stage_id='{$t_stage}'"));
$category_name = Security::htmlsecure(get_cross_value("{$prefix}{$hlpdsk_prefix}_categories", "category_name", " where category_id='{$t_category}'"));
$project_name = Security::htmlsecure(get_cross_value("{$prefix}{$hlpdsk_prefix}_projects", "project_name", " where project_id='{$project_id}'"));
$select_complete = "<select name='complete' class=textbox>" . "<option value='0' >0%</option>" . "<option value='10'>10%</option>" . "<option value='20'>20%</option>" . "<option value='30'>30%</option>" . "<option value='40'>40%</option>" . "<option value='50'>50%</option>" . "<option value='60'>60%</option>" . "<option value='70'>70%</option>" . "<option value='80'>80%</option>" . "<option value='90'>90%</option>" . "<option value='100'>100%</option>" . "</select>";
$t_assigned_name = Security::whatsmyname($t_assigned);
if (Security::is_action_allowed("change_subject", 0, $acl_write)) {
$tts_lang_subject_value = "<input name=t_subject value=\"" . Security::sqlsecure($t_subject) . "\" class=textbox max=80 size=80>";
} else {
$tts_lang_subject_value = "<input name=t_subject value=\"" . Security::sqlsecure($t_subject) . "\" class=textbox max=80 size=80 readonly>";
}
$tts_lang_description_value = "<textarea name=t_description cols=80 rows=12 class=textbox readonly>" . Security::sqlsecure($t_description) . "</textarea>";
$tts_lang_change_date_VALUE = date("{$_SESSION['GO_SESSION']['date_format']} H:i", $change_date);
$tts_lang_email = "Email {$tts_lang_issuer}: <input type=checkbox name=t_email_issuer value=1><br>Email {$tts_lang_assigned} <input type=checkbox name=t_email_agent value=1>";
$post_changes = "<form name=\"change_status\" method=\"POST\" action=\"change_ticket.php?Ticket_Number={$Ticket_Number}&func=change_status\">";
if (Security::is_action_allowed("change_project", 0, $acl_write)) {
$project_name = select_option("{$project_id}", fill_select("project_id", "{$prefix}{$hlpdsk_prefix}_projects", "project_id", "project_name", " order by project_id"));
$tts_lang_project_value = "{$project_name}";
} else {
$project_name = Security::htmlsecure(get_cross_value("{$prefix}{$hlpdsk_prefix}_projects", "project_name", " where project_id='{$project_id}'"));
$tts_lang_project_value = "{$project_name}";
}
$fullname = opentts::get_fullname($t_assigned);
if (Security::is_action_allowed("change_assigned", 0, $acl_write)) {
$select = new select('user', 'change_status', 't_assigned', $t_assigned);
$tts_lang_assign_to = $select->get_link("{$tts_lang_assign_to}");
$tts_lang_assign_to_value = $select->get_field();
} else {
$tts_lang_assign_to_value = "{$fullname}";
}
if (Security::is_action_allowed("change_end_date", 0, $acl_write)) {
$time = strtotime($end_date);
#$end_date_d_m_y=date("Y/m/d",$time);
$end_date_h = date("H", $time);
$end_date_i = date("i", $time);
$today = date($_SESSION['GO_SESSION']['date_format'], $time);
$end_date = $datepicker->get_date_picker('end_date_d_m_y', $_SESSION['GO_SESSION']['date_format'], $today);
//.........这里部分代码省略.........
示例7: set_default_agent
function set_default_agent($uid)
{
global $tts, $prefix, $hlpdsk_prefix, $name;
$uid = Security::sqlsecure($uid);
$query = "update {$prefix}{$hlpdsk_prefix}_groups_members set uid_default=0 where gid=2";
if ($tts->query($query, $tts)) {
$query = "update {$prefix}{$hlpdsk_prefix}_groups_members set uid_default=1 where gid=2 and uid='{$uid}'";
if ($tts->query($query, $tts)) {
return TRUE;
}
}
return FALSE;
}
示例8: get_task_assigned
function get_task_assigned($ticket_number)
{
global $prefix, $hlpdsk_prefix;
$ticket_number = Security::sqlsecure($ticket_number);
return get_cross_value("{$prefix}{$hlpdsk_prefix}_tickets", "t_assigned", " where ticket_number='{$ticket_number}'");
}