本文整理汇总了PHP中helper::escape方法的典型用法代码示例。如果您正苦于以下问题:PHP helper::escape方法的具体用法?PHP helper::escape怎么用?PHP helper::escape使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类helper
的用法示例。
在下文中一共展示了helper::escape方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: m__edit
function m__edit()
{
global $c_obj_obj, $l_obj;
//判断操作权限
check_level("C0101");
// 预处理数据
foreach ($_POST as $a => $b) {
$post[$a] = helper::escape($b, 1);
}
//print_r($post);die();
// 验证数据
//if ($post['parent_id'] > 0 && $post['extern_id'] != $c_obj -> categories[$_POST['parent_id']]['extern_id']) die('{"code":"100","msg":"子分类必须保持模型一致"}');
if ($post['cname'] == '') {
die('{"code":"100","msg":"分类名称必须填写"}');
}
if ($post['cname_py'] == '') {
die('{"code":"100","msg":"字母别名必须填写"}');
}
//去掉不需要的参数
unset($post['ad_list']);
// print_r($post);die();
// 添加分类
if ($post['cate_id'] <= '0') {
$has_py = $c_obj_obj->get_cname_py($post['cname_py']);
if ($has_py) {
die('{"code":"100","msg":"字母别名不允许重复"}');
}
// 判断是否可以添加子类
//if ($c_obj -> cate_last($_POST['parent_id']) == 0 && ($_POST['parent_id'] > 0 && $c_obj -> categories[$_POST['parent_id']]['cdata'] > 0)) die('{"code":"100","msg":"分类下有数据,不允许添加子类"}');
// 添加分类
if (isset($post['listvar_copy'])) {
unset($post['listvar_copy']);
}
if (isset($post['index_copy'])) {
unset($post['index_copy']);
}
if (isset($post['content_copy'])) {
unset($post['content_copy']);
}
$res = $c_obj_obj->insert($post);
$c_obj_obj->update_cate();
if ($res > 0) {
$l_obj->insert("类添加成功,分类名为:" . $post['cname']);
die('{"code":"0","msg":"分类添加成功","cid":"' . $res . '"}');
}
die('{"code":"100","msg":"分类添加失败,' . $res . '"}');
} else {
// 修改分类
// 修改分类
$where = "cate_id='" . $post['cate_id'] . "'";
$res = $c_obj_obj->update($post, $where);
// 判断模板应用层数
$c_obj_obj->update_cate();
if ($res) {
$l_obj->insert("修改分类成功,分类ID为:{$post['cate_id']}");
die('{"code":"0","msg":"分类修改成功","cid":"' . $post['cate_id'] . '"}');
}
die('{"code":"100","msg":"分类修改失败"}');
}
}
示例2: m__list
function m__list()
{
global $dbm, $c, $keywords;
$_GET = helper::sqlxss($_GET);
$_POST = helper::sqlxss($_POST);
$p = isset($_GET['p']) && is_numeric($_GET['p']) ? intval($_GET['p']) : 1;
$params['where'] = ' 1=1';
//设置查询
//从编辑那里传过来的js使用post请求的查询获取数据时的限制查询
if (isset($_POST['keyword_id']) && is_numeric($_POST['keyword_id'])) {
$params['where'] .= " and keyword_id = '" . $_POST['keyword_id'] . "'";
}
//页面搜索框的查询
if (isset($_GET['q']) && !empty($_GET['q'])) {
$params['where'] .= " and keyword like '%" . helper::escape($_GET['q']) . "%' ";
}
if (isset($_GET['qgroup']) && $_GET['qgroup'] !== '') {
$params['where'] .= " and qgroup='{$_GET['qgroup']}' ";
}
$params['table_name'] = TB_PREFIX . "keyword";
$params['count'] = 1;
$params['suffix'] = " order by qorder,keyword_id DESC ";
$params['pagesize'] = PAGESIZE;
$params['suffix'] .= $dbm->get_limit_sql(PAGESIZE, $p);
$keywords = $dbm->single_query($params);
}
示例3: m__edit
function m__edit()
{
global $l_obj, $t_obj;
check_level("H0701");
$post = $_POST;
//处理数据隐藏安全
foreach ($post as $k => $n) {
$post[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($post['keyword_id'])) {
die('{"code":"100","msg":"标签ID必须是数字"}');
}
if (empty($post['keyword'])) {
die('{"code":"100","msg":"标签不能为空"}');
}
if ($post['keyword_id'] > 0) {
// 编辑
$res = $t_obj->update($post, $post['keyword_id']);
if ($res['state'] == 0) {
$l_obj->insert("编辑成功:" . $post['keyword']);
die('{"code":"0","msg":"编辑成功","kid":"' . $post['keyword_id'] . '"}');
}
die('{"code":"240","msg":"编辑失败"}');
} else {
// 添加
$res = $t_obj->insert($post);
if ($res['state'] == 0) {
$l_obj->insert("添加成功:" . $post['keyword']);
die('{"code":"0","msg":"添加成功","kid":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加失败,"' . $res['msg'] . '}');
}
}
示例4: m__list
function m__list()
{
global $dbm, $page;
$page = $params = array();
$where = " (1=1) ";
if (isset($_GET['search_txt']) && $_GET['search_txt'] != '') {
$_GET['search_type'] = isset($_GET['search_type']) && $_GET['search_type'] != '' ? $_GET['search_type'] : 'aname';
$field = helper::escape($_GET['search_type']);
$where .= " and({$field} like '%" . helper::escape($_GET['search_txt']) . "%')";
}
$p = isset($_GET['p']) ? $_GET['p'] : 1;
// 判断id是否是数字
if (isset($_POST['admin_id']) && !is_numeric($_POST['admin_id'])) {
$page['admins'] = array();
}
$params['table_name'] = TB_PREFIX . "admin_list";
$params['count'] = 1;
$params['where'] = $where;
$params['suffix'] = " order by reg_date DESC ";
$params['pagesize'] = PAGESIZE;
$params['suffix'] .= $dbm->get_limit_sql(PAGESIZE, $p);
$user = $dbm->single_query($params);
$sql = "select group_id,g_name from " . TB_PREFIX . "admin_group";
$rs = $dbm->query($sql);
for ($i = 0; $i < count($user['list']); $i++) {
for ($j = 0; $j < count($rs['list']); $j++) {
if ($user['list'][$i]['group_id'] == $rs['list'][$j]['group_id']) {
$user['list'][$i]['g_name'] = $rs['list'][$j]['g_name'];
}
}
}
$page['admin_group'] = $rs['list'];
$page['admins'] = $user;
}
示例5: m__edit
function m__edit()
{
global $dbm, $c;
foreach ($_POST as $key => $val) {
$_POST[$key] = helper::escape(urldecode($val));
}
unset($_POST['hashtoken']);
if (!is_numeric($_POST['url_id'])) {
die('{"code":"210","msg":"规则节点ID必须是数字"}');
}
if (empty($_POST['url_title'])) {
die('{"code":"220","msg":"规则节点名称不能为空"}');
}
if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['url_title'])) {
die('{"code":"230","msg":"规则节点名称必须以字母开头,只允许字母、下划线"}');
}
if (empty($_POST['url_true'])) {
die('{"code":"230","msg":"动态地址规则不能为空"}');
}
if (empty($_POST['url_rule'])) {
die('{"code":"230","msg":"伪静态地址规则不能为空"}');
}
if ($_POST['url_id'] > 0) {
// 编辑
$where = " url_id='" . $_POST['url_id'] . "'";
unset($_POST['url_id']);
$res = $dbm->single_update(TB_PREFIX . "url_rewrite", $_POST, $where);
// 更新缓存
$c->update_url_config();
$c->update_cate();
// 生成伪静态文件(.htaccess)
htaccess();
iis_httpd_ini();
if (empty($res['error'])) {
die('{"code":"0","msg":"更新规则成功"}');
}
die('{"code":"240","msg":"更新规则失败"}');
} else {
// 添加
// 判断节点是否存在
/**
* $rs=$dbm->query("select * from ".TB_PREFIX . "url_rewrite where url_title='{$_POST['url_title']}'");
* if(count($rs['list'])>0) die('{"code":"100","msg":"'.$_POST['url_title'].'节点名称不能重复"}');
* unset($_POST['url_id']);
* $res = $dbm -> single_insert(TB_PREFIX . "url_rewrite", $_POST);
*/
// 更新缓存
$c->update_url_config();
$c->update_cate();
// 生成伪静态文件(.htaccess)
htaccess();
iis_httpd_ini();
if (empty($res['error']) && $res['autoid'] > 0) {
die('{"code":"0","msg":"添加规则成功"}');
}
die('{"code":"250","msg":"添加规则失败,请核对重试"}');
}
}
示例6: m__list
function m__list()
{
global $u_obj, $page;
$where = " where 1 = 1 ";
if (isset($_GET['search_txt']) && $_GET['search_txt'] != '') {
$where .= " and g_name like '%" . helper::escape($_GET['search_txt']) . "%'";
}
$p = isset($_GET['p']) ? $_GET['p'] : 1;
$page = $u_obj->get_all($where, $p);
}
示例7: m__save_attr
function m__save_attr()
{
global $dbm, $c;
$table_name = isset($_GET['table_name']) ? $_GET['table_name'] : '';
$a = $dbm->query("select * from " . TB_PREFIX . "extern_attr where extern_name='{$table_name}'");
if (count($a['list']) < 1) {
die('{"code":1,"msg":"模型不存在"}');
}
$extern = $a['list'][0];
//模型
// 初始化数据
foreach ($_POST as $a => $b) {
$_POST[$a] = helper::escape($b, 1);
$_POST[$a] = preg_replace('~"~', '"', $_POST[$a]);
//$_POST[$a] = helper :: escape_stripslashes($_POST[$a]);
if ($a == 'title' && $b == '') {
die('{"code":1,"msg":"字段文字不能为空"}');
}
if ($a == 'field' && $b == '') {
die('{"code":1,"msg":"字段名称不能为空"}');
}
if ($a == 'field_type' && $b == '') {
die('{"code":1,"msg":"字段类型不能为空"}');
}
if ($a == 'field' && !preg_match('~^[a-z][a-z0-9_]*$~', $b)) {
die('{"code":1,"msg":"字段名称只允许小写字母开头,小写字母数字和下划线"}');
}
}
unset($_POST['hashtoken']);
//字段存入数据库
$sql = "select field_id from " . TB_PREFIX . "extern_fields where extern_id='{$extern['extern_id']}' and field='{$_POST['field']}'";
$fields = $_POST;
$rs = $dbm->query($sql);
//print_r($rs);
if (count($rs['list']) == 0) {
$fields['extern_id'] = $extern['extern_id'];
$fields['extern_name'] = $table_name;
$rs = $dbm->single_insert(TB_PREFIX . "extern_fields", $fields);
if ($rs['error'] == '') {
$c->update_externs();
die('{"code":0,"msg":"新增字段成功"}');
}
} else {
//print_r($fields);die();
$rs = $dbm->single_update(TB_PREFIX . "extern_fields", $fields, " field_id='{$rs['list'][0]['field_id']}'");
if ($rs['error'] == '') {
$c->update_externs();
die('{"code":0,"msg":"修改字段成功"}');
}
}
die('{"code":0,"msg":"操作失败' . $rs['error'] . '"}');
}
示例8: m__menu_save
function m__menu_save()
{
global $dbm, $c;
$fields = $_POST;
unset($fields['hashtoken']);
if ($fields['menu_name'] == '') {
die('{"code":"1","msg":"菜单名称不能为空"}');
}
$fields['menu_type'] = $fields['wx_menu_type'];
unset($fields['wx_menu_type']);
if ($fields['menu_type'] == 'click') {
$fields['menu_key'] = $fields['menu_key_url'];
$fields['menu_url'] = '';
if ($fields['menu_key'] == '') {
die('{"code":"1","msg":"事件名称不能为空"}');
}
} else {
$fields['menu_url'] = $fields['menu_key_url'];
$fields['menu_key'] = '';
if ($fields['menu_url'] == '') {
die('{"code":"1","msg":"链接地址不能为空"}');
}
}
unset($fields['menu_key_url']);
unset($fields['cate_id']);
foreach ($fields as $k => $v) {
$fields[$k] = helper::escape($v, 1);
}
$where = "menu_id={$fields['menu_id']}";
unset($fields['menu_id']);
if ($_POST['menu_id'] == '0') {
//新增
//die(print_r($fields));
$rs = $dbm->single_insert(TB_PREFIX . "wx_menu", $fields);
if ($rs['error'] == '') {
die('{"code":"0","msg":"新增菜单成功","menu_id":"' . $rs['autoid'] . '"}');
} else {
die('{"code":"1","msg":"新增菜单失败' . $rs['error'] . '","menu_id":"0"}');
}
} else {
//修改
$rs = $dbm->single_update(TB_PREFIX . "wx_menu", $fields, $where);
if ($rs['error'] == '') {
die('{"code":"0","msg":"修改菜单成功","menu_id":"' . $_POST['menu_id'] . '"}');
} else {
die('{"code":"1","msg":"修改菜单失败' . $rs['error'] . '","menu_id":"' . $_POST['menu_id'] . '"}');
}
}
die;
}
示例9: m__list
function m__list()
{
global $u_obj, $page;
$where = " where 1 = 1 ";
if (isset($_GET['search_txt']) && $_GET['search_txt'] != '' && isset($_GET['search_type'])) {
if ($_GET['search_type'] == 'uname') {
$where .= " and " . $_GET['search_type'] . " = '" . helper::escape($_GET['search_txt']) . "'";
} else {
$where .= " and " . $_GET['search_type'] . " like '%" . helper::escape($_GET['search_txt']) . "%'";
}
}
$p = isset($_GET['p']) ? $_GET['p'] : 1;
$page = $u_obj->get_all($where, $p, 1);
}
示例10: m__edit
function m__edit()
{
global $dbm;
//判断操作权限
check_level("E0301");
$reg = "~^((https|http|ftp|rtsp|mms)?://)~";
$nlink = $_POST;
unset($nlink['hashtoken']);
//处理数据隐藏安全
foreach ($nlink as $k => $n) {
$nlink[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($nlink['nlink_id'])) {
die('{"code":"210","msg":"内链词ID必须是数字"}');
}
if (empty($nlink['nlink_txt'])) {
die('{"code":"220","msg":"内链名称不能为空"}');
}
if (empty($nlink['nlink_url'])) {
die('{"code":"230","msg":"内链地址不能为空"}');
}
if (!preg_match($reg, $nlink['nlink_url'])) {
die('{"code":"230","msg":"链接地址不合法"}');
}
//要入库的数据
$params['nlink_txt'] = $nlink['nlink_txt'];
$params['nlink_url'] = $nlink['nlink_url'];
if ($_POST['nlink_id'] > 0) {
// 编辑
$where = " nlink_id='" . $nlink['nlink_id'] . "'";
$res = $dbm->single_update(TB_PREFIX . "nlink", $params, $where);
if (empty($res['error'])) {
logs("更新内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"更新内链词成功"}');
}
logs("更新内链词失败:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"240","msg":"更新内链词失败"}');
} else {
// 添加友链
$res = $dbm->single_insert(TB_PREFIX . "nlink", $params);
if (empty($res['error']) && $res['autoid'] > 0) {
logs("添加内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"添加内链词成功"}');
}
logs("添加内链词失败:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"250","msg":"添加内链词失败,请核对重试"}');
}
}
示例11: m__edit
/**
* 获取编辑或添加管理组
*/
function m__edit()
{
global $dbm;
check_level("B0101");
$params = array();
foreach ($_POST as $k => $v) {
$_POST[$k] = helper::escape($v, 1);
}
if (!is_numeric($_POST['group_id'])) {
die('{"code":"210","msg":"用户组ID必须是数字"}');
}
// 验证会员信息是否合法
if (empty($_POST['g_name'])) {
die('{"code":"220","msg":"用户组名字不能为空"}');
}
//if(!isset($_POST['g_urank']) || trim($_POST['g_urank']) =='') die('{"code":"230","msg":"用户组权限不能为空"}');
//if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['g_name'])) die('{"code":"230","msg":"用户组名必须以字母开头,只允许字母、数字、下划线"}');
$params['g_name'] = $_POST['g_name'];
//$params['g_urank'] = $_POST['g_urank'];
$params['g_remark'] = isset($_POST['g_remark']) && !empty($_POST['g_remark']) ? htmlspecialchars($_POST['g_remark']) : '';
$params['create_time'] = time();
if (intval($_POST['group_id']) > 0) {
$where = " group_id ='" . $_POST['group_id'] . "'";
$res = $dbm->single_update(TB_PREFIX . "admin_group", $params, $where);
if (empty($res['error'])) {
logs("用户组编辑成功,用户组ID为:{$_POST['group_id']}");
die('{"code":"0","msg":"操作成功"}');
}
logs("编辑用户组失败,请核实后再添加,用户组ID为:{$_POST['group_id']}");
die('{"code":"280","msg":"编辑用户组失败,请核实后再添加"}');
} else {
// 添加会员
$where = " g_name='" . $_POST['g_name'] . "'";
$a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_group"));
if (count($a['list']) > 0) {
die('{"code":"260","msg":"用户组名字不能重复"}');
}
$res = $dbm->single_insert(TB_PREFIX . "admin_group", $params);
if ($res['autoid'] > 0) {
logs("添加用户组成功,用户组名字为:{$_POST['g_name']}");
die('{"code":"0","msg":"添加用户组成功"}');
}
logs("添加用户组失败,请核实后再添加,用户组名字为:{$_POST['g_name']}");
die('{"code":"270","msg":"添加用户组失败,请核实后再添加"}');
}
}
示例12: m__edit
function m__edit()
{
global $l_obj, $n_obj, $page;
check_level("D0501");
$reg = "~^((https|http|ftp|rtsp|mms)?://)~";
$nlink = $_POST;
//处理数据隐藏安全
foreach ($nlink as $k => $n) {
$nlink[$k] = urldecode(helper::escape($n));
}
//验证数据合法性
if (!is_numeric($nlink['nlink_id'])) {
die('{"code":"210","msg":"内链词ID必须是数字"}');
}
if (empty($nlink['nlink_txt'])) {
die('{"code":"220","msg":"内链名称不能为空"}');
}
if (empty($nlink['nlink_url'])) {
die('{"code":"230","msg":"内链地址不能为空"}');
}
if (!preg_match($reg, $nlink['nlink_url'])) {
die('{"code":"230","msg":"链接地址不合法"}');
}
//要入库的数据
$params['nlink_txt'] = $nlink['nlink_txt'];
$params['nlink_url'] = $nlink['nlink_url'];
if ($nlink['nlink_id'] > 0) {
// 编辑
$where = " nlink_id='" . $nlink['nlink_id'] . "'";
$res = $n_obj->update($params, $where);
if ($res['state'] == 0) {
$l_obj->insert("更新内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"更新内链词成功","nid":"' . $nlink['nlink_id'] . '"}');
}
die('{"code":"240","msg":"更新内链词失败"}');
} else {
// 添加内链
$res = $n_obj->insert($params);
if ($res['state'] == 0) {
$l_obj->insert("添加内链词成功:" . $params['nlink_txt'] . "=>" . $params['nlink_url']);
die('{"code":"0","msg":"添加内链词成功","nid":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加内链词失败,请核对重试"}');
}
}
示例13: m__edit
function m__edit()
{
global $area_obj, $l_obj;
if ($_GET['type'] == 1) {
check_level("H0401");
} else {
check_level("H0501");
}
$area = $_POST;
//处理数据隐藏安全
foreach ($area as $k => $n) {
$area[$k] = urldecode(helper::escape($n));
if ($k == 'area_html') {
$area[$k] = serialize($area[$k]);
}
}
//验证数据合法性
if (!is_numeric($area['area_id'])) {
die('{"code":"100","msg":"位置ID必须是数字"}');
}
if (empty($area['title'])) {
die('{"code":"100","msg":"标题不能为空"}');
}
if ($area['area_id'] > 0) {
// 编辑
$res = $area_obj->update($area, $area['area_id']);
if ($res['state'] == 0) {
$l_obj->insert("编辑成功:" . $area['title']);
die('{"code":"0","msg":"编辑成功","area_id":"' . $area['area_id'] . '"}');
}
die('{"code":"240","msg":"编辑失败"}');
} else {
// 添加内链
$res = $area_obj->insert($area);
if ($res['state'] == 0) {
$l_obj->insert("添加成功:" . $area['title']);
die('{"code":"0","msg":"添加成功","area_id":"' . $res['msg'] . '"}');
}
die('{"code":"100","msg":"添加失败,"' . $res['msg'] . '}');
}
}
示例14: sqlxss
public static function sqlxss()
{
//处理$_GET
foreach ($_GET as $k => $v) {
if (is_array($v)) {
foreach ($v as $a => $b) {
if (!is_array($b)) {
$b = helper::escape($b, 1);
$_GET[$k][$a] = htmlspecialchars(trim($b), ENT_QUOTES);
}
}
} else {
$v = helper::escape($v, 1);
$_GET[$k] = htmlspecialchars(trim($v), ENT_QUOTES);
}
}
//处理$_POST
foreach ($_POST as $k => $v) {
if (is_array($v)) {
foreach ($v as $a => $b) {
if (!is_array($b)) {
$b = helper::escape($b, 1);
$_POST[$k][$a] = htmlspecialchars(trim($b), ENT_QUOTES);
}
}
} else {
$v = helper::escape($v, 1);
$_POST[$k] = htmlspecialchars(trim($v), ENT_QUOTES);
}
}
}
示例15: sqlxss
public static function sqlxss($input)
{
if (is_array($input)) {
foreach ($input as $k => $v) {
$input[$k] = helper::sqlxss($v);
}
} else {
$input = helper::escape($input, 1);
$input = htmlspecialchars($input, ENT_QUOTES);
}
return $input;
}