本文整理汇总了PHP中misc::make_db_extra_safe方法的典型用法代码示例。如果您正苦于以下问题:PHP misc::make_db_extra_safe方法的具体用法?PHP misc::make_db_extra_safe怎么用?PHP misc::make_db_extra_safe使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类misc
的用法示例。
在下文中一共展示了misc::make_db_extra_safe方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: misc
function delete_user($user_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// Set Variable to hold errors
$errors = '';
// Verify ID is Numeric
if (!is_numeric($user_id)) {
return $lang['user_manager_invalid_user_id'];
}
if ($config['demo_mode'] == 1 && $_SESSION['admin_privs'] != 'yes') {
return $lang['demo_mode'] . ' - ' . $lang['user_manager_permission_denied'] . '<br />';
}
// Admins can delte any user. Anyone can delte there own information as this is needed for updates.
if ($_SESSION['admin_privs'] == 'yes' && $user_id != '') {
$sql_delete = $misc->make_db_extra_safe($user_id);
} elseif ($_SESSION['admin_privs'] == 'yes' && $user_id == '' || $_SESSION['userID'] == $user_id) {
$sql_delete = $misc->make_db_extra_safe($_SESSION['userID']);
} else {
return $lang['user_manager_permission_denied'];
}
// delete the user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_delete;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the elements associated with the user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userdbelements WHERE userdb_id = ' . $sql_delete;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the listings associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdb WHERE (userdb_ID = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the elements associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the favorites associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userfavoritelistings WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the saved searches associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'usersavedsearches WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// now get all the images associated with a user's listings
$sql = 'SELECT listingsimages_file_name, listingsimages_thumb_file_name FROM ' . $config['table_prefix'] . 'listingsimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// so, you've got 'em... it's time to unlink those bad boys...
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']);
// get rid of those darned things...
if (!unlink($config['listings_upload_path'] . '/' . $file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['listings_upload_path'] . '/' . $file_name . '<br />';
}
if ($file_name != $thumb_file_name) {
if (!unlink($config['listings_upload_path'] . '/' . $thumb_file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['listings_upload_path'] . '/' . $thumb_file_name . '<br />';
}
}
$recordSet->MoveNext();
}
// delete all the saved images associated with a user from listingimages
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// it's time to do the same for all the images associated with the user himself
$sql = 'SELECT userimages_file_name, userimages_thumb_file_name FROM ' . $config['table_prefix'] . 'userimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['userimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['userimages_file_name']);
// get rid of those darned things...
if (!unlink($config['user_upload_path'] . '/' . $file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['user_upload_path'] . '/' . $file_name . '<br />';
}
if ($file_name != $thumb_file_name) {
if (!unlink($config['user_upload_path'] . '/' . $thumb_file_name)) {
//.........这里部分代码省略.........
示例2: get_featured
public static function get_featured($listing_id, $raw)
{
global $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$listing_id = $misc->make_db_extra_safe($listing_id);
$sql = "SELECT listingsdb_featured FROM " . $config['table_prefix'] . "listingsdb WHERE listingsdb_id = {$listing_id}";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$featured = $recordSet->fields['listingsdb_featured'];
if ($raw == 'no') {
if ($featured == 'yes') {
$featured = 'featured';
} else {
$featured = '';
}
}
return $featured;
}
示例3: rendervtourlink
function rendervtourlink($listingID, $use_small_image = false)
{
// shows the images connected to a given image
global $config, $lang, $conn;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// grab the images
$listingID_sql = $misc->make_db_extra_safe($listingID);
$output = '';
// $sql = "SELECT vtourimages_id FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = $listingID_sql) ORDER BY vtourimages_rank";
$sql = "SELECT vtourimages_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = {$listingID_sql}) ORDER BY vtourimages_rank";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_images = $recordSet->RecordCount();
if ($num_images > 0) {
while (!$recordSet->EOF) {
$file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
$ext = substr(strrchr($file_name, '.'), 1);
$recordSet->MoveNext();
}
// end while
if ($ext == 'jpg' || $ext == 'egg') {
// if it's a supported VTour then display the link button
if ($use_small_image === true) {
$image = 'vtourbuttonsmall.jpg';
} else {
$image = 'vtourbutton.jpg';
}
if (file_exists($config['template_path'] . '/images/' . $image)) {
$output .= '<a href="index.php?action=show_vtour&popup=blank&listingID=' . $listingID . '" onclick="window.open(\'index.php?action=show_vtour&popup=blank&listingID=' . $listingID . '\',\'\',\'width=' . $config['vt_popup_width'] . ',height=' . $config['vt_popup_height'] . '\');return false;"><img src="' . $config['template_url'] . '/images/' . $image . '" alt="' . $lang['click_here_for_vtour'] . '" /></a>';
} else {
$output = '<a href="index.php?action=show_vtour&popup=blank&listingID=' . $listingID . '" onclick="window.open(\'index.php?action=show_vtour&popup=blank&listingID=' . $listingID . '\',\'\',\'width=' . $config['vt_popup_width'] . ',height=' . $config['vt_popup_height'] . '\');return false;">' . $lang['click_here_for_vtour'] . '</a>';
}
}
//end if it's a supported VTour
}
// end if ($num_images > 0)
return $output;
}
示例4: misc
function determine_user_formtype($userID)
{
global $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$userID = $misc->make_db_extra_safe($userID);
$sql = "SELECT userdb_is_agent, userdb_is_admin FROM " . $config['table_prefix'] . "userdb where userdb_id = {$userID}";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$edit_isAgent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']);
$edit_isAdmin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']);
if ($edit_isAgent == "yes" || $edit_isAdmin == "yes") {
$formDB = 'agentformelements';
} else {
$formDB = 'memberformelements';
}
return $formDB;
}
示例5: misc
//.........这里部分代码省略.........
}
} elseif ($sortby_array[$x] == 'random') {
if ($x == 0) {
$order_text .= 'ORDER BY rand() ' . $sorttype_array[$x];
} else {
$order_text .= ',rand() ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'listingsdb_featured') {
if ($x == 0) {
$order_text .= 'ORDER BY listingsdb_featured ' . $sorttype_array[$x];
} else {
$order_text .= ',listingsdb_featured ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'listingsdb_last_modified') {
if ($x == 0) {
$order_text .= 'ORDER BY listingsdb_last_modified ' . $sorttype_array[$x];
} else {
$order_text .= ',listingsdb_last_modified ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'pclass') {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= $config['table_prefix_no_lang'] . 'classlistingsdb.listingsdb_id = ' . $config['table_prefix'] . 'listingsdb.listingsdb_id AND ' . $config['table_prefix_no_lang'] . 'classlistingsdb.class_id = ' . $config['table_prefix'] . 'class.class_id ';
$tablelist_fullname[] = $config['table_prefix_no_lang'] . "classlistingsdb";
$tablelist_fullname[] = $config['table_prefix'] . 'class';
if ($x == 0) {
$order_text .= 'ORDER BY ' . $config['table_prefix'] . 'class.class_name ' . $sorttype_array[$x];
} else {
$order_text .= ',' . $config['table_prefix'] . 'class.class_name ' . $sorttype_array[$x];
}
} else {
// Check if field is a number or price field and cast the order.
$sort_by_field = $misc->make_db_extra_safe($sortby_array[$x]);
$sql_sort_type = 'SELECT listingsformelements_field_type FROM ' . $config['table_prefix'] . 'listingsformelements WHERE listingsformelements_field_name = ' . $sort_by_field;
$recordSet_sort_type = $conn->Execute($sql_sort_type);
if (!$recordSet_sort_type) {
$misc->log_error($sql_sort_type);
}
$field_type = $recordSet_sort_type->fields['listingsformelements_field_type'];
if ($field_type == 'price' || $field_type == 'number' || $field_type == 'decimal') {
$tablelist[] = 'sort' . $x;
$sort_text .= 'AND (sort' . $x . '.listingsdbelements_field_name = ' . $sort_by_field . ') ';
global $db_type;
if ($db_type == 'mysql') {
if ($x == 0) {
$order_text .= ' ORDER BY CAST(sort' . $x . '.listingsdbelements_field_value as signed) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
} else {
$order_text .= ',CAST(sort' . $x . '.listingsdbelements_field_value as signed) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
}
} else {
if ($x == 0) {
$order_text .= ' ORDER BY CAST(sort' . $x . '.listingsdbelements_field_value as int4) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
} else {
$order_text .= ',CAST(sort' . $x . '.listingsdbelements_field_value as int4) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
}
}
} else {
$tablelist[] = 'sort' . $x;
$sort_text .= 'AND (sort' . $x . '.listingsdbelements_field_name = ' . $sort_by_field . ') ';
if ($x == 0) {
$order_text .= ' ORDER BY sort' . $x . '.listingsdbelements_field_value ' . $sorttype_array[$x];
示例6: renderListingsImagesJavaRows
function renderListingsImagesJavaRows($listingID, $mouseover = 'no')
{
// shows the images connected to a given image
global $config, $lang, $conn, $style;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// grab the images
$var_reset = 1;
// Reset the var (counter) (DO NOT CHANGE)
$user_col_max = $config['number_columns'];
// How Many To show Per Row
$listingID = $misc->make_db_extra_safe($listingID);
$sql = "SELECT listingsimages_caption, listingsimages_file_name, listingsimages_thumb_file_name, listingsimages_description FROM " . $config['table_prefix'] . "listingsimages WHERE (listingsdb_id = {$listingID}) ORDER BY listingsimages_rank";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$display = '';
$num_images = $recordSet->RecordCount();
if ($num_images > 0) {
$display .= '<table id="imagerows">';
while (!$recordSet->EOF) {
$caption = $misc->make_db_unsafe($recordSet->fields['listingsimages_caption']);
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']);
$description = $misc->make_db_unsafe($recordSet->fields['listingsimages_description']);
$description = str_replace('"', '"', $description);
$caption = str_replace('"', '"', $caption);
// gotta grab the image size
$thumb_imagedata = GetImageSize("{$config['listings_upload_path']}/{$thumb_file_name}");
$thumb_imagewidth = $thumb_imagedata[0];
$thumb_imageheight = $thumb_imagedata[1];
$thumb_max_width = $config['thumbnail_width'];
$thumb_max_height = $config['thumbnail_height'];
$resize_by = $config['resize_thumb_by'];
$shrinkage = 1;
if ($thumb_max_width == $thumb_imagewidth || $thumb_max_height == $thumb_imageheight) {
$thumb_displaywidth = $thumb_imagewidth;
$thumb_displayheight = $thumb_imageheight;
} else {
if ($resize_by == 'width') {
$shrinkage = $thumb_imagewidth / $thumb_max_width;
$thumb_displaywidth = $thumb_max_width;
$thumb_displayheight = round($thumb_imageheight / $shrinkage);
} elseif ($resize_by == 'height') {
$shrinkage = $thumb_imageheight / $thumb_max_height;
$thumb_displayheight = $thumb_max_height;
$thumb_displaywidth = round($thumb_imagewidth / $shrinkage);
} elseif ($resize_by == 'both') {
$thumb_displayheight = $thumb_max_height;
$thumb_displaywidth = $thumb_max_width;
}
}
if ($var_reset == 1) {
$display .= "<tr>";
}
if ($caption == '') {
$caption = $thumb_file_name;
}
if ($mouseover == 'no') {
$display .= "<td><a href=\"javascript:imgchange('{$file_name}','" . addslashes($caption) . "','" . addslashes($description) . "')\"> ";
$display .= "<img src=\"{$config['listings_view_images_path']}/{$thumb_file_name}\" height=\"{$thumb_displayheight}\" width=\"{$thumb_displaywidth}\" alt=\"{$caption}\" /></a>";
$display .= "</td>";
} else {
$display .= '<td><img src="' . $config[listings_view_images_path] . '/' . $thumb_file_name . '" height="' . $thumb_displayheight . '" width="' . $thumb_displaywidth . '" alt="' . $caption . '" onmouseover="imgchange(\'' . $file_name . '\',\'' . addslashes($caption) . '\',\'' . addslashes($description) . '\')" /></td>';
}
if ($var_reset == $user_col_max) {
$display .= "</tr>";
$var_reset = 1;
} else {
$var_reset++;
}
$recordSet->MoveNext();
}
// end while
if ($var_reset != 1) {
$display .= "</tr>";
}
$display .= "</table>";
} else {
if ($config['show_no_photo'] == 1) {
$display .= '<table id="imagerows">';
$display .= "<tr><td><img src=\"{$config['baseurl']}/images/nophoto.gif\" width=\"{$config['thumbnail_width']}\" alt=\"{$lang['no_photo']}\" /></td></tr></table>";
}
}
return $display;
}
示例7: misc
function create_download($ID, $file_id, $type)
{
global $config, $conn;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$folderid = $ID;
$ID = $misc->make_db_extra_safe($ID);
$fileID = $misc->make_db_extra_safe($file_id);
if ($type == 'listing') {
$file_upload_path = $config['listings_file_upload_path'];
$file_view_path = $config['listings_view_file_path'];
$sqltype = 'listings';
} else {
$file_upload_path = $config['users_file_upload_path'];
$file_view_path = $config['users_view_file_path'];
$sqltype = 'user';
}
$sql = "SELECT DISTINCT " . $type . "sfiles_file_name FROM " . $config['table_prefix'] . "" . $type . "sfiles WHERE (" . $sqltype . "db_id = {$ID}) AND (" . $type . "sfiles_id = " . $fileID . ") ORDER BY " . $type . "sfiles_rank";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$file_filename = $misc->make_db_unsafe($recordSet->fields[$type . 'sfiles_file_name']);
$recordSet->MoveNext();
}
$fullPath = $file_upload_path . '/' . $folderid . '/' . $file_filename;
if ($fd = fopen($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"" . $path_parts["basename"] . "\"");
header("Content-length: {$fsize}");
header("Cache-control: private");
//use this to open files directly
while (!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose($fd);
}