本文整理匯總了PHP中DB_escapeString函數的典型用法代碼示例。如果您正苦於以下問題:PHP DB_escapeString函數的具體用法?PHP DB_escapeString怎麽用?PHP DB_escapeString使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了DB_escapeString函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: links_update_set_categories
/**
* Add "root" category and fix categories
*
*/
function links_update_set_categories()
{
global $_TABLES, $_LI_CONF;
if (empty($_LI_CONF['root'])) {
$_LI_CONF['root'] = 'site';
}
$root = DB_escapeString($_LI_CONF['root']);
DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid, pid, category, description, tid, created, modified, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$root}', 'root', 'Root', 'Website root', NULL, NOW(), NOW(), 5, 2, 3, 3, 2, 2)");
// get Links admin group number
$group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Links Admin'");
// loop through adding to category table, then update links table with cids
$result = DB_query("SELECT DISTINCT cid AS category FROM {$_TABLES['links']}");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$category = DB_escapeString($A['category']);
$cid = $category;
DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,description,tid,owner_id,group_id,created,modified) VALUES ('{$cid}','{$root}','{$category}','{$category}','all',2,'{$group_id}',NOW(),NOW())", 1);
if ($cid != $category) {
// still experimenting ...
DB_query("UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$category}'", 1);
}
if (DB_error()) {
echo "Error inserting categories into linkcategories table";
return false;
}
}
}示例2: doValidLogin
function doValidLogin($login)
{
global $_CONF, $_TABLES, $status, $uid;
// Remote auth precludes usersubmission,
// and integrates user activation, see?;
$status = USER_ACCOUNT_ACTIVE;
// PHP replaces "." with "_"
$openid_identity = DB_escapeString($this->query['openid_identity']);
$openid_nickname = '';
if (isset($this->query['openid_sreg_nickname'])) {
$openid_nickname = $this->query['openid_sreg_nickname'];
}
// Check if that account is already registered.
$result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '{$openid_identity}' AND remoteservice = 'openid'");
$tmp = DB_error();
$nrows = DB_numRows($result);
if (!($tmp == 0) || !($nrows == 1)) {
// First time login with this OpenID, creating account...
if ($_CONF['disable_new_user_registration']) {
// not strictly correct - just to signal a failed login attempt
$status = USER_ACCOUNT_DISABLED;
$uid = 0;
return;
}
if (empty($openid_nickname)) {
$openid_nickname = $this->makeUsername($this->query['openid_identity']);
}
// we simply can't accept empty usernames ...
if (empty($openid_nickname)) {
COM_errorLog('Got an empty username for ' . $openid_identity);
// not strictly correct - just to signal a failed login attempt
$status = USER_ACCOUNT_DISABLED;
$uid = 0;
return;
}
// Ensure that remoteusername is unique locally.
$openid_nickname = USER_uniqueUsername($openid_nickname);
$openid_sreg_email = '';
if (isset($this->query['openid_sreg_email'])) {
$openid_sreg_email = $this->query['openid_sreg_email'];
}
$openid_sreg_fullname = '';
if (isset($this->query['openid_sreg_fullname'])) {
$openid_sreg_fullname = $this->query['openid_sreg_fullname'];
}
USER_createAccount($openid_nickname, $openid_sreg_email, '', $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid');
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '{$openid_identity}' AND remoteservice = 'openid'");
// Store full remote account name:
DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '{$openid_identity}', remoteservice = 'openid', status = 3 WHERE uid = {$uid}");
// Add to remote users:
$remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
} else {
$result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '{$openid_identity}' AND remoteservice = 'openid'");
list($uid, $status) = DB_fetchArray($result);
}
}示例3: updateStat
/**
* Updates statistics of an spamx entry
*
* @param string $name plugin name
* @param string $value data
**/
protected function updateStat($name, $value)
{
global $_TABLES;
$name = DB_escapeString($name);
$value = DB_escapeString($value);
$timestamp = DB_escapeString(date('Y-m-d H:i:s'));
$sql = "UPDATE {$_TABLES['spamx']} " . "SET counter = counter + 1, regdate = '{$timestamp}' " . "WHERE name='{$name}' AND value='{$value}' ";
DB_query($sql, 1);
}示例4: calendar_update_move_states
/**
* Replace the old $_STATES array with a free-form text field
*
*/
function calendar_update_move_states()
{
global $_TABLES, $_STATES;
if (isset($_STATES) && is_array($_STATES)) {
$tables = array($_TABLES['events'], $_TABLES['eventsubmission'], $_TABLES['personal_events']);
foreach ($_STATES as $key => $state) {
foreach ($tables as $table) {
DB_change($table, 'state', DB_escapeString($state), 'state', DB_escapeString($key));
}
}
}
}示例5: display
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = $_GET['entry'];
if (!empty($entry)) {
$dbentry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry));
}
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
$entry = '';
$name = COM_applyFilter($_REQUEST['header-name']);
$n = explode(':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
if (!empty($name) && !empty($value)) {
$entry = $name . ': ' . $value;
}
$dbentry = DB_escapeString($entry);
if (!empty($entry)) {
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['headerblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
list($e) = DB_fetchArray($result);
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB;
$display .= '<table border="0" width="100%">' . LB;
$display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
$display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
$display .= '</table>' . LB;
$display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '></p>';
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</form>' . LB;
return $display;
}示例6: initMenu
function initMenu($menuname, $skipCache = false)
{
global $_GROUPS, $_TABLES, $_USER;
$menu = NULL;
$cacheInstance = 'menuobject_' . $menuname . '_' . CACHE_security_hash() . '__data';
if ($skipCache == false) {
$retval = CACHE_check_instance($cacheInstance, 0);
if ($retval) {
$menu = unserialize($retval);
return $menu;
}
}
$mbadmin = SEC_hasRights('menu.admin');
$root = SEC_inGroup('Root');
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
$result = DB_query("SELECT * FROM {$_TABLES['menu']} WHERE menu_active=1 AND menu_name='" . DB_escapeString($menuname) . "'", 1);
$menuRow = DB_fetchArray($result);
if ($menuRow) {
$menu = new menu();
$menu->id = $menuRow['id'];
$menu->name = $menuRow['menu_name'];
$menu->type = $menuRow['menu_type'];
$menu->active = $menuRow['menu_active'];
$menu->group_id = $menuRow['group_id'];
if ($mbadmin || $root) {
$menu->permission = 3;
} else {
if ($menuRow['group_id'] == 998) {
if (COM_isAnonUser()) {
$menu->permission = 3;
} else {
$menu->permission = 0;
return NULL;
}
} else {
if (in_array($menuRow['group_id'], $_GROUPS)) {
$menu->permission = 3;
} else {
return NULL;
}
}
}
$menu->getElements();
$cacheMenu = serialize($menu);
CACHE_create_instance($cacheInstance, $cacheMenu, 0);
}
return $menu;
}示例7: Load
public function Load($code)
{
global $_TABLES;
static $currencies = array();
if (!isset($currencies[$code])) {
$currencies[$code] = FALSE;
$res = DB_query("SELECT * FROM {$_TABLES['paypal.currency']}\n WHERE code = '" . DB_escapeString($code) . "'");
if ($res) {
$currencies[$code] = DB_fetchArray($res, false);
}
}
return $currencies[$code];
}示例8: update_ConfValues
/**
* Add new config options
*
*/
function update_ConfValues()
{
global $_CONF, $_TABLES;
require_once $_CONF['path_system'] . 'classes/config.class.php';
// remove pdf_enabled option; this also makes room for new search options
DB_delete($_TABLES['conf_values'], 'name', 'pdf_enabled');
// move num_search_results options
DB_query("UPDATE {$_TABLES['conf_values']} SET sort_order = 651 WHERE sort_order = 670");
// change default for num_search_results
$thirty = DB_escapeString(serialize(30));
DB_query("UPDATE {$_TABLES['conf_values']} SET value = '{$thirty}', default_value = '{$thirty}' WHERE name = 'num_search_results'");
// fix censormode dropdown
DB_query("UPDATE {$_TABLES['conf_values']} SET selectionArray = 18 WHERE name = 'censormode'");
$c = config::get_instance();
// new options
$c->add('jpeg_quality', 75, 'text', 5, 23, NULL, 1495, FALSE);
$c->add('advanced_html', array('img' => array('width' => 1, 'height' => 1, 'src' => 1, 'align' => 1, 'valign' => 1, 'border' => 1, 'alt' => 1)), '**placeholder', 7, 34, NULL, 1721, TRUE);
// squeeze search options between 640 (lastlogin) and 680 (loginrequired)
$c->add('fs_search', NULL, 'fieldset', 0, 6, NULL, 0, TRUE);
$c->add('search_style', 'google', 'select', 0, 6, 19, 644, TRUE);
$c->add('search_limits', '10,15,25,30', 'text', 0, 6, NULL, 647, TRUE);
// see above: $c->add('num_search_results',30,'text',0,6,NULL,651,TRUE);
$c->add('search_show_limit', TRUE, 'select', 0, 6, 1, 654, TRUE);
$c->add('search_show_sort', TRUE, 'select', 0, 6, 1, 658, TRUE);
$c->add('search_show_num', TRUE, 'select', 0, 6, 1, 661, TRUE);
$c->add('search_show_type', TRUE, 'select', 0, 6, 1, 665, TRUE);
$c->add('search_separator', ' > ', 'text', 0, 6, NULL, 668, TRUE);
$c->add('search_def_keytype', 'phrase', 'select', 0, 6, 20, 672, TRUE);
$c->add('search_use_fulltext', FALSE, 'hidden', 0, 6);
// 675
// filename mask for db backup files
$c->add('mysqldump_filename_mask', 'geeklog_db_backup_%Y_%m_%d_%H_%M_%S.sql', 'text', 0, 5, NULL, 185, TRUE);
// DOCTYPE declaration, for {doctype} in header.thtml
$c->add('doctype', 'html401strict', 'select', 2, 10, 21, 195, TRUE);
// new comment options
$c->add('comment_edit', 0, 'select', 4, 21, 0, 1680, TRUE);
$c->add('commentsubmission', 0, 'select', 4, 21, 0, 1682, TRUE);
$c->add('comment_edittime', 1800, 'text', 4, 21, NULL, 1684, TRUE);
$c->add('article_comment_close_days', 30, 'text', 4, 21, NULL, 1686, TRUE);
$c->add('comment_close_rec_stories', 0, 'text', 4, 21, NULL, 1688, TRUE);
$c->add('allow_reply_notifications', 0, 'select', 4, 21, 0, 1689, TRUE);
// cookie to store name of anonymous commenters
$c->add('cookie_anon_name', 'anon_name', 'text', 7, 30, NULL, 577, TRUE);
// enable/disable clickable links
$c->add('clickable_links', 1, 'select', 7, 31, 1, 1753, TRUE);
// experimental: compress output before sending it to the browser
$c->add('compressed_output', 0, 'select', 7, 31, 1, 1756, TRUE);
// for the X-FRAME-OPTIONS header (Clickjacking protection)
$c->add('frame_options', 'DENY', 'select', 7, 31, 22, 1758, TRUE);
return true;
}示例9: display
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
if (!empty($entry)) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
} elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$e = $A['value'];
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
$display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
return $display;
}示例10: parse
function parse($p1, $p2, $fulltag)
{
global $_TABLES, $_CONF;
$topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($p1) . "'" . COM_getTopicSQL('AND'));
if (empty($topic)) {
return "<b>Unknown Topic</b>";
}
if (!empty($p2) && $p2 != $p1) {
$topic = $p2;
} else {
$topic = $topic;
}
return '<a href="' . $_CONF['site_url'] . '/index.php?topic=' . urlencode($p1) . '">' . htmlspecialchars($topic) . '</a>';
}示例11: uploadFiles
/**
* Perform the file upload
*
* Calls the parent function to upload the files, then calls
* MakeThumbs() to create thumbnails.
*/
public function uploadFiles()
{
global $_TABLES;
// Perform the actual upload
parent::uploadFiles();
// Seed image cache with thumbnails
$this->MakeThumbs();
foreach ($this->goodfiles as $filename) {
$sql = "INSERT INTO {$_TABLES['paypal.images']}\n (product_id, filename)\n VALUES (\n '{$this->product_id}', '" . DB_escapeString($filename) . "'\n )";
$result = DB_query($sql);
if (!$result) {
$this->addError("uploadFiles() : Failed to insert {$filename}");
}
}
}示例12: update_ConfValuesFor161
/**
* Add new config options
*
*/
function update_ConfValuesFor161()
{
global $_CONF, $_TABLES;
require_once $_CONF['path_system'] . 'classes/config.class.php';
$c = config::get_instance();
// meta tag config options.
$c->add('meta_tags', 0, 'select', 0, 0, 23, 2000, TRUE);
$c->add('meta_description', 'Geeklog, the open source content management system designed with security in mind.', 'text', 0, 0, NULL, 2010, TRUE);
$c->add('meta_keywords', 'Geeklog, Blog, Content Management System, CMS, Open Source, Security', 'text', 0, 0, NULL, 2020, TRUE);
// new option to enable / disable closing of comments after x days
$c->add('article_comment_close_enabled', 0, 'select', 4, 21, 0, 1685, TRUE);
// the timezone config option is a dropdown now
$utc = DB_escapeString(serialize('UTC'));
// change default timezone to UTC
DB_query("UPDATE {$_TABLES['conf_values']} SET type = 'select', selectionArray = -1, default_value = '{$utc}' WHERE name = 'timezone' AND group_name = 'Core'");
return true;
}示例13: MG_adminEXIFsave
function MG_adminEXIFsave()
{
global $_MG_CONF, $_TABLES, $_CONF, $LANG_MG01;
$numItems = count($_POST['sel']);
for ($i = 0; $i < $numItems; $i++) {
$exif[$i]['tag'] = $_POST['tag'][$i];
$exif[$i]['sel'] = $_POST['sel'][$i];
}
DB_query("UPDATE {$_TABLES['mg_exif_tags']} set selected=0");
// resets all to 0
for ($i = 0; $i < $numItems; $i++) {
$sql = "UPDATE {$_TABLES['mg_exif_tags']} set selected=1 WHERE name='" . DB_escapeString($exif[$i]['sel']) . "'";
DB_query($sql);
}
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=3');
exit;
}示例14: polls_update_polltopics
/**
* Hook up pollquestions with polltopics
*
*/
function polls_update_polltopics()
{
global $_TABLES;
$P_SQL = array();
$move_sql = "SELECT pid, topic FROM {$_TABLES['polltopics']}";
$move_rst = DB_query($move_sql);
$count_move = DB_numRows($move_rst);
for ($i = 0; $i < $count_move; $i++) {
$A = DB_fetchArray($move_rst);
$A[1] = DB_escapeString($A[1]);
$P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, question) VALUES ('{$A[0]}','{$A[1]}');";
}
foreach ($P_SQL as $sql) {
$rst = DB_query($sql);
if (DB_error()) {
echo "There was an error upgrading the polls, SQL: {$sql}<br>";
return false;
}
}
}示例15: getReplacementsFor
/**
* Return replacements for a given email address
*
* @param string $address
* @return array
*/
public function getReplacementsFor($address)
{
global $_CONF, $_TABLES;
$retval = array();
$address = DB_escapeString($address);
$sql = <<<SQL
SELECT u.*, i.location, i.lastgranted, i.lastlogin FROM {$_TABLES['users']} AS u
LEFT JOIN {$_TABLES['userinfo']} AS i
ON u.uid = i.uid
WHERE u.email = '{$address}'
SQL;
$resultSet = DB_query($sql);
if (!DB_error()) {
$A = DB_fetchArray($resultSet, false);
if (is_array($A) && count($A) > 0) {
$retval = array('{uid}' => $A['uid'], '{username}' => $A['username'], '{fullname}' => $A['fullname'], '{email}' => $A['email'], '{homepage}' => $A['homepage'], '{theme}' => $A['theme'], '{language}' => $A['language'], '{location}' => $A['location'], '{lastgranted}' => $A['lastgranted'], '{lastlogin}' => $A['lastlogin'], '{site_url}' => $_CONF['site_url'], '{site_name}' => $_CONF['site_name'], '{site_slogan}' => $_CONF['site_slogan'], '{owner_name}' => $_CONF['owner_name'], '{copyrightyear}' => $_CONF['copyrightyear'], '{site_mail}' => $_CONF['site_mail'], '{noreply_mail}' => $_CONF['noreply_mail']);
}
}
return $retval;
}