當前位置: 首頁>>代碼示例>>PHP>>正文


PHP secure_sql函數代碼示例

本文整理匯總了PHP中secure_sql函數的典型用法代碼示例。如果您正苦於以下問題:PHP secure_sql函數的具體用法?PHP secure_sql怎麽用?PHP secure_sql使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。


在下文中一共展示了secure_sql函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。

示例1: add_filter

 function add_filter($type, $condition = '')
 {
     $condition = secure_sql($condition);
     switch ($type) {
         case 'userid':
             $condition = secure_sql_in($condition);
             $this->_query->add_where('(u.userid IN (' . $condition . '))');
             break;
         case 'first_name':
             $this->_query->add_where('(u.first_name = \'' . $condition . '\')');
             break;
         case 'last_name':
             $this->_query->add_where('(u.last_name = \'' . $condition . '\')');
             break;
         case 'name':
             $condition = str_replace('%', '\\%', $condition);
             $this->_query->add_where('(u.last_name LIKE \'%' . $condition . '%\') OR (u.first_name LIKE \'%' . $condition . '%\') OR (u.username LIKE \'%' . $condition . '%\')');
             break;
         case 'email_address':
             $this->_query->add_where('(u.email_address = \'' . $condition . '\')');
             break;
         case 'username':
             $this->_query->add_where('(u.username = \'' . $condition . '\')');
             break;
         case 'password':
             $this->_query->add_where('(u.password = \'' . $condition . '\')');
             break;
         case 'session_id':
             $this->_query->add_where("u.session_id = '{$condition}'");
             break;
         case 'user_hash':
             $this->_query->add_where("MD5(u.session_id) = '{$condition}'");
             break;
         case 'activated':
             $this->_query->add_where('(u.activated = \'' . $condition . '\')');
             break;
         case 'group':
             $condition = secure_sql_in($condition);
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = u.userid ', 'gu');
             $this->_query->add_where('(gu.group_id IN (' . $condition . '))');
             $this->_query->add_group_by('u.userid');
             break;
         case 'concat_first_last':
             $this->_query->add_where('CONCAT(u.first_name, "-", u.last_name ) = \'' . $condition . '\'');
             break;
         case 'created_before':
             $this->_query->add_where('(u.created < (DATE_SUB(NOW(), INTERVAL ' . $condition . '  DAY)))');
             break;
         case 'created_after':
             $this->_query->add_where('(u.created > (DATE_SUB(NOW(), INTERVAL ' . $condition . '  DAY)))');
             break;
         case 'md5':
             $this->_query->add_where("md5(concat( u.`email_address` , u.`username` , u.`created` ) ) = '{$condition}'");
             break;
         case 'forgot':
             $this->_query->add_where("md5( concat( u.`username` , u.`email_address`, u.`password` ) ) = '{$condition}'");
             break;
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:59,代碼來源:Users.class.php

示例2: _autocomplete_tags

 function _autocomplete_tags()
 {
     $sm = vivvo_lite_site::get_instance();
     $um = $sm->get_url_manager();
     $output = '';
     if ($um->isset_param('name')) {
         $name = escape_sql_like(secure_sql($um->get_param('name')));
         $res = $sm->get_db()->query('SELECT name FROM ' . VIVVO_DB_PREFIX . "tags WHERE name LIKE '{$name}%'");
         if (!PEAR::isError($res)) {
             $attributes[] = ENT_QUOTES;
             $attributes[] = 'UTF-8';
             $tags = array_map('html_entity_decode', $res->fetchCol(), $attributes);
             $res->free();
             $output = '<ul><li>' . implode('</li><li>', $tags) . '</li></ul>';
         }
     }
     echo $output;
     exit;
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:19,代碼來源:articles_admin_view.class.php

示例3: _autocomplete_links

 /**
  * Autocomplete box feed
  */
 public function _autocomplete_links()
 {
     $sm = vivvo_lite_site::get_instance();
     $template = $sm->get_template();
     $um = $sm->get_url_manager();
     $pm = $sm->get_plugin_manager();
     $content_template = new template(null, $template);
     $content_template->set_template_file($this->_template_root . 'autocomplete_links.xml');
     $hrefs = array();
     $db = $sm->get_db();
     $name = secure_sql($um->get_param('name'));
     $sql = "(SELECT id, category_name AS title, sefriendly, '' AS category_id,  'Categories' AS type FROM " . VIVVO_DB_PREFIX . "categories WHERE category_name LIKE '{$name}%')\n\t\t\t\t\t UNION\n\t\t\t\t    (SELECT id, title, sefriendly, category_id, 'Articles' AS type FROM " . VIVVO_DB_PREFIX . "articles WHERE title LIKE '{$name}%')";
     if ($pm->is_installed('pages')) {
         $sql .= "UNION (SELECT id, title, sefriendly, '' AS category_id, 'Pages' AS type FROM " . VIVVO_DB_PREFIX . "pages WHERE title LIKE '{$name}%')";
     }
     $sql .= "UNION (SELECT t.id, CONCAT(tg.name,': ',t.name) AS title, t.sefriendly AS sefriendly, tg.url AS category_id, 'Tags' AS type FROM " . VIVVO_DB_PREFIX . "tags AS t INNER JOIN " . VIVVO_DB_PREFIX . "tags_to_tags_groups AS ttg ON ttg.tag_id = t.id INNER JOIN " . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id WHERE t.name LIKE '{$name}%' GROUP BY t.id, tg.id) " . "UNION (SELECT id, name AS title, url AS sefriendly, '' AS category_id,  'Topics' AS type FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE name LIKE '{$name}%')";
     $res = $db->query($sql);
     if (!PEAR::isError($res)) {
         $i = 0;
         while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
             $hrefs[$i] = array();
             $hrefs[$i]['title'] = $row['title'];
             $hrefs[$i]['id'] = $row['id'];
             $hrefs[$i]['type'] = $row['type'];
             switch ($row['type']) {
                 case 'Articles':
                     if (!$article) {
                         require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Articles.class.php';
                         $article = new Articles();
                     }
                     $article->id = $row['id'];
                     $article->title = $row['title'];
                     $article->sefriendly = $row['sefriendly'];
                     $article->category_id = $row['category_id'];
                     $hrefs[$i]['href'] = $article->get_href();
                     break;
                 case 'Categories':
                     if (!$cat) {
                         $cat = $sm->get_categories();
                     }
                     $hrefs[$i]['href'] = $cat->list[$row['id']]->get_href();
                     break;
                 case 'Pages':
                     if (!$page) {
                         require_once VIVVO_FS_PLUGIN_ROOT . 'plugins/pages/Pages.class.php';
                         $page = new Pages();
                     }
                     $page->id = $row['id'];
                     $page->title = $row['title'];
                     $page->sefriendly = $row['sefriendly'];
                     $hrefs[$i]['href'] = $page->get_href();
                     break;
                 case 'Tags':
                     if (!$tag) {
                         require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Tags.class.php';
                         $tag = new Tags();
                     }
                     $tag->id = $row['id'];
                     $tag->name = $row['title'];
                     $tag->sefriendly = $row['sefriendly'];
                     $tag->group_url = $row['category_id'] . '/';
                     $hrefs[$i]['href'] = $tag->get_href();
                     break;
                 case 'Topics':
                     if (!$topic) {
                         require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/TagsGroups.class.php';
                         $topic = new TagsGroups();
                     }
                     $topic->id = $row['id'];
                     $topic->name = $row['title'];
                     $topic->url = $row['sefriendly'];
                     $hrefs[$i]['href'] = rtrim($topic->get_href(), '/');
                     break;
             }
             $i++;
         }
     }
     $content_template->assign('link_list', $hrefs);
     return $content_template;
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:83,代碼來源:categories_admin_view.class.php

示例4: add_filter

 function add_filter($type, $condition = '')
 {
     $condition = secure_sql($condition);
     switch ($type) {
         case 'id':
         case 'name':
         case 'sefriendly':
             $this->_query->add_where("t.{$type} = '{$condition}'");
             break;
         case 'name_like':
             $condition = str_replace(array('%', '_'), array('\\%', '\\_'), $condition);
             $this->_query->add_where("t.name LIKE '%{$condition}%'");
             break;
         case 'article_id':
             $condition = secure_sql_in($condition);
             $this->_query->add_fields('at.tags_group_id AS topic_id');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
             $this->_query->add_where("at.article_id IN ({$condition})");
             break;
         case 'tags_group_id':
         case 'topic_id':
             $condition = secure_sql_in($condition);
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg');
             $this->_query->add_where("ttg.tags_group_id IN ({$condition})");
             break;
         case 'not_tags_group_id':
         case 'not_topic_id':
             $condition = secure_sql_in($condition);
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg');
             $this->_query->add_where("ttg.tags_group_id NOT IN ({$condition})");
             break;
         case 'user_tag_id':
             $condition = secure_sql_in($condition);
             $this->_query->add_fields('at.tags_group_id AS topic_id');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
             $this->_query->add_where("at.tags_group_id IN ({$condition})");
             break;
         case 'not_user_tag_id':
             $condition = secure_sql_in($condition);
             $this->_query->add_fields('at.tags_group_id AS topic_id');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
             $this->_query->add_where("at.tags_group_id NOT IN ({$condition})");
             break;
         case 'id_in':
             $condition = secure_sql_in($condition);
             $this->_query->add_where("t.id IN ({$condition})");
             break;
         case 'name_array':
         case 'sefriendly_array':
             foreach ($condition as &$item) {
                 $item = "'{$item}'";
             }
             unset($item);
             $condition = implode(',', $condition);
             $type = str_replace('_array', '', $type);
             $this->_query->add_where("t.{$type} IN ({$condition})");
             break;
         case 'search_starting_with':
             $condition = str_replace('%', '\\%', $condition);
             $this->_query->add_fields('at.tags_group_id AS topic_id');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
             $this->_query->add_where("t.name LIKE '%{$condition}%'");
             break;
         case 'search_label_starting_with':
             $condition = str_replace('%', '\\%', $condition);
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS tg ON tg.tag_id = t.id ', 'tg');
             $this->_query->add_where("t.name LIKE '%{$condition}%'");
             break;
         case 'user_group_id':
             $condition = secure_sql_in(explode(',', $condition));
             $this->_query->add_fields('at.tags_group_id AS topic_id');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu');
             $this->_query->add_where("gu.group_id IN ({$condition})");
             break;
         case 'not_user_group_id':
             $condition = secure_sql_in(explode(',', $condition));
             $this->_query->add_fields('at.tags_group_id AS topic_id');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu');
             $this->_query->add_where("gu.group_id NOT IN ({$condition})");
             break;
         case 'article_status':
             $condition = secure_sql_in($condition);
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
             $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles AS a ON at.article_id = a.id ', 'a');
             $this->_query->add_where("a.status IN ({$condition})");
             break;
         default:
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:91,代碼來源:Tags.class.php

示例5: add_filter

 function add_filter($type, $condition = '')
 {
     $condition = secure_sql($condition);
     switch ($type) {
         case 'id':
             $this->_query->add_where('(id = \'' . $condition . '\')');
             break;
         case '!id':
             $this->_query->add_where('(id != \'' . $condition . '\')');
             break;
         case 'category_name':
             $this->_query->add_where('(category_name = \'' . $condition . '\')');
             break;
         case 'parent_cat':
             $this->_query->add_where('(parent_cat = \'' . $condition . '\')');
             break;
         case 'order_num':
             $this->_query->add_where('(order_num = \'' . $condition . '\')');
             break;
         case 'article_num':
             $this->_query->add_where('(article_num = \'' . $condition . '\')');
             break;
         case 'template':
             $this->_query->add_where('(template = \'' . $condition . '\')');
             break;
         case 'css':
             $this->_query->add_where('(css = \'' . $condition . '\')');
             break;
         case 'view_subcat':
             $this->_query->add_where('(view_subcat = \'' . $condition . '\')');
             break;
         case 'image':
             $this->_query->add_where('(image = \'' . $condition . '\')');
             break;
         case 'sefriendly':
             $this->_query->add_where('(sefriendly = \'' . $condition . '\')');
             break;
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:39,代碼來源:Categories.class.php

示例6: add_filter

 function add_filter($type, $condition = '')
 {
     $condition = secure_sql($condition);
     switch ($type) {
         case 'id':
             $this->_query->add_where('(id = \'' . $condition . '\')');
             break;
         case 'user_id':
             $this->_query->add_where('(user_id = \'' . $condition . '\')');
             break;
         case 'query':
             $this->_query->add_where('(query = \'' . $condition . '\')');
             break;
         case 'section':
             $this->_query->add_where('(section = \'' . $condition . '\')');
             break;
         case 'name':
             $this->_query->add_where('(name = \'' . $condition . '\')');
             break;
         case 'html_tag_id':
             $this->_query->add_where('(html_tag_id = \'' . $condition . '\')');
             break;
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:24,代碼來源:UserFilters.class.php

示例7: display_search

function display_search()
{
    $md5 = "";
    $signature = "";
    $score_k = "";
    $score_u = "";
    $time_start = "";
    $time_end = "";
    $meta_field = "";
    $meta_value = "";
    $metadata = "";
    $source = "";
    $score_op_k = "";
    $score_op_u = "";
    $score_op_k_msg = "";
    $score_op_u_msg = "";
    $results = "";
    if (isset($_POST["SEARCH"])) {
        $sql_request_select = "SELECT t.task_id,t.md5";
        $sql_request_from = " FROM task t";
        $sql_request_where = "";
        $analysis_table = False;
        $signature_table = False;
        $submition_table = False;
        $metadata_table = False;
        if (isset($_POST["md5"]) && !empty($_POST["md5"])) {
            $md5 = secure_display($_POST["md5"]);
            $sql_request_where .= "AND t.md5 LIKE '" . secure_sql($_POST['md5']) . "' ";
        }
        if (isset($_POST["score_op_u"]) && !empty($_POST["score_op_u"]) && isset($_POST["score_u"]) && !empty($_POST["score_u"])) {
            $score_op_u = secure_display($_POST["score_op_u"]);
            if ($score_op_u == "less_or_equal") {
                $op = "<=";
            } elseif ($score_op_u == "higher_or_equal") {
                $op = ">=";
            } else {
                $op = "=";
            }
            $analysis_table = True;
            $signature_table = True;
            $sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' ";
        }
        if (isset($_POST["score_op_k"]) && !empty($_POST["score_op_k"]) && isset($_POST["score_k"]) && !empty($_POST["score_k"])) {
            $score_op_k = secure_display($_POST["score_op_k"]);
            if ($score_op_k == "less_or_equal") {
                $op = "<=";
            } elseif ($score_op_k == "higher_or_equal") {
                $op = ">=";
            } else {
                $op = "=";
            }
            $analysis_table = True;
            $signature_table = True;
            $sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_k"]) . "' AND a.kernel_analysis = '1' ";
        }
        if (isset($_POST["score_op_u"]) && !empty($_POST["source_op_u"])) {
            $score_op_u = secure_display($_POST["score_op_u"]);
        }
        if (isset($_POST["signature"]) && !empty($_POST["signature"])) {
            $analysis_table = True;
            $signature_table = True;
            $signature = secure_display($_POST["signature"]);
            $sql_request_where .= "AND s.title LIKE '" . secure_sql($_POST["signature"]) . "' ";
        }
        if (isset($_POST["score_k"]) && !empty($_POST["score_k"])) {
            $score_k = secure_display($_POST["score_k"]);
        }
        if (isset($_POST["score_u"]) && !empty($_POST["score_u"])) {
            $analysis_table = True;
            $score_u = secure_display($_POST["score_u"]);
            $sql_request_where .= "AND s.score = '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' ";
        }
        if (isset($_POST["time_start"]) && !empty($_POST["time_start"])) {
            $time_start = secure_display($_POST["time_start"]);
        }
        if (isset($_POST["time_end"]) && !empty($_POST["time_end"])) {
            $time_end = secure_display($_POST["time_end"]);
        }
        if (isset($_POST["meta_field"]) && !empty($_POST["meta_field"]) && isset($_POST["meta_value"]) && !empty($_POST["meta_value"])) {
            $metadata_table = True;
            $meta_field = secure_display($_POST["meta_field"]);
            $meta_value = secure_display($_POST["meta_value"]);
            $sql_request_where .= "AND m.name = '" . secure_sql($_POST["meta_field"]) . "' AND m.value LIKE '" . secure_sql($_POST["meta_value"]) . "' ";
        }
        if (isset($_POST["source"]) && !empty($_POST["source"])) {
            $submition_table = True;
            $source = secure_display($_POST["source"]);
            $sql_request_where .= "AND z.source_type LIKE '" . secure_sql($_POST["source"]) . "' ";
        }
        if (substr($sql_request_where, 0, 4) == "AND ") {
            $sql_request_where = substr($sql_request_where, 3, -1);
        }
        if ($metadata_table == True) {
            $submition_table = True;
            $sql_request_where = "z.submition_id = m.submition_id AND " . $sql_request_where;
            $sql_request_from .= ",metadata m";
        }
        if ($submition_table == True) {
            $sql_request_where = "z.task_id = z.task_id AND " . $sql_request_where;
            $sql_request_from .= ",submition z";
//.........這裏部分代碼省略.........
開發者ID:HerbDavisY2K,項目名稱:CAAS,代碼行數:101,代碼來源:display.php

示例8: secure_sql

/**
 * Makes $value secure for usage in SQL expressions
 *
 * @param	mixed	$value
 * @return	string
 */
function secure_sql($value)
{
    if (is_array($value)) {
        foreach ($value as $key => $val) {
            $value[$k] = secure_sql($val);
        }
    } else {
        $value = str_replace(array('&amp;', '&quot;', '&apos;', '&lt;', '&gt;'), array('&', '"', "'", '<', '>'), $value);
        if (get_magic_quotes_gpc()) {
            $value = stripslashes($value);
        }
        if (function_exists('mysql_real_escape_string')) {
            $value = mysql_real_escape_string($value);
        } else {
            $value = addslashes($value);
        }
    }
    return $value;
}
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:25,代碼來源:vivvo_framework.php

示例9: add_filter

 function add_filter($type, $condition = '')
 {
     $condition = secure_sql($condition);
     switch ($type) {
         case 'id':
             $this->_query->add_where('(id = \'' . $condition . '\')');
             break;
         case 'lastrun':
             $this->_query->add_where('(lastrun = \'' . $condition . '\')');
             break;
         case 'nextrun':
             $this->_query->add_where('(nextrun = \'' . $condition . '\')');
             break;
         case 'scheduled':
             $this->_query->add_where('(nextrun < ' . intval($condition) . ' OR nextrun IS NULL)');
             break;
         case 'time_mask':
             $this->_query->add_where('(time_mask = \'' . $condition . '\')');
             break;
         case 'file':
             $this->_query->add_where('(file = \'' . $condition . '\')');
             break;
         case 'method':
             $this->_query->add_where('(method = \'' . $condition . '\')');
             break;
         case 'arguments':
             $this->_query->add_where('(arguments = \'' . $condition . '\')');
             break;
         case 'hash':
             $this->_query->add_where('(hash = \'' . $condition . '\')');
             break;
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:33,代碼來源:vivvo_cron.php

示例10: _tags_feed

    /**
     * Tags feed view (autocomplete items)
     */
    public function _tags_feed()
    {
        $results = array('total' => 0, 'items' => array());
        $sm = vivvo_lite_site::get_instance();
        $um = $sm->get_url_manager();
        if ($um->isset_param('q')) {
            $name = strtr(secure_sql($um->get_param('q')), array('%' => '\\%', '_' => '\\_'));
            if ($um->isset_param('restrict')) {
                $topic_id = ' AND topic_id = ' . (int) $um->get_param('restrict');
            } else {
                $topic_id = '';
            }
            if ($um->isset_param('offset')) {
                $offset = (int) $um->get_param('offset');
            } else {
                $offset = 0;
            }
            if ($um->isset_param('limit')) {
                $limit = (int) $um->get_param('limit');
            } else {
                $limit = 30;
            }
            $res = $sm->get_db()->query("SELECT CONCAT_WS(':', ttg.tags_group_id, ttg.tag_id) AS value, t.name AS caption, tg.name AS category\n\t\t\t\t\t FROM " . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg
					 LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags AS t ON ttg.tag_id = t.id
					 LEFT JOIN ' . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id\n\t\t\t\t\t WHERE t.name LIKE '%{$name}%'{$topic_id}\n\t\t\t\t\t LIMIT {$offset},{$limit}");
            if (!PEAR::isError($res)) {
                $results['items'] = $res->fetchAll(MDB2_FETCHMODE_ASSOC);
                $res->free();
                $results['total'] = count($results['items']);
            }
        }
        header('Content-Type: application/json');
        echo json_encode($results);
        exit;
    }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:38,代碼來源:article_edit_admin_view.class.php

示例11: add_filter

 function add_filter($type, $cond = '')
 {
     $condition = secure_sql($cond);
     switch ($type) {
         case 'id':
             $condition = secure_sql_in($condition);
             $this->_query->add_where('(t.id IN (' . $condition . '))');
             break;
         case 'notid':
             $condition = secure_sql_in($condition);
             $this->_query->add_where('(t.id NOT IN (' . $condition . '))');
             break;
         case 'type':
             $this->_query->add_where("(t.type='{$condition}')");
             break;
         case 'ext':
             $this->_query->add_where("(t.extensions LIKE '%{$condition}%')");
             break;
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:20,代碼來源:asset_filetypes.class.php

示例12: generic_add_filter

 function generic_add_filter($params, $prefix = '')
 {
     if (is_array($params) && !empty($params)) {
         $keys = array_keys($params);
         foreach ($keys as $k) {
             if (preg_match('/^search_field_(.*)_(lt|gt|eq|neq|in|notin|between|notnull|isnull)$/', $k, $arr)) {
                 $condition = secure_sql($params[$k]);
                 switch ($arr[2]) {
                     case 'lt':
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' < \'' . $condition . '\')');
                         break;
                     case 'gt':
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' > \'' . $condition . '\')');
                         break;
                     case 'eq':
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' = \'' . $condition . '\')');
                         break;
                     case 'neq':
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' != \'' . $condition . '\')');
                         break;
                     case 'in':
                         $condition = secure_sql_in($condition);
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' IN ' . $condition . ')');
                         break;
                     case 'notin':
                         $condition = secure_sql_in($condition);
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' NOT IN ' . $condition . ')');
                         break;
                     case 'notnull':
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' IS NOT NULL )');
                         break;
                     case 'isnull':
                         $this->_query->add_where('(' . $prefix . $arr[1] . ' IS NULL )');
                         break;
                     case 'between':
                         $between = explode(',', $condition);
                         if (is_array($between) && count($between) == 2) {
                             $this->_query->add_where('(' . $prefix . $arr[1] . ' BETWEEN \'' . $between[0] . '\' AND \'' . $between[1] . '\')');
                         }
                         break;
                 }
             }
         }
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:45,代碼來源:vivvo_db_list.class.php

示例13: edit_category

 /**
  * Edit category
  *
  * @param	integer	$category_id
  * @param	array	$data
  * @return	boolean	true on success or false on fail
  */
 function edit_category($category_id, $data)
 {
     if (!$this->check_token()) {
         return false;
     }
     if (!vivvo_hooks_manager::call('category_edit', array(&$category_id, &$data))) {
         return vivvo_hooks_manager::get_status();
     }
     $sm = vivvo_lite_site::get_instance();
     if ($sm->user) {
         if ($sm->user->is_admin()) {
             $category_id = (int) $category_id;
             if (isset($data['category_name'])) {
                 $data['category_name'] = trim($data['category_name']);
             }
             if (empty($data['sefriendly'])) {
                 if (isset($data['category_name']) && !empty($data['category_name'])) {
                     $data['sefriendly'] = make_sefriendly($data['category_name']);
                 }
             } else {
                 $data['sefriendly'] = make_sefriendly($data['sefriendly']);
             }
             if (isset($data['sefriendly'])) {
                 $sefriendly = secure_sql($data['sefriendly']);
                 $sql = 'SELECT id FROM ' . VIVVO_DB_PREFIX . "categories WHERE sefriendly = '{$sefriendly}' AND id <> {$category_id} LIMIT 1 UNION\n\t\t\t\t\t\t\t\tSELECT id FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE url = '{$sefriendly}' LIMIT 1";
                 if (($res = $sm->get_db()->query($sql)) && $res->numRows() > 0) {
                     $this->set_error_code(2101);
                     return false;
                 }
             }
             $category_list = $sm->get_categories();
             $category = $category_list->list[$category_id];
             $redirect = $in_category['redirect'];
             array_walk($in_category, 'array_htmlspecialchars');
             $in_category['redirect'] = $redirect;
             if (!empty($data['form']) and $data['form'] == 'link' and empty($data['redirect'])) {
                 $this->set_error_code(12, vivvo_lang::get_instance()->get_value('LNG_DB_categories_redirect'));
                 return false;
             }
             if (isset($category)) {
                 if (!$category->populate($data, true)) {
                     $this->set_error_info($category->get_error_info());
                     return false;
                 }
                 $this->_post_master->set_data_object($category);
                 if ($this->_post_master->sql_update()) {
                     $fm = $sm->get_file_manager();
                     if ($fm->is_uploaded('CATEGORY_abstact_image')) {
                         $abstract_image = $fm->upload('CATEGORY_abstact_image');
                         if ($abstract_image != false) {
                             $category->set_image($abstract_image);
                             $this->_post_master->set_data_object($category);
                             $this->_post_master->sql_update();
                         }
                     }
                     admin_log($sm->user->get_username(), 'Edited category #' . $category_id);
                     return true;
                 } else {
                     $this->set_error_code(2110);
                     return false;
                 }
             } else {
                 $this->set_error_code(2111);
                 return false;
             }
         } else {
             $this->set_error_code(2112);
             return false;
         }
     } else {
         $this->set_error_code(2113);
         return false;
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:81,代碼來源:Categories.service.php

示例14: add_filter

 /**
  * Adds filter to the WHERE clause of the query
  *
  * @param	string	$type
  * @param	mixed	$condition
  */
 function add_filter($type, $condition = '')
 {
     $condition = secure_sql($condition);
     $flag = false;
     switch ($type) {
         case 'not_id':
         case 'not_article_id':
         case 'not_version':
         case 'not_creator_id':
         case 'not_type':
             $flag = true;
             $type = substr($type, 4);
         case 'id':
         case 'article_id':
         case 'version':
         case 'creator_id':
         case 'type':
             $condition = secure_sql_in($condition);
             $operator = ($flag ? 'NOT ' : '') . 'IN';
             $this->_query->add_where("ar.{$type} {$operator} ({$condition})");
             break;
         case 'title_matches':
             $this->_query->add_where("ar.title LIKE '%{$condition}%'");
             break;
         case 'title':
             $this->_query->add_where("ar.title = '{$condition}'");
             break;
         case 'not_created_time':
             $flag = true;
         case 'created_time':
             $condition = (int) $condition;
             $operator = $flag ? '!=' : '=';
             $this->_query->add_where("ar.created_time {$operator} {$condition}");
             break;
         case 'created_time_lte':
         case 'created_time_gte':
             $flag = true;
         case 'created_time_lt':
         case 'created_time_gt':
             $condition = (int) $condition;
             $operator = ($type[13] == 'g' ? '>' : '<') . ($flag ? '=' : '');
             $this->_query->add_where("ar.created_time {$operator} {$condition}");
             break;
         default:
             // ignore
     }
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:53,代碼來源:ArticlesRevisions.class.php

示例15: get_assets_quick_search

 function get_assets_quick_search($keyword)
 {
     $keyword = secure_sql($keyword);
     $dir = VIVVO_ASSETS_DIRTYPE_ID;
     $sql = "(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files WHERE name LIKE '{$keyword}%' AND filetype_id != {$dir})\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT f.* FROM " . VIVVO_DB_PREFIX . "asset_files as f, " . VIVVO_DB_PREFIX . "asset_keywords as k\n\t\t\t\t\t\tWHERE f.id=k.asset_id AND k.keyword LIKE '{$keyword}%')\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files\n\t\t\t\t\t\tWHERE MATCH (info) AGAINST ('\"{$keyword}\"' IN BOOLEAN MODE) AND filetype_id != {$dir})\n\t\t\t\t\tORDER BY path ASC\n\t\t\t\t\t";
     $sm = vivvo_lite_site::get_instance();
     $res = $sm->get_db()->query($sql);
     $this->list = array();
     if (!is_a($res, 'mdb2_error')) {
         $class = $this->post_object_type;
         while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
             if ($sm->_object_cache_manager->is_cached($class, $row[$this->id_key])) {
                 $this->list[$row[$this->id_key]] = $sm->_object_cache_manager->retrive($class, $row[$this->id_key]);
                 $this->list[$row[$this->id_key]]->populate($row);
             } else {
                 $object = new $class(null, $row);
                 $sm->_object_cache_manager->add($class, $row[$this->id_key], $object);
                 $this->list[$row[$this->id_key]] = $object;
             }
         }
         $res->free();
     } else {
         $sm->debug_push("sql:", $query, 1);
         $sm->debug_push("sql:", $res->getMessage(), 1);
     }
     return empty($this->list) ? false : $this->list;
 }
開發者ID:ahanjir07,項目名稱:vivvo-dev,代碼行數:27,代碼來源:asset_files.class.php


注:本文中的secure_sql函數示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。