本文整理匯總了PHP中secure_sql函數的典型用法代碼示例。如果您正苦於以下問題:PHP secure_sql函數的具體用法?PHP secure_sql怎麽用?PHP secure_sql使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了secure_sql函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: add_filter
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'userid':
$condition = secure_sql_in($condition);
$this->_query->add_where('(u.userid IN (' . $condition . '))');
break;
case 'first_name':
$this->_query->add_where('(u.first_name = \'' . $condition . '\')');
break;
case 'last_name':
$this->_query->add_where('(u.last_name = \'' . $condition . '\')');
break;
case 'name':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_where('(u.last_name LIKE \'%' . $condition . '%\') OR (u.first_name LIKE \'%' . $condition . '%\') OR (u.username LIKE \'%' . $condition . '%\')');
break;
case 'email_address':
$this->_query->add_where('(u.email_address = \'' . $condition . '\')');
break;
case 'username':
$this->_query->add_where('(u.username = \'' . $condition . '\')');
break;
case 'password':
$this->_query->add_where('(u.password = \'' . $condition . '\')');
break;
case 'session_id':
$this->_query->add_where("u.session_id = '{$condition}'");
break;
case 'user_hash':
$this->_query->add_where("MD5(u.session_id) = '{$condition}'");
break;
case 'activated':
$this->_query->add_where('(u.activated = \'' . $condition . '\')');
break;
case 'group':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = u.userid ', 'gu');
$this->_query->add_where('(gu.group_id IN (' . $condition . '))');
$this->_query->add_group_by('u.userid');
break;
case 'concat_first_last':
$this->_query->add_where('CONCAT(u.first_name, "-", u.last_name ) = \'' . $condition . '\'');
break;
case 'created_before':
$this->_query->add_where('(u.created < (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))');
break;
case 'created_after':
$this->_query->add_where('(u.created > (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))');
break;
case 'md5':
$this->_query->add_where("md5(concat( u.`email_address` , u.`username` , u.`created` ) ) = '{$condition}'");
break;
case 'forgot':
$this->_query->add_where("md5( concat( u.`username` , u.`email_address`, u.`password` ) ) = '{$condition}'");
break;
}
}
示例2: _autocomplete_tags
function _autocomplete_tags()
{
$sm = vivvo_lite_site::get_instance();
$um = $sm->get_url_manager();
$output = '';
if ($um->isset_param('name')) {
$name = escape_sql_like(secure_sql($um->get_param('name')));
$res = $sm->get_db()->query('SELECT name FROM ' . VIVVO_DB_PREFIX . "tags WHERE name LIKE '{$name}%'");
if (!PEAR::isError($res)) {
$attributes[] = ENT_QUOTES;
$attributes[] = 'UTF-8';
$tags = array_map('html_entity_decode', $res->fetchCol(), $attributes);
$res->free();
$output = '<ul><li>' . implode('</li><li>', $tags) . '</li></ul>';
}
}
echo $output;
exit;
}
示例3: _autocomplete_links
/**
* Autocomplete box feed
*/
public function _autocomplete_links()
{
$sm = vivvo_lite_site::get_instance();
$template = $sm->get_template();
$um = $sm->get_url_manager();
$pm = $sm->get_plugin_manager();
$content_template = new template(null, $template);
$content_template->set_template_file($this->_template_root . 'autocomplete_links.xml');
$hrefs = array();
$db = $sm->get_db();
$name = secure_sql($um->get_param('name'));
$sql = "(SELECT id, category_name AS title, sefriendly, '' AS category_id, 'Categories' AS type FROM " . VIVVO_DB_PREFIX . "categories WHERE category_name LIKE '{$name}%')\n\t\t\t\t\t UNION\n\t\t\t\t (SELECT id, title, sefriendly, category_id, 'Articles' AS type FROM " . VIVVO_DB_PREFIX . "articles WHERE title LIKE '{$name}%')";
if ($pm->is_installed('pages')) {
$sql .= "UNION (SELECT id, title, sefriendly, '' AS category_id, 'Pages' AS type FROM " . VIVVO_DB_PREFIX . "pages WHERE title LIKE '{$name}%')";
}
$sql .= "UNION (SELECT t.id, CONCAT(tg.name,': ',t.name) AS title, t.sefriendly AS sefriendly, tg.url AS category_id, 'Tags' AS type FROM " . VIVVO_DB_PREFIX . "tags AS t INNER JOIN " . VIVVO_DB_PREFIX . "tags_to_tags_groups AS ttg ON ttg.tag_id = t.id INNER JOIN " . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id WHERE t.name LIKE '{$name}%' GROUP BY t.id, tg.id) " . "UNION (SELECT id, name AS title, url AS sefriendly, '' AS category_id, 'Topics' AS type FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE name LIKE '{$name}%')";
$res = $db->query($sql);
if (!PEAR::isError($res)) {
$i = 0;
while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
$hrefs[$i] = array();
$hrefs[$i]['title'] = $row['title'];
$hrefs[$i]['id'] = $row['id'];
$hrefs[$i]['type'] = $row['type'];
switch ($row['type']) {
case 'Articles':
if (!$article) {
require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Articles.class.php';
$article = new Articles();
}
$article->id = $row['id'];
$article->title = $row['title'];
$article->sefriendly = $row['sefriendly'];
$article->category_id = $row['category_id'];
$hrefs[$i]['href'] = $article->get_href();
break;
case 'Categories':
if (!$cat) {
$cat = $sm->get_categories();
}
$hrefs[$i]['href'] = $cat->list[$row['id']]->get_href();
break;
case 'Pages':
if (!$page) {
require_once VIVVO_FS_PLUGIN_ROOT . 'plugins/pages/Pages.class.php';
$page = new Pages();
}
$page->id = $row['id'];
$page->title = $row['title'];
$page->sefriendly = $row['sefriendly'];
$hrefs[$i]['href'] = $page->get_href();
break;
case 'Tags':
if (!$tag) {
require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Tags.class.php';
$tag = new Tags();
}
$tag->id = $row['id'];
$tag->name = $row['title'];
$tag->sefriendly = $row['sefriendly'];
$tag->group_url = $row['category_id'] . '/';
$hrefs[$i]['href'] = $tag->get_href();
break;
case 'Topics':
if (!$topic) {
require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/TagsGroups.class.php';
$topic = new TagsGroups();
}
$topic->id = $row['id'];
$topic->name = $row['title'];
$topic->url = $row['sefriendly'];
$hrefs[$i]['href'] = rtrim($topic->get_href(), '/');
break;
}
$i++;
}
}
$content_template->assign('link_list', $hrefs);
return $content_template;
}
示例4: add_filter
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
case 'name':
case 'sefriendly':
$this->_query->add_where("t.{$type} = '{$condition}'");
break;
case 'name_like':
$condition = str_replace(array('%', '_'), array('\\%', '\\_'), $condition);
$this->_query->add_where("t.name LIKE '%{$condition}%'");
break;
case 'article_id':
$condition = secure_sql_in($condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("at.article_id IN ({$condition})");
break;
case 'tags_group_id':
case 'topic_id':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg');
$this->_query->add_where("ttg.tags_group_id IN ({$condition})");
break;
case 'not_tags_group_id':
case 'not_topic_id':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg');
$this->_query->add_where("ttg.tags_group_id NOT IN ({$condition})");
break;
case 'user_tag_id':
$condition = secure_sql_in($condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("at.tags_group_id IN ({$condition})");
break;
case 'not_user_tag_id':
$condition = secure_sql_in($condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("at.tags_group_id NOT IN ({$condition})");
break;
case 'id_in':
$condition = secure_sql_in($condition);
$this->_query->add_where("t.id IN ({$condition})");
break;
case 'name_array':
case 'sefriendly_array':
foreach ($condition as &$item) {
$item = "'{$item}'";
}
unset($item);
$condition = implode(',', $condition);
$type = str_replace('_array', '', $type);
$this->_query->add_where("t.{$type} IN ({$condition})");
break;
case 'search_starting_with':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_where("t.name LIKE '%{$condition}%'");
break;
case 'search_label_starting_with':
$condition = str_replace('%', '\\%', $condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS tg ON tg.tag_id = t.id ', 'tg');
$this->_query->add_where("t.name LIKE '%{$condition}%'");
break;
case 'user_group_id':
$condition = secure_sql_in(explode(',', $condition));
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu');
$this->_query->add_where("gu.group_id IN ({$condition})");
break;
case 'not_user_group_id':
$condition = secure_sql_in(explode(',', $condition));
$this->_query->add_fields('at.tags_group_id AS topic_id');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu');
$this->_query->add_where("gu.group_id NOT IN ({$condition})");
break;
case 'article_status':
$condition = secure_sql_in($condition);
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at');
$this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles AS a ON at.article_id = a.id ', 'a');
$this->_query->add_where("a.status IN ({$condition})");
break;
default:
}
}
示例5: add_filter
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case '!id':
$this->_query->add_where('(id != \'' . $condition . '\')');
break;
case 'category_name':
$this->_query->add_where('(category_name = \'' . $condition . '\')');
break;
case 'parent_cat':
$this->_query->add_where('(parent_cat = \'' . $condition . '\')');
break;
case 'order_num':
$this->_query->add_where('(order_num = \'' . $condition . '\')');
break;
case 'article_num':
$this->_query->add_where('(article_num = \'' . $condition . '\')');
break;
case 'template':
$this->_query->add_where('(template = \'' . $condition . '\')');
break;
case 'css':
$this->_query->add_where('(css = \'' . $condition . '\')');
break;
case 'view_subcat':
$this->_query->add_where('(view_subcat = \'' . $condition . '\')');
break;
case 'image':
$this->_query->add_where('(image = \'' . $condition . '\')');
break;
case 'sefriendly':
$this->_query->add_where('(sefriendly = \'' . $condition . '\')');
break;
}
}
示例6: add_filter
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case 'user_id':
$this->_query->add_where('(user_id = \'' . $condition . '\')');
break;
case 'query':
$this->_query->add_where('(query = \'' . $condition . '\')');
break;
case 'section':
$this->_query->add_where('(section = \'' . $condition . '\')');
break;
case 'name':
$this->_query->add_where('(name = \'' . $condition . '\')');
break;
case 'html_tag_id':
$this->_query->add_where('(html_tag_id = \'' . $condition . '\')');
break;
}
}
示例7: display_search
function display_search()
{
$md5 = "";
$signature = "";
$score_k = "";
$score_u = "";
$time_start = "";
$time_end = "";
$meta_field = "";
$meta_value = "";
$metadata = "";
$source = "";
$score_op_k = "";
$score_op_u = "";
$score_op_k_msg = "";
$score_op_u_msg = "";
$results = "";
if (isset($_POST["SEARCH"])) {
$sql_request_select = "SELECT t.task_id,t.md5";
$sql_request_from = " FROM task t";
$sql_request_where = "";
$analysis_table = False;
$signature_table = False;
$submition_table = False;
$metadata_table = False;
if (isset($_POST["md5"]) && !empty($_POST["md5"])) {
$md5 = secure_display($_POST["md5"]);
$sql_request_where .= "AND t.md5 LIKE '" . secure_sql($_POST['md5']) . "' ";
}
if (isset($_POST["score_op_u"]) && !empty($_POST["score_op_u"]) && isset($_POST["score_u"]) && !empty($_POST["score_u"])) {
$score_op_u = secure_display($_POST["score_op_u"]);
if ($score_op_u == "less_or_equal") {
$op = "<=";
} elseif ($score_op_u == "higher_or_equal") {
$op = ">=";
} else {
$op = "=";
}
$analysis_table = True;
$signature_table = True;
$sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' ";
}
if (isset($_POST["score_op_k"]) && !empty($_POST["score_op_k"]) && isset($_POST["score_k"]) && !empty($_POST["score_k"])) {
$score_op_k = secure_display($_POST["score_op_k"]);
if ($score_op_k == "less_or_equal") {
$op = "<=";
} elseif ($score_op_k == "higher_or_equal") {
$op = ">=";
} else {
$op = "=";
}
$analysis_table = True;
$signature_table = True;
$sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_k"]) . "' AND a.kernel_analysis = '1' ";
}
if (isset($_POST["score_op_u"]) && !empty($_POST["source_op_u"])) {
$score_op_u = secure_display($_POST["score_op_u"]);
}
if (isset($_POST["signature"]) && !empty($_POST["signature"])) {
$analysis_table = True;
$signature_table = True;
$signature = secure_display($_POST["signature"]);
$sql_request_where .= "AND s.title LIKE '" . secure_sql($_POST["signature"]) . "' ";
}
if (isset($_POST["score_k"]) && !empty($_POST["score_k"])) {
$score_k = secure_display($_POST["score_k"]);
}
if (isset($_POST["score_u"]) && !empty($_POST["score_u"])) {
$analysis_table = True;
$score_u = secure_display($_POST["score_u"]);
$sql_request_where .= "AND s.score = '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' ";
}
if (isset($_POST["time_start"]) && !empty($_POST["time_start"])) {
$time_start = secure_display($_POST["time_start"]);
}
if (isset($_POST["time_end"]) && !empty($_POST["time_end"])) {
$time_end = secure_display($_POST["time_end"]);
}
if (isset($_POST["meta_field"]) && !empty($_POST["meta_field"]) && isset($_POST["meta_value"]) && !empty($_POST["meta_value"])) {
$metadata_table = True;
$meta_field = secure_display($_POST["meta_field"]);
$meta_value = secure_display($_POST["meta_value"]);
$sql_request_where .= "AND m.name = '" . secure_sql($_POST["meta_field"]) . "' AND m.value LIKE '" . secure_sql($_POST["meta_value"]) . "' ";
}
if (isset($_POST["source"]) && !empty($_POST["source"])) {
$submition_table = True;
$source = secure_display($_POST["source"]);
$sql_request_where .= "AND z.source_type LIKE '" . secure_sql($_POST["source"]) . "' ";
}
if (substr($sql_request_where, 0, 4) == "AND ") {
$sql_request_where = substr($sql_request_where, 3, -1);
}
if ($metadata_table == True) {
$submition_table = True;
$sql_request_where = "z.submition_id = m.submition_id AND " . $sql_request_where;
$sql_request_from .= ",metadata m";
}
if ($submition_table == True) {
$sql_request_where = "z.task_id = z.task_id AND " . $sql_request_where;
$sql_request_from .= ",submition z";
//.........這裏部分代碼省略.........
示例8: secure_sql
/**
* Makes $value secure for usage in SQL expressions
*
* @param mixed $value
* @return string
*/
function secure_sql($value)
{
if (is_array($value)) {
foreach ($value as $key => $val) {
$value[$k] = secure_sql($val);
}
} else {
$value = str_replace(array('&', '"', ''', '<', '>'), array('&', '"', "'", '<', '>'), $value);
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (function_exists('mysql_real_escape_string')) {
$value = mysql_real_escape_string($value);
} else {
$value = addslashes($value);
}
}
return $value;
}
示例9: add_filter
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
switch ($type) {
case 'id':
$this->_query->add_where('(id = \'' . $condition . '\')');
break;
case 'lastrun':
$this->_query->add_where('(lastrun = \'' . $condition . '\')');
break;
case 'nextrun':
$this->_query->add_where('(nextrun = \'' . $condition . '\')');
break;
case 'scheduled':
$this->_query->add_where('(nextrun < ' . intval($condition) . ' OR nextrun IS NULL)');
break;
case 'time_mask':
$this->_query->add_where('(time_mask = \'' . $condition . '\')');
break;
case 'file':
$this->_query->add_where('(file = \'' . $condition . '\')');
break;
case 'method':
$this->_query->add_where('(method = \'' . $condition . '\')');
break;
case 'arguments':
$this->_query->add_where('(arguments = \'' . $condition . '\')');
break;
case 'hash':
$this->_query->add_where('(hash = \'' . $condition . '\')');
break;
}
}
示例10: _tags_feed
/**
* Tags feed view (autocomplete items)
*/
public function _tags_feed()
{
$results = array('total' => 0, 'items' => array());
$sm = vivvo_lite_site::get_instance();
$um = $sm->get_url_manager();
if ($um->isset_param('q')) {
$name = strtr(secure_sql($um->get_param('q')), array('%' => '\\%', '_' => '\\_'));
if ($um->isset_param('restrict')) {
$topic_id = ' AND topic_id = ' . (int) $um->get_param('restrict');
} else {
$topic_id = '';
}
if ($um->isset_param('offset')) {
$offset = (int) $um->get_param('offset');
} else {
$offset = 0;
}
if ($um->isset_param('limit')) {
$limit = (int) $um->get_param('limit');
} else {
$limit = 30;
}
$res = $sm->get_db()->query("SELECT CONCAT_WS(':', ttg.tags_group_id, ttg.tag_id) AS value, t.name AS caption, tg.name AS category\n\t\t\t\t\t FROM " . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg
LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags AS t ON ttg.tag_id = t.id
LEFT JOIN ' . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id\n\t\t\t\t\t WHERE t.name LIKE '%{$name}%'{$topic_id}\n\t\t\t\t\t LIMIT {$offset},{$limit}");
if (!PEAR::isError($res)) {
$results['items'] = $res->fetchAll(MDB2_FETCHMODE_ASSOC);
$res->free();
$results['total'] = count($results['items']);
}
}
header('Content-Type: application/json');
echo json_encode($results);
exit;
}
示例11: add_filter
function add_filter($type, $cond = '')
{
$condition = secure_sql($cond);
switch ($type) {
case 'id':
$condition = secure_sql_in($condition);
$this->_query->add_where('(t.id IN (' . $condition . '))');
break;
case 'notid':
$condition = secure_sql_in($condition);
$this->_query->add_where('(t.id NOT IN (' . $condition . '))');
break;
case 'type':
$this->_query->add_where("(t.type='{$condition}')");
break;
case 'ext':
$this->_query->add_where("(t.extensions LIKE '%{$condition}%')");
break;
}
}
示例12: generic_add_filter
function generic_add_filter($params, $prefix = '')
{
if (is_array($params) && !empty($params)) {
$keys = array_keys($params);
foreach ($keys as $k) {
if (preg_match('/^search_field_(.*)_(lt|gt|eq|neq|in|notin|between|notnull|isnull)$/', $k, $arr)) {
$condition = secure_sql($params[$k]);
switch ($arr[2]) {
case 'lt':
$this->_query->add_where('(' . $prefix . $arr[1] . ' < \'' . $condition . '\')');
break;
case 'gt':
$this->_query->add_where('(' . $prefix . $arr[1] . ' > \'' . $condition . '\')');
break;
case 'eq':
$this->_query->add_where('(' . $prefix . $arr[1] . ' = \'' . $condition . '\')');
break;
case 'neq':
$this->_query->add_where('(' . $prefix . $arr[1] . ' != \'' . $condition . '\')');
break;
case 'in':
$condition = secure_sql_in($condition);
$this->_query->add_where('(' . $prefix . $arr[1] . ' IN ' . $condition . ')');
break;
case 'notin':
$condition = secure_sql_in($condition);
$this->_query->add_where('(' . $prefix . $arr[1] . ' NOT IN ' . $condition . ')');
break;
case 'notnull':
$this->_query->add_where('(' . $prefix . $arr[1] . ' IS NOT NULL )');
break;
case 'isnull':
$this->_query->add_where('(' . $prefix . $arr[1] . ' IS NULL )');
break;
case 'between':
$between = explode(',', $condition);
if (is_array($between) && count($between) == 2) {
$this->_query->add_where('(' . $prefix . $arr[1] . ' BETWEEN \'' . $between[0] . '\' AND \'' . $between[1] . '\')');
}
break;
}
}
}
}
}
示例13: edit_category
/**
* Edit category
*
* @param integer $category_id
* @param array $data
* @return boolean true on success or false on fail
*/
function edit_category($category_id, $data)
{
if (!$this->check_token()) {
return false;
}
if (!vivvo_hooks_manager::call('category_edit', array(&$category_id, &$data))) {
return vivvo_hooks_manager::get_status();
}
$sm = vivvo_lite_site::get_instance();
if ($sm->user) {
if ($sm->user->is_admin()) {
$category_id = (int) $category_id;
if (isset($data['category_name'])) {
$data['category_name'] = trim($data['category_name']);
}
if (empty($data['sefriendly'])) {
if (isset($data['category_name']) && !empty($data['category_name'])) {
$data['sefriendly'] = make_sefriendly($data['category_name']);
}
} else {
$data['sefriendly'] = make_sefriendly($data['sefriendly']);
}
if (isset($data['sefriendly'])) {
$sefriendly = secure_sql($data['sefriendly']);
$sql = 'SELECT id FROM ' . VIVVO_DB_PREFIX . "categories WHERE sefriendly = '{$sefriendly}' AND id <> {$category_id} LIMIT 1 UNION\n\t\t\t\t\t\t\t\tSELECT id FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE url = '{$sefriendly}' LIMIT 1";
if (($res = $sm->get_db()->query($sql)) && $res->numRows() > 0) {
$this->set_error_code(2101);
return false;
}
}
$category_list = $sm->get_categories();
$category = $category_list->list[$category_id];
$redirect = $in_category['redirect'];
array_walk($in_category, 'array_htmlspecialchars');
$in_category['redirect'] = $redirect;
if (!empty($data['form']) and $data['form'] == 'link' and empty($data['redirect'])) {
$this->set_error_code(12, vivvo_lang::get_instance()->get_value('LNG_DB_categories_redirect'));
return false;
}
if (isset($category)) {
if (!$category->populate($data, true)) {
$this->set_error_info($category->get_error_info());
return false;
}
$this->_post_master->set_data_object($category);
if ($this->_post_master->sql_update()) {
$fm = $sm->get_file_manager();
if ($fm->is_uploaded('CATEGORY_abstact_image')) {
$abstract_image = $fm->upload('CATEGORY_abstact_image');
if ($abstract_image != false) {
$category->set_image($abstract_image);
$this->_post_master->set_data_object($category);
$this->_post_master->sql_update();
}
}
admin_log($sm->user->get_username(), 'Edited category #' . $category_id);
return true;
} else {
$this->set_error_code(2110);
return false;
}
} else {
$this->set_error_code(2111);
return false;
}
} else {
$this->set_error_code(2112);
return false;
}
} else {
$this->set_error_code(2113);
return false;
}
}
示例14: add_filter
/**
* Adds filter to the WHERE clause of the query
*
* @param string $type
* @param mixed $condition
*/
function add_filter($type, $condition = '')
{
$condition = secure_sql($condition);
$flag = false;
switch ($type) {
case 'not_id':
case 'not_article_id':
case 'not_version':
case 'not_creator_id':
case 'not_type':
$flag = true;
$type = substr($type, 4);
case 'id':
case 'article_id':
case 'version':
case 'creator_id':
case 'type':
$condition = secure_sql_in($condition);
$operator = ($flag ? 'NOT ' : '') . 'IN';
$this->_query->add_where("ar.{$type} {$operator} ({$condition})");
break;
case 'title_matches':
$this->_query->add_where("ar.title LIKE '%{$condition}%'");
break;
case 'title':
$this->_query->add_where("ar.title = '{$condition}'");
break;
case 'not_created_time':
$flag = true;
case 'created_time':
$condition = (int) $condition;
$operator = $flag ? '!=' : '=';
$this->_query->add_where("ar.created_time {$operator} {$condition}");
break;
case 'created_time_lte':
case 'created_time_gte':
$flag = true;
case 'created_time_lt':
case 'created_time_gt':
$condition = (int) $condition;
$operator = ($type[13] == 'g' ? '>' : '<') . ($flag ? '=' : '');
$this->_query->add_where("ar.created_time {$operator} {$condition}");
break;
default:
// ignore
}
}
示例15: get_assets_quick_search
function get_assets_quick_search($keyword)
{
$keyword = secure_sql($keyword);
$dir = VIVVO_ASSETS_DIRTYPE_ID;
$sql = "(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files WHERE name LIKE '{$keyword}%' AND filetype_id != {$dir})\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT f.* FROM " . VIVVO_DB_PREFIX . "asset_files as f, " . VIVVO_DB_PREFIX . "asset_keywords as k\n\t\t\t\t\t\tWHERE f.id=k.asset_id AND k.keyword LIKE '{$keyword}%')\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files\n\t\t\t\t\t\tWHERE MATCH (info) AGAINST ('\"{$keyword}\"' IN BOOLEAN MODE) AND filetype_id != {$dir})\n\t\t\t\t\tORDER BY path ASC\n\t\t\t\t\t";
$sm = vivvo_lite_site::get_instance();
$res = $sm->get_db()->query($sql);
$this->list = array();
if (!is_a($res, 'mdb2_error')) {
$class = $this->post_object_type;
while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
if ($sm->_object_cache_manager->is_cached($class, $row[$this->id_key])) {
$this->list[$row[$this->id_key]] = $sm->_object_cache_manager->retrive($class, $row[$this->id_key]);
$this->list[$row[$this->id_key]]->populate($row);
} else {
$object = new $class(null, $row);
$sm->_object_cache_manager->add($class, $row[$this->id_key], $object);
$this->list[$row[$this->id_key]] = $object;
}
}
$res->free();
} else {
$sm->debug_push("sql:", $query, 1);
$sm->debug_push("sql:", $res->getMessage(), 1);
}
return empty($this->list) ? false : $this->list;
}