function dbkit_run_query_with_array($sql, $args) { foreach ($args as &$arg) { if (is_array($arg)) { if (count($arg) == 0) { $arg = array(-1); } $parts = array(); foreach ($arg as $part) { $parts[] = "'" . mysql_real_escape_string("{$part}") . "'"; } $arg = "(" . implode(",", $parts) . ")"; } else { $arg = "'" . mysql_real_escape_string("{$arg}") . "'"; } } $sql = str_replace("?", "%s", $sql); array_unshift($args, $sql); $sql = call_user_func_array('sprintf', $args); dbkit_log_query($sql); $res = mysql_query($sql); if (!$res) { die("database query failed: " . mysql_error()); } return $res; }
function query_operon_gene_percentage($species_id) { $spe = array(); $spe['name'] = ''; $spe['ncs'] = array(); $spe['total_gene'] = 0; $spe['in_operon'] = 0; $species_id = mysql_real_escape_string($species_id); $sql = "SELECT id, name FROM Species WHERE id={$species_id}"; $result = mysql_query($sql) or die("Invalid query: " . mysql_error()); $row = mysql_fetch_array($result); $spe['name'] = $row['name']; unset($result); $sql = "SELECT id,NC_id,protein_gene_number,rna_gene_number,operon_number FROM NC WHERE species_id={$species_id}"; $result = mysql_query($sql) or die("Invalid query: " . mysql_error()); $n = mysql_num_rows($result); for ($i = 0; $i < $n; $i++) { $row = mysql_fetch_array($result); $NC_id = $row['id']; $row['total_gene_num'] = $row['protein_gene_number'] + $row['rna_gene_number']; $sql2 = "SELECT sum(size) as total_genes FROM Operon WHERE size>=2 AND NC_id={$NC_id} ORDER BY id"; $result2 = mysql_query($sql2) or die("Invalid query: " . mysql_error()); $row2 = mysql_fetch_array($result2); $row['gene_in_operon'] = $row2['total_genes']; #$row['percent'] = round($row['gene_in_operon'] / $row['total_gene_num'],2); array_push($spe['ncs'], $row); $spe['total_gene'] += $row['total_gene_num']; $spe['in_operon'] += $row['gene_in_operon']; } $spe['percent'] = round(100 * $spe['in_operon'] / $spe['total_gene'], 2); return $spe; }
public static function toRegularString($string) { if (!is_string($string)) { return null; } return mysql_real_escape_string($string); }
function formatField($input) { $input = strip_tags($input); $input = str_replace(";", ":", $input); $input = mysql_real_escape_string($input); return trim($input); }
function get_all_promo_events() { connect_and_select_db(DB_SERVER, DB_UN, DB_PWD, DB_NAME); $startDate = mysql_real_escape_string($_POST['startDate']); $endDate = mysql_real_escape_string($_POST['endDate']); //Retrieve all events that occur during the time period including the outer bounds if ($startDate == null || $startDate == "") { $startDate = "0000-00-00"; } if ($endDate == null || $endDate == "") { $endDate = "9999-99-99"; } //$startDate = str_replace("-", "", $startDate); //$endDate = str_replace("-", "", $endDate); $sql = "SELECT * FROM AdEvent WHERE " . "(StartDate >= '{$startDate}' " . "AND StartDate <= '{$endDate}') " . "OR (EndDate >= '{$startDate}' " . "AND EndDate <= '{$endDate}') " . "ORDER BY AdEvent.StartDate ASC;"; //$sql = "SELECT * FROM AdEvent ORDER BY AdEvent.StartDate ASC"; --older, incorrect version $error_message = "Could not successfully run query ({$sql}) from DB: "; $search_events_result = get_result_set_from_select_query($sql, $error_message); //$result is non-empty. So count the rows $numrows = mysql_num_rows($search_events_result); //Create an appropriate message $message = ""; if ($numrows == 0) { $message = "No events found in database"; } ui_show_events_retrieved($message, $search_events_result); }
public function index() { $email = ""; if ($this->post and !$this->csrf) { global $site; $site['flash']['error'] = "Invalid form submission"; } elseif ($this->post) { $email = mysql_real_escape_string($_POST['email']); $user = User::find("users.email = '{$email}' AND users.suspended = 0 AND users.activated = 1", null, false, 1); if ($user) { // Disable any active lost password requests $lost_passwords = $user->get_lost_passwords(); if (count($lost_passwords) > 0) { foreach ($lost_passwords as $lost_password) { $lost_password->used = true; $lost_password->save(); } } // Make a new lost password request $lost_password = new LostPassword($user); if ($lost_password->save()) { Email::send_lost_password($lost_password); Site::flash("notice", "Instructions on how to reset your password have been sent to {$user->email}"); Redirect("resetpassword"); } else { $this->site['flash']['error'] = "Unable to send password reset instructions"; } } else { $this->site['flash']['error'] = "Unable to find a user with that email address"; } } $this->assign("email", $email); $this->title = "Lost Password"; $this->render("lost_password/index.tpl"); }
public function createForum($name, $category, $subcategory) { if (isset($this->authIdentity)) { $insert_data = array('creator' => $this->authIdentity->userid, 'category' => $category, 'subcategory' => $subcategory, 'name' => mysql_real_escape_string($name), 'vote' => 'a:0:{}'); $forumid = $this->insert($insert_data); } }
function handleRegister() { //showLog("handleLogin"); // $ret = array('op' => 'register', 'msg' => 'Registration Successful', 'error_code' => '0'); $username = $_POST["username"]; $email = $_POST["email"]; $password = $_POST["password"]; $upass = md5(mysql_real_escape_string($_POST['password'])); $dao = new DAOuser(); // ensure that user with same email does not exist in database $user = $dao->getByEmail($email); // user already exists for give email if ($user != NULL) { $ret["error_code"] = "1"; $ret["msg"] = "Email '" . $email . "' already exists"; echo json_encode($ret); return; } // ensure that user with same username does not exist in database $user = $dao->getByUsername($username); // user already exists for give username if ($user != NULL) { $ret["error_code"] = "1"; $ret["msg"] = "Username '" . $username . "' already exists"; echo json_encode($ret); return; } $user = new user($_POST['username'], $upass, $_POST['email']); $dao->save($user); echo json_encode($ret); }
public function forSql($value, $maxLength = 0) { if ($maxLength > 0) { $value = substr($value, 0, $maxLength); } return mysql_real_escape_string($value, $this->dbConnection->getResource()); }
function addm($char, $mes, $priv) { setlocale(LC_ALL, "ru_RU.CP1251"); if (!isset($char['sex']) || $char['sex'] == "male") { $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\1", $mes); } else { $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\2", $mes); } $mes = '<span style="color:#FF2828;font-size:12px;">' . iconv("Windows-1251", "UTF-8//IGNORE", $mes) . '</style>'; $message = $mes; $message = mysql_real_escape_string($message); $sel = myquery("SELECT `count` FROM `game_bot_chat_resp` WHERE `id` = '" . $char['name'] . "';"); $n = mysql_fetch_array($sel); if ($n['count'] <= 4) { myquery("INSERT INTO `game_bot_chat_resp` (`id`,`count`) VALUES ('" . $char['name'] . "','1') ON DUPLICATE KEY UPDATE `count` = `count` + 1;"); $update_chat = myquery("insert into game_log (town,fromm,too,message,date,ptype) values (0,'-1','" . $char['user_id'] . "','" . $message . "','" . time() . "'," . $priv . ")"); } else { $sel = myquery("SELECT `text` FROM `game_bot_chat_annoy` ORDER BY RAND() ASC LIMIT 1"); $mes = mysql_fetch_array($sel); if (!isset($char['sex']) || $char['sex'] == "male") { $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\1", $mes); } else { $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\2", $mes); } $message = mysql_real_escape_string('<span style="color:#FF2828;font-size:12px;">' . iconv("Windows-1251", "UTF-8//IGNORE", $mes['text']) . '</style>'); $update_chat = myquery("insert into game_log (town,fromm,too,message,date,ptype) values (0,'-1','" . $char['user_id'] . "','" . $message . "','" . time() . "'," . $priv . ")"); } }
function _wobi_addWebseedfiles($torrent_file_path, $relative_path, $httplocation, $hash) { $prefix = WOBI_PREFIX; $fd = fopen($torrent_file_path, "rb") or die(errorMessage() . "File upload error 1</p>"); $alltorrent = fread($fd, filesize($torrent_file_path)); fclose($fd); $array = BDecode($alltorrent); // Add in Bittornado HTTP seeding spec // //add information into database $info = $array["info"] or die("Invalid torrent file."); $fsbase = $relative_path; // We need single file only! mysql_query("INSERT INTO " . $prefix . "webseedfiles (info_hash,filename,startpiece,endpiece,startpieceoffset,fileorder) values (\"{$hash}\", \"" . mysql_real_escape_string($fsbase) . "\", 0, " . (strlen($array["info"]["pieces"]) / 20 - 1) . ", 0, 0)"); // Edit torrent file // $data_array = $array; $data_array["httpseeds"][0] = WOBI_URL . "/seed.php"; //$data_array["url-list"][0] = $httplocation; $to_write = BEncode($data_array); //write torrent file $write_httpseed = fopen($torrent_file_path, "wb"); fwrite($write_httpseed, $to_write); fclose($write_httpseed); //add in piecelength and number of pieces $query = "UPDATE " . $prefix . "summary SET piecelength=\"" . $info["piece length"] . "\", numpieces=\"" . strlen($array["info"]["pieces"]) / 20 . "\" WHERE info_hash=\"" . $hash . "\""; quickQuery($query); }
public static function authentication() { // print_r($_SERVER); // exit(); if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { $db = new DB(); $username = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']); $password = mysql_real_escape_string($_SERVER['PHP_AUTH_PW']); $domain = 'nebula.com'; $hash = md5($username . ':' . $domain . ':' . $password); $sql = "SELECT id from n_nebulauser WHERE username='******' AND ha1='{$hash}'"; $q = $db->query($sql); if (mysql_num_rows($q)) { $fetch = mysql_fetch_assoc($q); return $fetch['id']; } else { return null; } } return false; }
function prepare($id, $data = false, $period_sec = false) { //Если задана очистка подготовленного сохранения if ($id == 'clear') { $this->temp = false; return true; } //Если не передано что готовить if (!$data) { return false; } $t = mktime(); if (!$period_sec) { $period_sec = 86400; } //+20дней=86400 if (!is_string($data)) { $serr = serialize($data); } else { $serr = $data; } $serr = mysql_real_escape_string($serr); /* if(1==3 && unserialize($serr) != $data ){ $this->temp=false; return false; } */ $this->temp = "REPLACE INTO z_fs_queries SET fq_id='{$id}', fq_content='{$serr}', fq_create=" . $t . ", fq_dead=" . ($t + $period_sec); $this->last_id = $id; return true; }
public function getAreaList($stfips, $areatype) { $link = getDatabaseConnection(); $query = sprintf("select * from wid.geog " . "where stfips = '%s' and areatype = '%s' order by stfips, areatype, area", mysql_real_escape_string($stfips), mysql_real_escape_string($areatype)); $arealist = $this->getJSONResult($query, $link); return $arealist; }
private function loadData() { $title = mysql_real_escape_string($this->title); $text = mysql_real_escape_string($this->text); $data = array("title" => "'{$title}'", "type" => "'{$this->type}'", "text" => "'{$text}'"); return $data; }
function check_str($string, $trim = true) { global $db_type, $db; //when code in db is urlencoded the ' does not need to be modified if ($db_type == "sqlite") { if (function_exists('sqlite_escape_string')) { $string = sqlite_escape_string($string); } else { $string = str_replace("'", "''", $string); } } if ($db_type == "pgsql") { $string = pg_escape_string($string); } if ($db_type == "mysql") { if (function_exists('mysql_real_escape_string')) { $tmp_str = mysql_real_escape_string($string); } else { $tmp_str = mysqli_real_escape_string($db, $string); } if (strlen($tmp_str)) { $string = $tmp_str; } else { $search = array("", "\n", "\r", "\\", "'", "\"", ""); $replace = array("\\x00", "\\n", "\\r", "\\\\", "\\'", "\\\"", "\\"); $string = str_replace($search, $replace, $string); } } $string = $trim ? trim($string) : $string; return $string; }
function SaveOptions($username, $email, $calendar_ids, $project_ids) { $email = mysql_real_escape_string($email); /* get the range of years that studies have occured */ $sqlstring = "select * from users where username = '******'"; //echo $sqlstring; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); if (mysql_num_rows($result) > 0) { /* update */ $sqlstring = "update users set user_email = '{$email}' where username = '******'"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); } else { /* insert */ $sqlstring = "insert into users (username, user_email) values ('{$username}', '{$email}')"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); } $sqlstring = "select * from users where username = '******'"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); $row = mysql_fetch_array($result, MYSQL_ASSOC); $user_id = $row['user_id']; $sqlstring = "delete from calendar_notifications where not_userid = {$user_id}"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); foreach ($calendar_ids as $cal_id) { $sqlstring = "insert into calendar_notifications (not_userid, not_calendarid) values ({$user_id}, {$cal_id})"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); } $sqlstring = "delete from project_notifications where not_userid = {$user_id}"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); foreach ($project_ids as $prj_id) { $sqlstring = "insert into project_notifications (not_userid, not_projectid) values ({$user_id}, {$prj_id})"; $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>"); } }
/** * execute query - show be regarded as private to insulate the rest of * the application from sql differences * @access private */ function query($sql) { global $CONF; if (is_null($this->dblink)) { $this->_connect(); } //been passed more parameters? do some smart replacement if (func_num_args() > 1) { //query contains ? placeholders, but it's possible the //replacement string have ? in too, so we replace them in //our sql with something more unique $q = md5(uniqid(rand(), true)); $sql = str_replace('?', $q, $sql); $args = func_get_args(); for ($i = 1; $i <= count($args); $i++) { $sql = preg_replace("/{$q}/", "'" . preg_quote(mysql_real_escape_string($args[$i])) . "'", $sql, 1); } //we shouldn't have any $q left, but it will help debugging if we change them back! $sql = str_replace($q, '?', $sql); } $this->dbresult = mysql_query($sql, $this->dblink); if (!$this->dbresult) { die("Query failure: " . mysql_error() . "<br />{$sql}"); } return $this->dbresult; }
function writeToDestination($data) { $sqlInsertStatement = "INSERT INTO SAKPART (SP_SAID, SP_U1, SP_KORTNAVN, SP_NAVN, SP_ADRESSE, SP_POSTNR, SP_POSTSTED, SP_UTLAND, SP_EPOSTADR, SP_KONTAKT, SP_ROLLE, SP_FAKS, SP_TLF) VALUES ("; $sqlInsertStatement .= "'" . $data->SP_SAID . "',"; $sqlInsertStatement .= "'" . $data->SP_U1 . "',"; $sqlInsertStatement .= "'" . $data->SP_KORTNAVN . "',"; $sqlInsertStatement .= "'" . mysql_real_escape_string($data->SP_NAVN) . "',"; $sqlInsertStatement .= "'" . mysql_real_escape_string($data->SP_ADRESSE) . "',"; $sqlInsertStatement .= "'" . $data->SP_POSTNR . "',"; $sqlInsertStatement .= "'" . $data->SP_POSTSTED . "',"; $sqlInsertStatement .= "'" . $data->SP_UTLAND . "',"; $sqlInsertStatement .= "'" . $data->SP_EPOSTADR . "',"; $sqlInsertStatement .= "'" . $data->SP_KONTAKT . "',"; $sqlInsertStatement .= "'" . $data->SP_ROLLE . "',"; $sqlInsertStatement .= "'" . $data->SP_FAKS . "',"; $sqlInsertStatement .= "'" . $data->SP_TLF . "'"; $sqlInsertStatement .= ");"; $this->uttrekksBase->printErrorIfDuplicateFail = false; if ($this->uttrekksBase->executeStatement($sqlInsertStatement) == false) { // 1062 == duplicate key. Scary to hardcode, but can't find mysql constants somewhere if (mysql_errno() == Constants::MY_SQL_DUPLICATE) { // This table is know to contain duplicates. We just log and continue $this->logger->log($this->XMLfilename, "Duplicate value detected. Value is SP_SAID (" . $data->SP_SAID . "), SP_NAVN (" . $data->SP_NAVN . ")", Constants::LOG_WARNING); } } $this->uttrekksBase->printErrorIfDuplicateFail = true; // $this->uttrekksBase->executeStatement($sqlInsertStatement); }
function modul($posisi) { global $koneksi_db, $STYLE_INCLUDE, $SCRIPT_INCLUDE; $total = 0; $numb = 0; if (isset($_GET['pilih'])) { $pilih = mysql_real_escape_string(strip_tags($_GET['pilih'])); $numb = mysql_num_rows(mysql_query("SELECT `id` FROM `actions` WHERE `modul_hrd` = '{$pilih}'")); $modulku = mysql_query("SELECT * FROM `actions` LEFT JOIN `modul_hrd` ON (`modul_hrd`.`id` = `actions`.`modul_id`) WHERE `actions`.`modul_hrd` = '{$pilih}' AND `actions`.`posisi` = '{$posisi}' ORDER BY `actions`.`order`"); $total = mysql_num_rows($modulku); while ($viewmoduls = mysql_fetch_assoc($modulku)) { if (file_exists($viewmoduls['isi']) && $viewmoduls['type'] == 'module') { include $viewmoduls['isi']; kotakjudul($viewmoduls['modul'], @$out, ''); $out = ''; } if ($viewmoduls['type'] == 'block') { kotakjudul($viewmoduls['modul'], $viewmoduls['isi'], ''); } } } if ($total == 0 && $numb == 0) { $modulku = $koneksi_db->sql_query("SELECT * FROM modul_hrd WHERE published= 1 AND posisi= '{$posisi}' ORDER BY ordering"); while ($viewmodul = $koneksi_db->sql_fetchrow($modulku)) { if (file_exists($viewmodul['isi']) && $viewmodul['type'] == 'module') { include $viewmodul['isi']; kotakjudul($viewmodul['modul'], @$out, ''); $out = ''; } if ($viewmodul['type'] == 'block') { kotakjudul($viewmodul['modul'], $viewmodul['isi'], ''); } } } }
function clear_string($cl_str) { $cl_str = strip_tags($cl_str); $cl_str = mysql_real_escape_string($cl_str); $cl_str = trim($cl_str); return $cl_str; }
function serialize_exif($uploaded_file) { //$exif_tmp = read_exif_data_raw($_FILES['upload_file']['tmp_name'],0); $exif_tmp = read_exif_data_raw($uploaded_file, 0); $flat_exif_tmp = flatten_array($exif_tmp); if (in_array("DataDumpMakerNote", $flat_exif_tmp)) { // this field is set to empty because it causes trouble $flat_exif_tmp['DataDumpMakerNote'] = NULL; } //search for all "unknown:*" fields because like the MakerNote it causes trouble. // Thanks to erdbeerbaum for pointing this out. foreach ($flat_exif_tmp as $key => $value) { $pos = strpos($key, "unknown:"); if ($pos === 0) { $flat_exif_tmp[$key] = NULL; } } foreach ($flat_exif_tmp as $key => $value) { $flat_exif_tmp[$key] = trim($value); } $exif_info = serialize($flat_exif_tmp); // we need to escape the string before saving it to the db $exif_info = mysql_real_escape_string($exif_info); return $exif_info; }
function update($vTablename, $aUpdate = array(), $sWhere) { $count = 0; $fields = ''; foreach ($aUpdate as $col => $val) { if ($count++ != 0) { $fields .= ', '; } $col = mysql_real_escape_string($col); $val = mysql_real_escape_string($val); $fields .= "`{$col}` = '{$val}' "; } $sql = "UPDATE `{$vTablename}` SET {$fields} "; $count = 0; $fields = ''; foreach ($aUpdate as $col => $val) { if ($count++ != 0) { $fields .= ', '; } $col = mysql_real_escape_string($col); $val = mysql_real_escape_string($val); $fields .= "`{$col}` = {$val}"; } $sql .= " WHERE {$sWhere}"; // echo $sql; if ($this->db->query($sql) === TRUE) { return "Success"; } else { return "Error Update Table: " . $this->db->error; } }
function escape($string) { return addslashes( $string ); // Disable rest for now, causing problems if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' ) return mysql_escape_string( $string ); else return mysql_real_escape_string( $string, $this->dbh ); }
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = $theValue != "" ? intval($theValue) : "NULL"; break; case "double": $theValue = $theValue != "" ? doubleval($theValue) : "NULL"; break; case "date": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; }
function insert_item() { // Connect to the 'test' database // The parameters are defined in the teach_cn.inc file // These are global constants connect_and_select_db(DB_SERVER, DB_UN, DB_PWD, DB_NAME); // Get the information entered into the webpage by the user // These are available in the super global variable $_POST // This is actually an associative array, indexed by a string $itemNumber = mysql_real_escape_string($_POST['itemNumber']); $itemDescription = mysql_real_escape_string($_POST['itemDescription']); $category = mysql_real_escape_string($_POST['category']); $departmentName = mysql_real_escape_string($_POST['departmentName']); $purchaseCost = mysql_real_escape_string($_POST['purchaseCost']); $retailPrice = mysql_real_escape_string($_POST['retailPrice']); // Create a String consisting of the SQL command. Remember that // . is the concatenation operator. $varname within double quotes // will be evaluated by PHP $insertStmt = "INSERT INTO Item (ItemNumber, ItemDescription, Category, DepartmentName,\n\t\t PurchaseCost, FullRetailPrice) values ( '{$itemNumber}','{$itemDescription}', '{$category}',\n '{$departmentName}', '{$purchaseCost}', '{$retailPrice}')"; //Execute the query. The result will just be true or false $result = mysql_query($insertStmt); $message = ""; if (!$result) { $message = "Error in inserting Item. <br />Item Number: {$itemNumber}<br />Item Description:\n{$itemDescription} <br />Category:\n{$category}\n<br />Department\n Name: {$departmentName} <br />" . mysql_error(); } else { $message = "Data for Item inserted successfully. <br />Item Number: {$itemNumber}<br />Item Description: {$itemDescription} <br />Category: {$category} <br />Department Name: {$departmentName}"; } ui_show_item_insert_result($message, $itemNumber, $itemDescription, $category, $departmentName, $purchaseCost, $retailPrice); }
function FindOrk2Player($ork3_id, $aname, $fname, $lname, $chapter) { if (array_key_exists($chapter, $this->chapterMap)) { $sql = "\n select * \n from ORKplayers\n where chapterID = {$this->chapterMap[$chapter]}\n and aname like '{$aname}' and fname like '{$fname}' and lname like '{$lname}'"; $player = $this->ORK2->query($sql); if ($player->size() == 1) { //echo "Found $ork3_id: ($aname): {$player->playerID}; "; $this->iOrk2->RecordTransfer('players', 'Player', $player->playerID, $ork3_id, array(), 1); return true; } else { if ($player->size() > 1) { //echo "Too many..."; } else { //echo "No hits..."; } } } $sql = "\n select * \n from ORKplayers\n where \n aname like '" . mysql_real_escape_string($aname) . "' \n and fname like '" . mysql_real_escape_string($fname) . "' \n and lname like '" . mysql_real_escape_string($lname) . "'"; $player = $this->ORK2->query($sql); if ($player->size() == 1) { //echo "Found $ork3_id: ($aname): {$player->playerID}; "; $this->iOrk2->RecordTransfer('players', 'Player', $player->playerID, $ork3_id, array(), 1); return true; } else { if ($player->size() > 1) { //echo "Too many..."; } else { //echo "No hits..."; } } return false; }
function escape_string($s, $strip_tags = true) { if ($strip_tags) { $s = strip_tags($s); } return mysql_real_escape_string($s, $this->link); }
function file_to_str($file, $size) { $link = start_nchsls(); $fd = fopen($file, 'r'); $str = fread($fd, $size); return mysql_real_escape_string($str, $link); }
function add_message($locale, $groupid, $message) { global $mysqlprefix; $link = connect(); perform_query("insert into {$mysqlprefix}chatresponses (locale,groupid,vcvalue) values ('" . mysql_real_escape_string($locale, $link) . "'," . ($groupid ? intval($groupid) . ", " : "null, ") . "'" . mysql_real_escape_string($message, $link) . "')", $link); mysql_close($link); }