public function insert($re_read = false) { if (!$this->before_insert()) { return false; } $retval = _insert(); if ($retval) { return $this->after_insert(); } else { return false; } }
if (isset($_GET['action'])) { if ($_GET['action'] == 'send') { //protect from illegal registration _check_code($_POST['code'], $_SESSION['RandCode']); $_rows = _fetch_array("select \n\t\t\t\t\t\t\t\t\ttg_uniqid \n\t\t\t\t\t\t\t\t from \n\t\t\t\t\t\t\t\t\ttg_user \n\t\t\t\t\t\t\t\twhere \n\t\t\t\t\t\t\t\t\ttg_username = '******'username']}'"); if ($_rows) { _uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']); include ROOT_PATH . 'includes/check.func.php'; $_clean = array(); $_clean['touser'] = $_POST['touser']; $_clean['fromuser'] = $_COOKIE['username']; $_clean['flower'] = $_POST['flower']; $_clean['content'] = _check_content($_POST['content']); $_clean = _mysql_string($_clean); //write into database _insert("INSERT INTO tg_flower (\n\t\t\t\t\t\t\t\t\t\ttg_touser,\n\t\t\t\t\t\t\t\t tg_fromuser,\n\t\t\t\t\t\t\t\t tg_flower,\n\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t \tVALUES (\n\t\t\t\t\t \t\t\t\t\t'{$_clean['touser']}',\n\t\t\t\t\t \t\t\t\t\t'{$_clean['fromuser']}',\n\t\t\t\t\t \t\t\t\t\t'{$_clean['flower']}',\n\t\t\t\t\t \t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t \t\t\t\t\tNOW()\n\t\t\t\t\t\t \t\t\t\t)\n\t\t\t"); //Successfully sended if (_affected_rows() == 1) { _close(); //_session_destroy(); _alert_close('Successfully sended'); } else { _close(); //_session_destroy(); _alert_back('Fail to send'); } } else { _alert_close('Illegal access!'); } } }
$_clean['active'] = _sha1_uniqid(); $_clean['username'] = _check_username($_POST['username']); $_clean['password'] = _check_password($_POST['password'], $_POST['notpassword']); $_clean['question'] = _check_question($_POST['question']); $_clean['answer'] = _check_answer($_POST['question'], $_POST['answer']); $_clean['sex'] = _check_sex($_POST['sex']); $_clean['profile'] = _check_profile($_POST['profile']); $_clean['email'] = _check_email($_POST['email']); $_clean['msn'] = _check_msn($_POST['msn']); $_clean['url'] = _check_url($_POST['url']); //check whether this username has been registered _is_repeat("select tg_username from tg_user where tg_username = '******'username']}'limit 1", 'This username has been registered'); //insert information into database //Between double quotation marks, a variable's name could be used; However, an array element can't. //A pair of braces are used to fix this problem _insert("INSERT INTO tg_user (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_profile,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_msn,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['profile']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)"); //_SERVER["REMOTE_ADDR"] would acquire the current login IP address if (_affected_rows() == 1) { //receive the id number in the previous "insert" statement $_clean['id'] = _insert_id(); _close(); //_session_destroy(); //XML _set_xml('new.xml', $_clean); //skip to main page _location('congratulation, registration succeed', 'active.php?active=' . $_clean['active']); } else { _location('registration fails', 'register.php'); //_session_destroy(); _close(); }
function render_admin_validaradd($param) { list($aid, $sid, $folios, $signatura, $siglos, $periodo, $resumen, $notas) = vwVarFromInput("aid", "sid", "folios", "signatura", "siglos", "periodo", "resumen", "notas"); // Comprobamos que el documento no existe ya list($db) = Getdb(); $tbl = GetTable('documentos'); $col = GetCols('documentos'); $sql = "SELECT {$col['signatura']},{$col['did']} FROM {$tbl} WHERE {$col['signatura']}='{$signatura}' and {$col['folios']}='{$folios}'"; $resultado = $db->Execute($sql); if ($db->ErrorNo() != 0) { $mensaje = "Ha ocurrido un error al leer de la base de datos"; return $mensaje; } if ($resultado->RecordCount() > 0) { // El documento ya existe $param['ruta'] = "error"; $param['mensaje'] = "El documento ya existe.Redireccionando a la edicion del documento ya existente"; $param['timeout'] = "3"; $res = $resultado->FetchRow(); $param['url'] = 'index.php?actor=documentos&accion=editar&id=' . $res[$col['did']]; render($param); die; } // Insertamos el archivo en la base de datos $seccion = array("aid" => $aid, "sid" => $sid, "folios" => htmlentities($folios, ENT_QUOTES), "signatura" => htmlentities($signatura, ENT_QUOTES), "siglos" => htmlentities($siglos, ENT_QUOTES), "periodo" => ParsePeriod($periodo), "resumen" => htmlentities($resumen, ENT_QUOTES), "notas" => htmlentities($notas, ENT_QUOTES)); //$seccion=fromcmstodb($seccion,'documentos'); $result = _insert($seccion); if ($result != true) { $param['ruta'] = "error"; $param['mensaje'] = "Ha ocurrido un error al introducir la sección en la base de datos <br>{$result}"; render($param); die; } $mensaje = "La sección ha sido introducida correctamente."; /* $resultado= SmartyInit(); $resultado->assign("mensaje",$mensaje); $plantilla="mensaje.tpl"; $salida=$resultado->fetch($plantilla); return $salida; */ $url = vwSessionGetVar('urlantigua'); vwSessionDelVar('urlantigua'); return render_msg($mensaje, 3, $url); }
global $_system; //Protect from faking unique identifier _uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']); //protect from spamming _timed(time(), $_rows['tg_post_time'], $_system['post']); //echo "<script>alert('".$_system['post']."')</script>"; include ROOT_PATH . 'includes/check.func.php'; //receive content in the post $_clean = array(); $_clean['username'] = $_COOKIE['username']; $_clean['type'] = $_POST['type']; $_clean['title'] = _check_post_title($_POST['title'], 2, 40); $_clean['content'] = _check_post_content($_POST['content'], 10); $_clean = _mysql_string($_clean); //write into database _insert("INSERT INTO \n\t\t\t tg_article (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_title,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_type,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t\t\t\t ) \n\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['title']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['type']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t)"); if (_affected_rows() == 1) { $_clean['id'] = _insert_id(); //create a cookie to record post time to protect from spamming //setcookie('post_time', time()); $_clean['time'] = time(); _query("UPDATE \n\t\t\t\t tg_user \n\t\t\t\t SET \n\t\t\t\t tg_post_time='{$_clean['time']}' \n\t\t\t\t WHERE \n\t\t\t\t tg_username='******'username']}'"); _close(); //_session_destroy(); _location('Successfully post£¡', 'article.php?id=' . $_clean['id']); } else { _close(); //_session_destroy(); _alert_back('Fail to post£¡'); } }