Beispiel #1
0
/**
*   -------------------------------------------------------------------------------------------
*   @desc Создает строку для поиска в MySQL таблице
*   @return
*   -------------------------------------------------------------------------------------------
*/
function to_search_string($str)
{
    return addCslashes(str_replace('\\', '\\\\', htmlspecialchars(\Faid\DB::escape(trim($str)))), '_%');
}
Beispiel #2
0
<?php

header("Content-Type: application/json");
$search_string = $_POST["q"];
if (!isset($search_string)) {
    $arr = array("users" => array());
    print json_encode($arr, 256);
    die;
}
include '../../mod_db.php';
$users = array();
$search_string = addCslashes(mysql_real_escape_string($search_string), '\\%_');
$query = "SELECT `user_id`, `name` FROM `user` WHERE `name` LIKE \"{$search_string}%\" ORDER BY `name` LIMIT 0, 5";
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
    $new_user = array("user_id" => $row["user_id"], "name" => $row["name"]);
    array_push($users, $new_user);
}
mysql_free_result($result);
$arr = array("users" => $users);
print json_encode($arr, 256);
Beispiel #3
0
 /**
  * Возвращает экранированную строку для placeholder-а поиска LIKE (?S).
  *
  * @param string $var строка в которой необходимо экранировать спец. символы
  * @param string $chars набор символов, которые так же необходимо экранировать.
  *                      По умолчанию экранируются следующие символы: `'"%_`.
  * @return string
  */
 private function escapeLike($var, $chars = "%_")
 {
     $var = str_replace('\\', '\\\\', $var);
     $var = $this->mysqlRealEscapeString($var);
     if ($chars) {
         $var = addCslashes($var, $chars);
     }
     return $var;
 }
Beispiel #4
0
 public function search_newtown($meeting_town, $meeting_region)
 {
     global $db, $cache, $new_town;
     if (!$meeting_town || !$meeting_region) {
         return;
     }
     $new_town = '';
     $search_town = array();
     $data_twn = addCslashes($meeting_town, '%_');
     $data_twn = str_replace('\\', '\\\\', $data_twn);
     $data_twn = addCslashes($data_twn, '_%');
     $sql = "SELECT name FROM " . REGION_TOWN_TABLE . " \n\t\t\tWHERE region_id =" . $meeting_region . "\n\t\t\tAND name ='" . $data_twn . "'";
     $result = $db->sql_query($sql);
     while ($row = $db->sql_fetchrow($result)) {
         $search_town = $row;
     }
     $db->sql_freeresult($result);
     if (sizeof($search_town)) {
         return;
     } else {
         $sql = "SELECT region_flag FROM " . REGION_TABLE . " \n\t\t\t\t\tWHERE region_id =" . $meeting_region;
         $result = $db->sql_query($sql);
         while ($row = $db->sql_fetchrow($result)) {
             $flag = $row['region_flag'];
         }
         $db->sql_freeresult($result);
         $data_town = array('region_id' => $meeting_region, 'name' => $meeting_town, 'country_flag' => $flag);
         $db->sql_query('INSERT INTO ' . REGION_TOWN_TABLE . ' ' . $db->sql_build_array('INSERT', $data_town));
         $cache->destroy('sql', REGION_TOWN_TABLE);
         $new_town = $meeting_town;
     }
     return $new_town;
 }
Beispiel #5
0
function proverka_geo($data_geo, $i)
{
    global $db, $geo_old, $next_id, $user, $id, $geo_ids, $meetings_cash, $new_geo;
    $geo_old = array();
    $meetings_cash = array();
    $new_geo = 0;
    // Получение тайников
    $data_gn = addCslashes($data_geo['geo_name'], '%_');
    $data_gn = str_replace('\\', '\\\\', $data_gn);
    $data_gn = addCslashes($data_gn, '_%');
    $sql = "SELECT * FROM " . GEO_TABLE . " \n\t\tWHERE geo_id > 0\n\t\tAND geo_link ='" . $data_geo['geo_link'] . "'\n\t\tOR geo_name = '" . $data_gn . "'";
    $result = $db->sql_query($sql);
    while ($row = $db->sql_fetchrow($result)) {
        $geo_old = $row;
        $meetings_cash[] = $row['geo_id'];
    }
    $db->sql_freeresult($result);
    if (!sizeof($geo_old) && !empty($data_geo['geo_name']) && !empty($data_geo['geo_link'])) {
        $data_geo_2 = array('bbcode_bitfield' => '', 'bbcode_uid' => '', 'geo_descr' => '');
        $data_geo = array_merge($data_geo, $data_geo_2);
        insert_geocash($data_geo);
        $new_geo = 1;
        return $new_geo;
    } else {
        if (empty($data_geo['geo_name']) && empty($data_geo['geo_link'])) {
            $geo_id = $geo_ids[$i];
            $data_geo_3 = array('geo_id' => $geo_id);
            $data_geo = array_merge($data_geo, $data_geo_3);
            update_geocash($geo_id, $data_geo, $i);
            return $new_geo;
        } else {
            if ($geo_old['geo_meeting_id'] == $data_geo['geo_meeting_id']) {
                $data_geo_3 = array('geo_id' => $geo_old['geo_id']);
                $data_geo = array_merge($data_geo, $data_geo_3);
                update_geocash($geo_id, $data_geo, $i);
                return $new_geo;
            } else {
                return $geo_old;
            }
        }
    }
}