function getCheckValue($value) { $result = NULL; if (isset($_POST[$value])) { $result = addQuotes($_POST[$value]); } return $result; }
function nullIfCero($valor, $addQuotes = false, $menosUnoIsNullToo = true) { if ($valor == "0" or $valor == "" or $menosUnoIsNullToo and $valor == "-1") { return NULL; } elseif ($addQuotes) { return addQuotes($valor); } else { return $valor; } }
$dias = addQuotes(date("d/m")); while ($diaHabil != "S") { if ($diaHabil != "S") { $sql = "SELECT TO_CHAR(TRUNC(SYSDATE + ".$dia."), 'DD/MM') FROM DUAL"; $dias.= ",".addQuotes(valorSql($sql)); } $dia--; $sql = "SELECT amebpba.isdiahabil(SYSDATE + ".$dia.") FROM DUAL"; $diaHabil = valorSql($sql); } } else { // Sino, si esta navegando hacia adelante o hacia atrás.. $sql = "SELECT TO_CHAR(TRUNC(SYSDATE + ".$dia."), 'DD/MM') FROM DUAL"; $dias = addQuotes(valorSql($sql)); } $sql = "SELECT TO_CHAR(TO_DATE(TO_CHAR(se_fechacumple, 'DD/MM') || '/' || TO_CHAR (SYSDATE, 'YYYY')), 'DAY') dia, TO_CHAR(se_fechacumple, 'DD/MM') fechacumple, se_foto, se_id, se_nombre FROM art.use_usuarios WHERE TO_CHAR(se_fechacumple, 'DD/MM') IN (".$dias.") AND se_fechabaja IS NULL ORDER BY se_nombre"; $stmt = DBExecSql($conn, $sql); $count = 0; $html = ""; while ($row = DBGetQuery($stmt)) { $count++; $rutaFoto = base64_encode(IMAGES_FOTOS_PATH."cartel.jpg");
<?php require "../../includes/config.php"; if (isset($_POST['queryString'])) { //$queryString = preg_replace('/\s+/', '', $_POST['queryString']); $queryString = sanitize_string($_POST['queryString']); if (strlen($queryString) > 0) { $totalFaqQuestion = $con->recordselect("SELECT faqQuestion as value,faqCategoryParentId,faqCategoryId FROM faqquestionanswer WHERE faqQuestion LIKE '%{$queryString}%'"); $total_faq_question = mysql_num_rows($totalFaqQuestion); //echo "SELECT faqque.faqQuestion as value,faqque.faqCategoryParentId,faqque.faqCategoryId,faqque.faqQuestionAnswerId,faqque.faqQuestionAnswerTime FROM `faqquestionanswer` as faqque, `faqcategory` as faqcat WHERE faqque.faqQuestion AND faqque.faqCategoryParentId=faqcat.faqCategoryId AND faqcat.faqStatus!='0' AND faqque.faqQuestion LIKE '%$queryString%' LIMIT 5"; $query = $con->recordselect("SELECT faqque.faqQuestion as value,faqque.faqCategoryParentId,faqque.faqCategoryId,faqque.faqQuestionAnswerId,faqque.faqQuestionAnswerTime FROM `faqquestionanswer` as faqque, `faqcategory` as faqcat WHERE faqque.faqCategoryParentId=faqcat.faqCategoryId AND faqcat.faqStatus!='0' AND faqque.faqQuestion LIKE '%{$queryString}%' LIMIT 5"); if (mysql_num_rows($query) > 0) { while ($result = mysql_fetch_assoc($query)) { $main_cat = mysql_fetch_assoc($con->recordselect("SELECT * FROM faqcategory WHERE faqCategoryId='" . $result['faqCategoryParentId'] . "'")); $sub_cat = mysql_fetch_assoc($con->recordselect("SELECT * FROM faqcategory WHERE faqCategoryId='" . $result['faqCategoryId'] . "'")); echo '<li onclick="fill(' . $main_cat['faqCategoryId'] . ',' . addQuotes(Slug($result['value'])) . ');" class=""> <h3 class="faq_questionlist">' . $result['value'] . '</h3> <div class="faq-category">in ' . $main_cat['faqcategoryName'] . ' / ' . $sub_cat['faqcategoryName'] . '</div> </li>'; } echo '<a href="javascript:void(0)"><span class="faq-icon-arrow-search"></span> see all ' . $total_faq_question . ' results </a>'; } else { echo 'Sorry, we couldn\'t find anything.'; } } else { } }
$sql = "INSERT INTO tmp_domicilios (mp_usuario, mp_idcodigospostales, mp_idubicacion, mp_cpostal, mp_cpa, mp_calle, mp_desde, mp_hasta, mp_localidad, mp_provincia, mp_idprovincia, mp_partido) ".$sql1; DBExecSql($conn, $sql, $params1, OCI_DEFAULT); $sql = "INSERT INTO tmp_domicilios (mp_usuario, mp_idcodigospostales, mp_idubicacion, mp_cpostal, mp_cpa, mp_calle, mp_desde, mp_hasta, mp_localidad, mp_provincia, mp_idprovincia, mp_partido) ".$sql2; DBExecSql($conn, $sql, $params2, OCI_DEFAULT); // FIN - Agregar registros en tabla temporal.. $sql = "SELECT DISTINCT mp_cpostal || '-' || mp_localidad ¿id?, ¿mp_cpostal?, ¿mp_localidad?, ¿mp_provincia?, 'Seleccionar' ¿seleccionar? FROM tmp_domicilios WHERE mp_usuario = ".addQuotes(getComputerAndUserName()); $grilla = new Grid(10, 10); $grilla->addColumn(new Column(" ", 1, true, false, 5, "btnSeleccionar", $_SERVER["PHP_SELF"]."?sd=t", "")); $grilla->addColumn(new Column("C. Postal", 60)); $grilla->addColumn(new Column("Localidad")); $grilla->addColumn(new Column("Provincia")); $grilla->addColumn(new Column("", 0, false)); $grilla->setOrderBy($ob); $grilla->setPageNumber($pagina); $grilla->setShowProcessMessage(true); $grilla->setSql($sql); $grilla->setTableStyle("GridTableCiiu"); $grilla->Draw(); ?> <script type="text/javascript">
</form> <div align="center" id="divContent" name="divContent"> <div id="divTopGrilla" style="display:none"> <b>Total de registros</b> <span id="total" style="margin-right:200px;">---</span> <a id="LinkToExcel" href="" target="_blank"> <img src="/images/excel.png" style="height:28px; vertical-align:-10px; width:28px;" title="Exportar Grilla a Excel" /> </a> </div> <? if ((isset($_REQUEST["buscar"])) and ($_REQUEST["buscar"] == "yes")) { $where = ""; if ($fechaDesde != "") $where.= " AND ie_fecha >= TO_DATE(".addQuotes($fechaDesde).", 'dd/mm/yyyy')"; if ($fechaHasta != "") $where.= " AND ie_fecha <= TO_DATE(".addQuotes($fechaHasta).", 'dd/mm/yyyy')"; if ($tema != -1) { if ($tema == -2) $where.= " AND ie_idpublicado < 0"; else $where.= " AND it_id = ".$tema; } if ($titulo != -1) { if ($titulo < 0) $where.= " AND ie_idpublicado = ".($titulo + 1); else $where.= " AND ip_id = ".$titulo; } if ($usuario != -1) $where.= " AND se_id = ".$usuario; $sql =
function SetNumberFormatOracle($format = ".,") { // Configura el formato de los campos de tipo Number que devuelven los querys.. global $conn; $sql = "ALTER SESSION SET NLS_NUMERIC_CHARACTERS = " . addQuotes($format); DBExecSql($conn, $sql); }
":id" => $id, ":idtema" => $_POST["tema"], ":titulo" => $_POST["Titulo"], ":usualta" => GetWindowsLoginName()); DBExecSql($conn, $sql, $params); } else { $sql = "UPDATE intra.cip_informepublicado SET ip_idtema = :idtema, ip_titulo = :titulo, ip_activo = :activo, ip_usumodif = UPPER(:usumodif), ip_fechamodif = SYSDATE"; if ($filePath != "") $sql.= ", ip_archivo = ".addQuotes($filePath); $sql.= " WHERE ip_id = :id"; $params = array(":activo" => $_POST["Activo"], ":id" => $id, ":idtema" => $_POST["tema"], ":titulo" => $_POST["Titulo"], ":usumodif" => GetWindowsLoginName()); DBExecSql($conn, $sql, $params); } } catch (Exception $e) { echo "<script>alert('".$e->getMessage()."');</script>"; exit; } ?>
} if ($notaPrincipal == "S" and $_REQUEST["TipoOp"] != "B") { // Si es un alta o una modificación.. $sql = "UPDATE rrhh.rap_articulosprensa SET ap_notaprincipal = 'N'"; DBExecSql($conn, $sql, array()); } if ($_REQUEST["TipoOp"] == "A") { // Alta.. $blobParamName = "the_clob"; $sql = "INSERT INTO rrhh.rap_articulosprensa\n \t\t(ap_id, ap_fecha, ap_fuente, ap_titulo, ap_contenido, ap_fechaalta, ap_usualta, ap_notaprincipal)\n \t\t VALUES (-1, " . SqlDate($_REQUEST["Fecha"]) . ", " . addQuotes($_REQUEST["Fuente"]) . ", " . addQuotes($_REQUEST["Titulo"]) . ", EMPTY_CLOB(), SYSDATE, UPPER(" . addQuotes(GetWindowsLoginName()) . "), " . addQuotes($notaPrincipal) . ")\n \t RETURNING ap_contenido INTO :" . $blobParamName; DBSaveLob($conn, $sql, $blobParamName, $_REQUEST["Contenido"], OCI_B_CLOB); } if ($_REQUEST["TipoOp"] == "M") { // Modificación.. $blobParamName = "the_clob"; $sql = "UPDATE rrhh.rap_articulosprensa\n \t\t\tSET ap_fecha = " . SqlDate($_REQUEST["Fecha"]) . ",\n \t\t\t \tap_fuente = " . addQuotes($_REQUEST["Fuente"]) . ",\n \t\t \t\tap_titulo = " . addQuotes($_REQUEST["Titulo"]) . ",\n \t\t \t\tap_contenido = EMPTY_CLOB(),\n\t \t\t \tap_fechamodif = SYSDATE,\n \t\t\t \tap_usumodif = UPPER(" . addQuotes(GetWindowsLoginName()) . "),\n\t\t\t\t\t\tap_notaprincipal = " . addQuotes($notaPrincipal) . "\n\t\t\tWHERE ap_id = " . $_REQUEST["id"] . "\n\tRETURNING ap_contenido INTO :" . $blobParamName; DBSaveLob($conn, $sql, $blobParamName, $_REQUEST["Contenido"], OCI_B_CLOB); } if ($_REQUEST["TipoOp"] == "B") { // Baja.. $params = array(":usubaja" => GetWindowsLoginName(), ":id" => $_REQUEST["id"]); $sql = "UPDATE rrhh.rap_articulosprensa\n\t\t\t\tSET ap_fechabaja = SYSDATE,\n\t\t\t\t\t\tap_usubaja = UPPER(:usubaja)\n\t\t WHERE ap_id = :id"; DBExecSql($conn, $sql, $params); } ?> <script> <? if ($dbError["offset"]) { ?> alert('<?php echo $dbError["message"];
function UpdateSentencia($txtfechasentencia, $txtfecharecep, $jtsentencia, $cmbsentencia, $usuario, $jt_id, $txtimportehonorarios, $txtimporteintereses, $txtimportetasajusticia, $instancia, $txtMontoCondena, $txtPorcentajeIncapacidad) { try { global $conn; extract(ObtenerInstanciaParaSentencia($_SESSION["NroJuicio"]), EXTR_PREFIX_ALL, "OIPS"); $instancia = $OIPS_IJ_ID; $blobParamName = "the_clob"; //$txtPorcentajeIncapacidad = floatval($txtPorcentajeIncapacidad); $txtPorcentajeIncapacidad = Getfloat($txtPorcentajeIncapacidad); $txtMontoCondena = Getfloat($txtMontoCondena); if (empty($txtfecharecep)) { $localfecharecep = 'NULL'; } else { $localfecharecep = SqlDate($txtfecharecep); } $sqlUpdate = "UPDATE LEGALES.LJT_JUICIOENTRAMITE \n\t\t\t\t SET JT_IDTIPORESULTADOSENTENCIA = " . $cmbsentencia . ", \n\t\t\t\t JT_FECHASENTENCIA = " . SqlDate($txtfechasentencia) . ",\n\t\t\t\t JT_DETALLESENTENCIA = EMPTY_CLOB(), \n\t\t\t\t JT_MONTOCONDENA = NVL(" . addQuotes($txtMontoCondena) . ", NULL), \n\t\t\t\t JT_PORCENTAJEINCAPACIDAD = NVL(" . addQuotes($txtPorcentajeIncapacidad) . ", NULL), \n\t\t\t\t JT_USUMODIF = " . addQuotes($usuario) . ", \n\t\t\t\t JT_FECHAMODIF = SYSDATE, \n\t\t\t\t JT_FECHARECEPSENTENCIA = " . $localfecharecep . "\n\t\t\t\t WHERE JT_ID = {$jt_id}\n\t\t\t\t RETURNING JT_DETALLESENTENCIA INTO :" . $blobParamName; DBSaveLob($conn, $sqlUpdate, $blobParamName, $jtsentencia, OCI_B_CLOB); //------------------------------------------------------------------------------ $sqlUpdate = " UPDATE legales.lij_instanciajuicioentramite \n\t\t\t\t\t SET ij_idtiporesultadosentencia = " . $cmbsentencia . " , \n\t\t\t\t\t ij_fechasentencia = " . SqlDate($txtfechasentencia) . ",\n\t\t\t\t\t ij_MONTOCONDENA = NVL(" . addQuotes($txtMontoCondena) . ", NULL), \n\t\t\t\t\t ij_PORCENTAJEINCAPACIDAD = NVL(" . addQuotes($txtPorcentajeIncapacidad) . ", NULL), \n\t\t\t\t\t ij_usumodif = " . addQuotes($usuario) . ", \n\t\t\t\t\t ij_fechamodif = SYSDATE, \n\t\t\t\t\t ij_detallesentencia = EMPTY_CLOB(), \n\t\t\t\t\t ij_fecharecepsentencia = " . $localfecharecep . "\n\t\t\t\t\t WHERE ij_idjuicioentramite = " . $jt_id . "\n\t\t\t\t\t AND ij_id = " . $instancia . "\n\t\t\t\t\t RETURNING ij_detallesentencia INTO :" . $blobParamName; DBSaveLob($conn, $sqlUpdate, $blobParamName, $jtsentencia, OCI_B_CLOB); //------------------------------------------------------------------------------ DBCommit($conn); return true; } catch (Exception $e) { DBRollback($conn); //ErrorConeccionDatos($e->getMessage()); //return false; throw new Exception($e->getMessage()); } }
$params = array(":usubaja" => GetWindowsLoginName(), ":idtema" => $_REQUEST["id"]); DBExecSql($conn, $sql, $params); ?> <script> window.parent.location.reload(); </script> <? } if ($_REQUEST["action"] == "G") { // Guardar.. try { if ($_POST["Id"] == -1) // Es una alta.. $sql = "INSERT INTO intra.cit_informetemas (it_tema, it_usualta, it_fechaalta) VALUES (".addQuotes($_POST["NombreTema"]).", UPPER(".addQuotes(GetWindowsLoginName())."), SYSDATE)"; else $sql = "UPDATE intra.cit_informetemas SET it_tema = :tema, it_usumodif = UPPER(:usumodif), it_fechamodif = SYSDATE WHERE it_id = :id"; $params = array(":tema" => $_POST["NombreTema"], ":usumodif" => GetWindowsLoginName(), ":id" => $_POST["Id"]); DBExecSql($conn, $sql, $params); } catch (Exception $e) { echo "<script>alert('".$e->getMessage()."');</script>"; exit; } ?>
/** * 直接使用db类,不新建[table]类时, 指定table * @param null $tab * @return static * @throws Exception */ public static function table($tab = '', $return = true) { if ($tab) { static::$table = addQuotes(strtolower($tab)); if ($return) { return new static(); } return null; } return "table name is needed"; }
<?php include 'config.php'; $email = $_GET['email']; //$email = urldecode($email); function addQuotes($str) { return "'{$str}'"; } $email = addQuotes($email); ChromePhp::log($email); $connection = mysqli_connect($server, $user_name, $pass_word, $database) or die("Error " . mysqli_error($connection)); //fetch specific user provided by url db if ($email != "*") { $sql = "SELECT * FROM user_info WHERE user_email={$email}"; } else { $sql = "SELECT * FROM user_info"; } ChromePhp::log($sql); //fetch all users //$sql = "SELECT * FROM user_info"; $result = mysqli_query($connection, $sql) or die("Error in Selecting " . mysqli_error($connection)); //create an array $emparray = array(); while ($row = mysqli_fetch_assoc($result)) { $emparray[] = $row; } echo json_encode($emparray); //close the db connection mysqli_close($connection);
function addComillasFormat($format) { $sqltext = addQuotes($format); return $sqltext; }
<tr> <td rowspan="<?php echo $totRecords; ?> " align="center" bgcolor="#807F84" style="border-style: solid; border-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px" bordercolor="#C0C0C0" width="26%"><font style="FONT-SIZE: 8pt" face="Trebuchet MS" color="#ffffff"><?php echo $row["FC_DETALLE"]; ?> </font></td> <? $default = " "; if (habilitarTerceraSeccion() != "DISABLED") $default = "- Seleccione una opción -"; $params = array(":idfactorconocimiento" => $row["FC_ID"], ":idlogin" => $_SESSION["idEvaluado"]); $sql = "SELECT NVL(pc_iditemconocimiento, -1) iditemconocimiento, NVL(pi_descripcion, ".addQuotes($default).") itemconocimiento, sc_detalle, sc_id FROM rrhh.dsc_subfactorconocimiento, rrhh.dpc_conocimiento, rrhh.dpi_itemconocimiento WHERE sc_id = pc_idsubfactorconocimiento(+) AND pc_iditemconocimiento = pi_id(+) AND sc_idfactorconocimiento = :idfactorconocimiento AND pc_idlogin(+) = :idlogin ORDER BY sc_id"; $stmt2 = DBExecSql($conn, $sql, $params); $row2 = DBGetQuery($stmt2) ?> <td style="border-bottom: 1px dotted #C0C0C0; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px" width="330"><font style="FONT-SIZE: 8pt" face="Trebuchet MS"><?php echo $row2["SC_DETALLE"]; ?> </font></td> <td style="border-bottom: 1px dotted #C0C0C0; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px" width="24%"> <input id="idCombo<?php
public function test_addQuotes() { // FIXME: not quoting existing quote signs is probably a bug $this->assertSame("'St. John's'", addQuotes("St. John's")); $this->assertSame("''", addQuotes('')); }
$anchoImagenes = 250; break; case 3: $altoImagenes = 82; $anchoImagenes = 100; break; } if ($esAlta) { // Alta.. $blobParamName = "the_clob"; $sql = "INSERT INTO rrhh.rna_noticiasarteria\n\t\t\t\t\t\t\t\t\t(na_altoimagenes, na_anchoimagenes, na_colortitulo, na_fechaalta, na_idboletin, na_nota, na_numeroplantilla,\n\t\t\t\t\t\t\t\t\t na_posicion, na_titulo, na_usualta)\n\t\t\t\t\t VALUES (" . $altoImagenes . ", " . $anchoImagenes . ", " . addQuotes($_POST["fondo"], true) . ", SYSDATE, " . $_POST["idboletin"] . ", EMPTY_CLOB(), " . nullIsEmpty($_POST["plantilla"]) . ", " . $_POST["num"] . ", " . addQuotes($_POST["titulo"], true) . ", " . addQuotes(GetWindowsLoginName(true)) . ")\n\t\t\t\t RETURNING na_nota INTO :" . $blobParamName; DBSaveLob($conn, $sql, $blobParamName, $_POST["cuerpo"], OCI_B_CLOB); } else { // Modificación.. $blobParamName = "the_clob"; $sql = "UPDATE rrhh.rna_noticiasarteria\n\t\t\t\t\tSET na_altoimagenes = " . $altoImagenes . ",\n\t\t\t\t\t\t\tna_anchoimagenes = " . $anchoImagenes . ",\n\t\t\t\t\t\t\tna_colortitulo = " . addQuotes($_POST["fondo"], true) . ",\n\t\t\t\t\t\t\tna_fechamodif = SYSDATE,\n\t\t\t\t\t\t\tna_nota = EMPTY_CLOB(),\n\t\t\t\t\t\t\tna_numeroplantilla = " . nullIsEmpty($_POST["plantilla"]) . ",\n\t\t\t\t\t\t\tna_titulo = " . addQuotes($_POST["titulo"], true) . ",\n\t\t\t\t\t\t\tna_usumodif = " . addQuotes(GetWindowsLoginName(true)) . "\n\t\t\t\tWHERE na_idboletin = " . $_POST["idboletin"] . "\n\t\t\t\t\tAND na_posicion = " . $_POST["num"] . "\n\t\tRETURNING na_nota INTO :" . $blobParamName; DBSaveLob($conn, $sql, $blobParamName, $_POST["cuerpo"], OCI_B_CLOB); // Guardo el comentario de las imagenes.. $recs = split("@_@", $_POST["descripcion_imagenes"]); foreach ($recs as $value) { $fields = split("=_=", $value); if ($fields[0] != "") { $params = array(":descripcion" => substr($fields[1], 0, 128), ":usumodif" => GetWindowsLoginName(true), ":id" => $fields[0]); $sql = "UPDATE rrhh.ria_imagenesarteria\n\t\t\t\t\t\t\tSET ia_descripcion = :descripcion,\n\t\t\t\t\t\t\t\t\tia_fechamodif = SYSDATE,\n\t\t\t\t\t\t\t\t\tia_usumodif = :usumodif\n\t\t\t\t\t\tWHERE ia_id = :id"; DBExecSql($conn, $sql, $params, OCI_DEFAULT); } } } DBCommit($conn); } catch (Exception $e) { DBRollback($conn);