PHP sanitize_for_db Beispiele

Programmiersprache: PHP

Methode / Funktion: sanitize_for_db

Beispiele auf hotexamples.com: 2

PHP sanitize_for_db - 2 Beispiele gefunden. Dies sind die am besten bewerteten PHP Beispiele für die sanitize_for_db, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

Datei: functions.php Projekt: skelegon/I244

function suspend_user($id)
{
    if (!is_admin()) {
        header("Location: ?mode=login");
    } else {
        global $connection;
        $get_status = "SELECT status FROM 10153316_user WHERE user_ID='" . sanitize_for_db($connection, $id) . "'";
        $status = mysqli_fetch_assoc(mysqli_query($connection, $get_status))['status'];
        if ($status == 1) {
            $sql = "UPDATE 10153316_user SET status='0' WHERE user_ID='" . sanitize_for_db($connection, $id) . "'";
            $result = mysqli_query($connection, $sql);
            cancel_user_request($id);
            suspend_user_items($id);
            return "Successfully suspended!";
        }
        $sql = "UPDATE 10153316_user SET status='1' WHERE user_ID='" . sanitize_for_db($connection, $id) . "'";
        $result = mysqli_query($connection, $sql);
        suspend_user_items($id);
        return "Successfully un-suspended!";
    }
}

Beispiel #2

Datei anzeigen

Datei: addproduct.php Projekt: skelegon/I244

 }
 if (empty($_POST["category"])) {
     $errors[] = "Please choose item category";
 }
 if (empty($errors)) {
     global $connection;
     //var_dump($_POST);
     $name = sanitize_for_db($connection, $_POST["name"]);
     $condition = sanitize_for_db($connection, $_POST["condition"]);
     $qty = sanitize_for_db($connection, $_POST["quantity"]);
     $unit = sanitize_for_db($connection, $_POST["unit"]);
     $usrtel = sanitize_for_db($connection, $_POST["usrtel"]);
     $email = sanitize_for_db($connection, $_POST["email"]);
     $p = sanitize_for_db($connection, upload("pic", "pictures/"));
     $description = sanitize_for_db($connection, $_POST["description"]);
     $category = sanitize_for_db($connection, $_POST["category"]);
     $sql = "INSERT INTO 10153316_item (name, cond, quantity, unit, thumbnail, phone, email, description, seller_ID, category_ID) VALUES ('{$name}', '{$condition}', '{$qty}', '{$unit}', 'pictures/" . $p . "', '{$usrtel}', '{$email}', '{$description}', '{$user_ID}', '{$category}')";
     $result = mysqli_query($connection, $sql);
     if (!$result) {
         $errors[] = "Upload failed";
     } else {
         $notifications[] = "Upload successful";
         $name = "";
         $qty = "";
         $unit = "";
         $description = "";
     }
 } else {
     $name = isset($_POST['name']) ? $_POST['name'] : "";
     $condition = isset($_POST['condition']) ? $_POST['condition'] : "";
     $qty = isset($_POST['quantity']) ? $_POST['quantity'] : "";