PHP str_escape Beispiele

Beispiel #1

Datei: CFile.php Projekt: Nikitian/fl-ru-damp

 /**
  * Переименовывает директорию с поддиректориями и файлами в ней. Только для смены логина!!!
  *
  * @param string $new_login	новый логин
  * @param string $old_login	старый логин
  * @return boolean			true, если успешно. false - если не успешно.
  */
 function MoveDir($new_login, $old_login)
 {
     $udir = 'users/';
     $old_path = $udir . substr($old_login, 0, 2) . '/' . $old_login . '/';
     $new_ppath = $udir . substr($new_login, 0, 2) . '/';
     $new_path = $new_ppath . $new_login . '/';
     if (!$this->CheckPath($old_path, false)) {
         return true;
     }
     if (!$this->CheckPath($new_ppath, false)) {
         $this->MakeDir($new_ppath);
     }
     if ($this->_wdp->move('/' . $old_path, '/' . $new_path, 0)) {
         $pold_path = str_escape($old_path, '%_', '!');
         $GLOBALS['DB']->query("UPDATE {$this->table}\n                  SET path = ?::text||substring (path, '/([^/]*)/\$')||'/'\n                WHERE path LIKE '{$pold_path}%' ESCAPE '!'", $new_path);
         return true;
     }
     return false;
 }

Beispiel #2

Datei: file-info.php Projekt: exavolt/fsrv

    $ii = 0;
    while ($param = mysql_fetch_assoc($query_result)) {
        if ($ii > 0) {
            $sets_str .= ',';
        }
        $ss = $sets[intval($param['set_id'])];
        $sets_str .= '"' . $ss['idname'] . '"';
        $ii++;
    }
}
$samples_str = '';
$sql_query = "SELECT * FROM `" . TABLE_PREFIX . "file_imagesample` WHERE `file_id`='" . $file_id . "'";
$query_result = mysql_query($sql_query);
if ($query_result != false) {
    $ii = 0;
    while ($smpl = mysql_fetch_assoc($query_result)) {
        if ($ii > 0) {
            $samples_str .= ',';
        }
        $samples_str .= '{' . '"dimension":"' . $smpl['dimension'] . '",' . '"mode":"' . $smpl['mode'] . '",' . '"name":"' . $smpl['name'] . '",' . '"hash_md5":"' . $smpl['hash_md5'] . '",' . '"width":"' . $smpl['width'] . '",' . '"height":"' . $smpl['height'] . '",' . '"url":"' . base_file_url() . '/' . $user['idname'] . '/' . $smpl['name'] . '"' . '}';
        $ii++;
    }
}
$file_name = $file_info['name'];
# Absolute url
$file_url = base_file_url() . '/' . $user['idname'] . '/' . $file_name;
header('HTTP/1.1 200 OK');
header('Content-Type: application/json');
#TODO: meta
echo '{' . '"name":"' . $file_name . '",' . '"user_id":"' . $user['ID'] . '",' . '"user_idname":"' . $user['idname'] . '",' . '"url":"' . $file_url . '",' . '"base_url":"' . base_file_url() . '",' . '"base_user_url":"' . base_file_url() . '/' . $user['idname'] . '",' . '"content_type":"' . $file_info['content_type'] . '",' . '"size":"' . $file_info['size'] . '",' . '"hash_md5":"' . $file_info['hash_md5'] . '",' . '"original_name":"' . str_escape($file_info['original_name']) . '",' . '"post_params":{' . $post_params_str . '},' . '"sets":[' . $sets_str . '],' . '"samples":[' . $samples_str . ']' . '}';
exit;