PHP MySQLDatabase::escapeVal Beispiele

Beispiel #1

Datei: Ticket.php Projekt: jahanzaibbahadur/Ticket-System

 /**
  * Add new ticket into database.
  *
  * @access	public
  * @param	int	Selected urgency.
  * @param	int	Selected category.
  * @param	string	Subject of the ticket.
  * @param	string	Content of the ticket.
  */
 public function addTicket($urgency, $services, $subject = "", $content = "")
 {
     if ($this->validator->required($urgency, $services, $subject, $content)) {
         $query1 = $this->chkTicketExistance("table", "ts_ticket_topic", "subject", $subject);
         $query2 = $this->chkTicketExistance("table", "ts_ticket_topic", "content", $content);
         if (!$query1 && !$query2) {
             // Later user method whoIsFromStaff
             $this->db->query("\n\t\t\t\t\tINSERT INTO ts_ticket_topic(\n\t\t\t\t\t\tid,\n\t\t\t\t\t\tauthor_id,\n\t\t\t\t\t\trecepient_id,\n\t\t\t\t\t\tsubject,\n\t\t\t\t\t\tdate_time,\n\t\t\t\t\t\tcategory_id,\n\t\t\t\t\t\tpriority_id,\n\t\t\t\t\t\tstatus_id,\n\t\t\t\t\t\tcontent,\n\t\t\t\t\t\tuser_ip\n\t\t\t\t\t) VALUES(\n\t\t\t\t\t\tNULL,\n\t\t\t\t\t\t" . $this->db->escapeVal($_SESSION['id']) . ",\n\t\t\t\t\t\t1,\n\t\t\t\t\t\t'" . $this->db->escapeVal($subject) . "',\n\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t" . $this->db->escapeVal($services) . ",\n\t\t\t\t\t\t" . $this->db->escapeVal($urgency) . ",\n\t\t\t\t\t\t1,\n\t\t\t\t\t\t'" . $this->db->escapeVal($this->validator->eliminateTags($content)) . "',\n\t\t\t\t\t\t'" . $this->db->escapeVal($_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t\t)\n\t\t\t\t");
         }
     }
     header("Location: / ");
 }

Beispiel #2

Datei: Pagination.php Projekt: jahanzaibbahadur/Ticket-System

 /**
  * Calculate the number of pages.
  *
  * @access	public
  * @return	int
  */
 public function getNumPages()
 {
     if ($this->user->ugroup == 1) {
         $query = "SELECT COUNT(1) AS total FROM ts_tickets_view WHERE status_name = 'Opened'";
         $total = $this->db->fetchAssoc($query);
     } else {
         $query = "SELECT COUNT(1) AS total FROM ts_tickets_view WHERE author_id = " . $this->db->escapeVal($this->user->id);
         $total = $this->db->fetchAssoc($query);
     }
     $this->totalEntryNum = (int) $total['total'];
     $this->numPages = ceil($this->totalEntryNum / $this->entryPerPage);
     return $this->numPages;
 }

Beispiel #3

Datei: UserManager.php Projekt: jahanzaibbahadur/Ticket-System

 /**
  * Search for user in database. Check whether user is
  * a numeric value, for example user id or is it an array
  * of user attributes.
  *
  * @access	public
  * @param	int | array
  * @return	array | bool
  */
 public function chkUserExistance($user)
 {
     if (is_numeric($user)) {
         $query = "\n\t\t\t\tSELECT id, username, userpass, email, ugroup\n\t\t\t\tFROM ts_users\n\t\t\t\tWHERE id = " . $this->db->escapeVal($user) . "\n\t\t\t\tLIMIT 1\n\t\t\t";
         return $query;
     } else {
         if (is_array($user)) {
             $query = "\n\t\t\t\tSELECT id, username, userpass, email, ugroup\n\t\t\t\tFROM ts_users\n\t\t\t\tWHERE username = '******'username']) . "'\n\t\t\t\tOR email = '" . $this->db->escapeVal($user['email']) . "'\n\t\t\t\tLIMIT 1\n\t\t\t";
             # If user not found
             if (!($row = $this->db->fetchAssoc($query))) {
                 return false;
             }
             return true;
         }
     }
 }