/**
* return var escaped to prevent database injection attacks.
*
* @param $par string string variable to clean
*/
public function clean($par)
{
// temporal
// remove any & character
//$par = str_replace( '&', '', $par );
//Stripslashes
if (get_magic_quotes_gpc()) {
$par = stripslashes($par);
}
//Quote
$conex = Fishbones::getDB()->conex;
$val = mysql_real_escape_string($par, $conex);
return $val;
}
/////////////////////////////////////////////////////////////////////////////
Fishbones::getDB()->startTransaction();
/////////////////////////////////////////////////////////////////////////////
// db query
$sql = "\r\n\tSELECT \r\n\t*\r\n\tFROM items_{$groupId}\r\n\tWHERE\r\n\titem_id = {$itemId}\r\n";
$result = Fishbones::getDB()->queryAsArray($sql);
if ($result === false) {
Fishbones::getDB()->rollback();
Fishbones::getPump()->outXmlErrorString("database error 80");
}
// check if item has been deleted
if (count($result) == 0) {
Fishbones::getDB()->rollback();
Fishbones::getPump()->outXmlValue("del");
}
$some_data = $result['0']['some_data'];
Fishbones::getLog()->writeDebug('itemCreatorId: ' . $some_data);
$new_data = strrev($some_data);
///////////////////////////////////////////////////////////////////////////
// update
$sql = "\r\n\tUPDATE items_{$groupId} SET\r\n\r\n\tsome_data = '\${$new_data}'\r\n\t\r\n\tWHERE vote_user_id = '{$userId}'\r\n\titem_id = '{$itemId}'\r\n";
$check = Fishbones::getDB()->query($sql);
if ($check === false) {
Fishbones::getDB()->rollback();
Fishbones::getPump()->outXmlErrorString("Error 92");
}
///////////////////////////////////////////////////////////////////////////
Fishbones::getDB()->commit();
///////////////////////////////////////////////////////////////////////////
// output
Fishbones::getPump()->outXmlValue('ok');
<?php // fishbones sample webservice: // // simple load data as xml. // The xml data can be used to feed a model in the client // point this to start.php $pathToStart = '../../start.php'; include $pathToStart; /////////////////////////////////////////////////////////////////////////// // read data and send as xml $sql = "\r\nSELECT some_data\r\nFROM some_table st\r\n"; // get query result as xml dom $xmlResul = Fishbones::getDB()->queryAsXmlDom($sql); // output Fishbones::getPump()->outXml($xmlResul);
