public static function prep($value)
{
if (MAGIC_QUOTES_ACTIVE) {
// If magic quotes is active, remove the slashes
$value = stripslashes($value);
}
// Escape special characters to avoid SQL injections
$value = self::$_connection->real_escape_string($value);
return $value;
}
/**
* Escape single value
* @param mixed $val
* @return string - escaped values with single quotes around
*/
public function escapeValue($val)
{
if ($val === Db::NULL) {
return 'NULL';
}
if (!$this->dbOnline) {
die;
}
if (is_array($val)) {
$ret = array();
foreach ($val as $subval) {
$ret[] = "'" . $this->connection->real_escape_string($subval) . "'";
}
return implode(', ', $ret);
}
return "'" . $this->connection->real_escape_string($val) . "'";
}
<?php
if (isset($_POST['name'], $_POST['age'])) {
$db = new Mysqli("localhost", "root", "", "postdata");
$name = $db->real_escape_string($_POST['name']);
$age = (int) $_POST['age'];
$query = "INSERT INTO data SET mydata='{$name}, {$age}'";
$db->query($query);
}
/**
* Using native connector, string provided will be escaped.
*
* @param string $string String to be escaped.
* @return string
*/
public function realEscape($string)
{
return $this->link->real_escape_string($string);
}
$result = $user->logIn($_POST['username'], $_POST['password'], $_POST['auth']);
if (!is_array($result)) {
$error['type'] = "login";
$error['message'] = $result;
} else {
$_SESSION['user_session'] = $result['username'];
$_SESSION['user_admin'] = $result['admin'];
$_SESSION['user_supportpin'] = $result['supportpin'];
$_SESSION['user_id'] = $result['id'];
header("Location: index.php");
}
break;
case "register":
$result = $user->add($_POST['username'], $_POST['password'], $_POST['confirmPassword']);
if ($result !== true) {
$error['type'] = "register";
$error['message'] = $result;
} else {
$username = $mysqli->real_escape_string(strip_tags($_POST['username']));
$_SESSION['user_session'] = $username;
$_SESSION['user_supportpin'] = "Faça login novamente para ver o ID do Suporte.";
header("Location: index.php");
}
break;
}
}
include "view/header.php";
include "view/home.php";
include "view/footer.php";
}
$mysqli->close();
public function __construct()
{
$args = func_get_args();
for ($i = 0; $i < 6; $i++) {
if (!isset($args[$i])) {
$args[$i] = NULL;
}
}
if ($args[0] instanceof \MySQLi) {
$mysqli = $args[0];
} else {
$mysqli = new \Mysqli($args[0], $args[1], $args[2], $args[3], $args[4], $args[5]);
}
$callbacks = array();
$wrapper = $this;
$callbacks['__tostring'] = function () use($mysqli) {
@($res = '(Gaia\\DB\\MySQLi object - ' . "\n" . ' [affected_rows] => ' . $mysqli->affected_rows . "\n" . ' [client_info] => ' . $mysqli->client_info . "\n" . ' [client_version] => ' . $mysqli->client_version . "\n" . ' [connect_errno] => ' . $mysqli->connect_errno . "\n" . ' [connect_error] => ' . $mysqli->connect_error . "\n" . ' [errno] => ' . $mysqli->errno . "\n" . ' [error] => ' . $mysqli->error . "\n" . ' [field_count] => ' . $mysqli->field_count . "\n" . ' [host_info] => ' . $mysqli->host_info . "\n" . ' [info] => ' . $mysqli->info . "\n" . ' [insert_id] => ' . $mysqli->insert_id . "\n" . ' [server_info] => ' . $mysqli->server_info . "\n" . ' [server_version] => ' . $mysqli->server_version . "\n" . ' [sqlstate] => ' . $mysqli->sqlstate . "\n" . ' [protocol_version] => ' . $mysqli->protocol_version . "\n" . ' [thread_id] => ' . $mysqli->thread_id . "\n" . ' [warning_count] => ' . $mysqli->warning_count . "\n" . ')');
return $res;
};
$callbacks['prep_args'] = $prep_args = function ($query, array $args) use($mysqli) {
if (!$args || count($args) < 1) {
return $query;
}
return \Gaia\DB\Query::prepare($query, $args, function ($v) use($mysqli) {
return "'" . $mysqli->real_escape_string($v) . "'";
});
};
$callbacks['execute'] = function ($query) use($mysqli, $prep_args) {
$args = func_get_args();
array_shift($args);
return $mysqli->query($prep_args($query, $args));
};
$callbacks['start'] = function () use($mysqli) {
return $mysqli->query('START TRANSACTION');
};
$callbacks['autocommit'] = function ($mode) use($wrapper) {
return $mode ? $wrapper->commit() : $wrapper->start();
};
$callbacks['hash'] = function () use($mysqli) {
return spl_object_hash($mysqli);
};
$callbacks['rollback'] = function () use($mysqli) {
return $mysqli->query('ROLLBACK');
};
$callbacks['commit'] = function () use($mysqli) {
return $mysqli->query('COMMIT');
};
$callbacks['prepare'] = function ($query) {
trigger_error('unsupported method ' . __CLASS__ . '::' . __FUNCTION__, E_USER_ERROR);
exit;
};
$callbacks['close'] = function () use($mysqli, $wrapper) {
Connection::remove($wrapper);
if ($wrapper->lock) {
return FALSE;
}
$rs = $mysqli->close();
$wrapper->lock = TRUE;
return $rs;
};
$callbacks['__get'] = function ($k) use($mysqli) {
return $mysqli->{$k};
};
$callbacks['__call'] = function ($method, array $args) use($mysqli) {
return call_user_func_array(array($mysqli, $method), $args);
};
$callbacks['query'] = function ($query, $mode = MYSQLI_STORE_RESULT) use($mysqli, $wrapper) {
if ($wrapper->lock) {
return FALSE;
}
$res = $mysqli->query($query, $mode);
if ($res) {
return $res;
}
if ($wrapper->txn) {
Transaction::block();
$wrapper->lock = TRUE;
}
return $res;
};
$callbacks['multi_query'] = function ($query) use($mysqli, $wrapper) {
if ($wrapper->lock) {
return FALSE;
}
$res = $mysqli->multi_query($query);
if ($res) {
return $res;
}
if ($wrapper->txn) {
Transaction::block();
$wrapper->lock = TRUE;
}
return $res;
};
$callbacks['real_query'] = function ($query) use($mysqli, $wrapper) {
if ($wrapper->lock) {
return FALSE;
}
$res = $mysqli->real_query($query);
if ($res) {
return $res;
}
if ($wrapper->txn) {
Transaction::block();
$wrapper->lock = TRUE;
}
return $res;
};
$callbacks['isa'] = function ($name) use($wrapper, $mysqli) {
if ($wrapper instanceof $name) {
return TRUE;
}
if ($mysqli instanceof $name) {
return TRUE;
}
$name = strtolower($name);
if ($name == 'mysqli') {
return TRUE;
}
//if( strpos($name, 'mysqli') !== FALSE ) return TRUE;
return FALSE;
};
parent::__construct($callbacks);
}