PHP escapeText Examples

Example #1

File: db.php Project: GNURub/daw2

 static function parseValues($data, $lower = false)
 {
     $values = "";
     $keys = "";
     foreach ($data as $key => $value) {
         $value = escapeText($value);
         if (!empty($values)) {
             if (is_numeric($value)) {
                 $values .= ", " . $value;
             } else {
                 $value = !!$lower ? strtolower($value) : $value;
                 $values .= ", '" . $value . "'";
             }
             $keys .= ", " . $key;
         } else {
             if (is_numeric($value)) {
                 $values .= $value;
             } else {
                 $value = !!$lower ? strtolower($value) : $value;
                 $values .= "'" . $value . "'";
             }
             $keys .= $key;
         }
     }
     return array("keys" => $keys, "values" => $values);
 }

Example #2

File: Category.model.php Project: GNURub/daw2

 public function toArray($id = false, $withSubcat = false, $group = "")
 {
     $selectSubcat = "";
     $group = escapeText($group);
     if ($withSubcat) {
         $selectSubcat = "NATURAL JOIN subcategorias_categorias";
     }
     if (!empty($group)) {
         $group = "GROUP BY " . $group;
     }
     if (!!$id) {
         $id = escapeText($id);
         $query = "SELECT * FROM {$this->table} {$selectSubcat}\n        WHERE idcategoria = '{$id}' " . $group;
         if (!($_puntero = $this->db->query($query))) {
             throw new Exception($this->db->error, 1);
         }
         return $_puntero->fetch_assoc();
     }
     $query = "SELECT * FROM {$this->table} {$selectSubcat} " . $group;
     if (!($_puntero = $this->db->query($query))) {
         throw new Exception($this->db->error, 1);
     }
     $result = array();
     while ($row = $_puntero->fetch_assoc()) {
         array_push($result, $row);
     }
     return $result;
 }

Example #3

File: Subcategory.model.php Project: GNURub/daw2

 public function toArray($id = false)
 {
     $id = escapeText($id);
     if (!!$id) {
         $query = "SELECT * FROM {$this->table}\n        WHERE idsubcategoria = '{$id}'";
         if (!($_puntero = $this->db->query($query))) {
             throw new Exception($this->db->error, 1);
         }
         return $_puntero->fetch_assoc();
     }
     $query = "SELECT * FROM {$this->table}";
     if (!($_puntero = $this->db->query($query))) {
         throw new Exception($this->db->error, 1);
     }
     $result = array();
     while ($row = $_puntero->fetch_assoc()) {
         array_push($result, $row);
     }
     return $result;
 }

Example #4

File: Client.model.php Project: GNURub/daw2

 function getOrders($username = false, $id = false)
 {
     $by = !empty($username) ? $username : $this->id;
     $by = escapeText($by);
     $id = escapeText($id);
     $q = "";
     $query = "SELECT * FROM compras\n      WHERE username = '******'";
     if (!!$id) {
         $q = " AND (c.idcompra = {$id} OR c.hash_compra = '{$id}')";
     }
     if ($id) {
         $query = "SELECT * FROM compras c LEFT JOIN compras_productos_tallas_colores USING(idcompra)\n        WHERE c.username = '******'" . $q;
     }
     if (!($resultado = $this->db->query($query))) {
         throw new Exception($this->db->error, 1);
     }
     $result = array();
     while ($row = $resultado->fetch_assoc()) {
         array_push($result, $row);
     }
     return $result;
 }

Example #5

File: Product.model.php Project: GNURub/daw2

 public function search($query)
 {
     $query = escapeText($query);
     $q = "SELECT *\n        FROM {$this->table} p\n        NATURAL JOIN imagenes i\n        WHERE\n        (\n            titulo LIKE '%{$query}%'\n            OR descripcion LIKE '%{$query}%'\n            OR marca LIKE '%{$query}%'\n            OR precio LIKE '%{$query}%'\n        )";
     if (!($_puntero = $this->db->query($q))) {
         throw new Exception($this->db->error, 1);
     }
     $result = array();
     while ($row = $_puntero->fetch_assoc()) {
         array_push($result, $row);
     }
     return $result;
 }

Example #6

File: icalendar.inc.php Project: sirokuma0402/iCalForce

function printSfiCalendar($userName, $pass, $ownerId, $baseUrl, $showDetail)
{
    function calguid($str)
    {
        $charid = strtoupper(md5($str));
        $hyphen = chr(45);
        // "-"
        $uuid = "" . substr($charid, 0, 8) . $hyphen . substr($charid, 8, 4) . $hyphen . substr($charid, 12, 4) . $hyphen . substr($charid, 16, 4) . $hyphen . substr($charid, 20, 12);
        return $uuid;
    }
    function get_timezone_offset($remote_tz, $origin_tz = null)
    {
        if ($origin_tz === null) {
            if (!is_string($origin_tz = date_default_timezone_get())) {
                return false;
                // A UTC timestamp was returned -- bail out!
            }
        }
        $origin_dtz = new DateTimeZone($origin_tz);
        $remote_dtz = new DateTimeZone($remote_tz);
        $origin_dt = new DateTime("now", $origin_dtz);
        $remote_dt = new DateTime("now", $remote_dtz);
        $offset = $origin_dtz->getOffset($origin_dt) - $remote_dtz->getOffset($remote_dt);
        return $offset;
    }
    function escapeText($s)
    {
        $v = str_replace("\r\n", "\n", $s);
        $v = str_replace("\r", "\n", $s);
        $v = str_replace("\t", " ", $v);
        $v = str_replace("\v", " ", $v);
        $v = str_replace("\\", "\\\\", $v);
        $v = str_replace("\n", "\\n", $v);
        $v = str_replace(";", "\\;", $v);
        $v = str_replace(",", "\\,", $v);
        return $v;
    }
    try {
        $calGuid = calguid($userName . $ownerId);
        $mySforceConnection = new SforceEnterpriseClient();
        $mySoapClient = $mySforceConnection->createConnection(SOAP_CLIENT_BASEDIR . '/enterprise.wsdl.xml');
        $mylogin = $mySforceConnection->login($userName, $pass);
        $nowDate = new DateTime();
        $startDate = clone $nowDate;
        $startDate = $startDate->sub(new DateInterval('P366D'));
        $endDate = clone $nowDate;
        $endDate = $endDate->add(new DateInterval('P400D'));
        $query = 'SELECT Id, Name, TimeZoneSidKey from User where Id = \'' . $ownerId . '\'';
        $users = $mySforceConnection->query($query);
        if (count($users->records) == 0) {
            header('HTTP/1.1 403 Forbidden');
            echo 'no data';
            exit;
        }
        $query = '
SELECT
   Id
 , Subject
 , ActivityDateTime
 , StartDateTime
 , EndDateTime
 , Location ' . ($showDetail ? ' , Description ' : '') . '
 , IsAllDayEvent
 , OwnerId
from Event
where
      OwnerId = \'' . $ownerId . '\'
  and StartDateTime >= ' . gmdate('Y-m-d\\TH:i:s\\Z', $startDate->getTimestamp()) . '
  and StartDateTime <  ' . gmdate('Y-m-d\\TH:i:s\\Z', $endDate->getTimestamp()) . '
order by StartDateTime limit 10000';
        $response = $mySforceConnection->query($query);
        header("Cache-Control: no-cache");
        header('Content-type: text/plain; charset=utf-8');
        //header('Content-Disposition: attachment; filename="' . $calGuid . '.ics"');
        $tzoffset = get_timezone_offset('UTC', $users->records[0]->TimeZoneSidKey);
        $tzoffset = (int) ($tzoffset / 3600) * 100 + (int) ($tzoffset / 60) % 60;
        echo "BEGIN:VCALENDAR\r\n", "PRODID:My Cal\r\n", "VERSION:2.0\r\n", "METHOD:PUBLISH\r\n", "CALSCALE:GREGORIAN\r\n", "BEGIN:VTIMEZONE\r\n", "TZID:", $users->records[0]->TimeZoneSidKey, "\r\n", "BEGIN:STANDARD\r\n", "DTSTART:19700101T000000Z\r\n", "TZOFFSETFROM:", sprintf('%1$+05d', $tzoffset), "\r\n", "TZOFFSETTO:", sprintf('%1$+05d', $tzoffset), "\r\n", "END:STANDARD\r\n", "END:VTIMEZONE\r\n", "X-WR-CALNAME:", escapeText($users->records[0]->Name), "'s calendar\r\n", "X-WR-CALDESC:", escapeText($users->records[0]->Name), "'s calendar\r\n", "X-WR-RELCALID:", $calGuid, "\r\n", "X-WR-TIMEZONE:Asia/Tokyo\r\n";
        foreach ($response->records as $record) {
            $dateFmt = 'Ymd\\THis\\Z';
            $timeAdd = 0;
            if ($record->IsAllDayEvent) {
                $dateFmt = 'Ymd';
                $timeAdd = 3600 * 24;
            }
            echo "BEGIN:VEVENT\r\n", "UID:mycal/", $calGuid, "/", $record->Id, "\r\n", !$record->IsAllDayEvent ? "DTSTAMP:" . gmdate('Ymd\\THis\\Z', strtotime($record->StartDateTime)) . "\r\n" : '', "DTSTART:", gmdate($dateFmt, strtotime($record->StartDateTime)), "\r\n", "DTEND:", gmdate($dateFmt, strtotime($record->EndDateTime) + $timeAdd), "\r\n", "SUMMARY:", escapeText($record->Subject), "\r\n", "DESCRIPTION:", $baseUrl, "/", $record->Id, $showDetail && isset($record->Description) ? '\\n\\n' . escapeText($record->Description) : '', "\r\n", "LOCATION:", isset($record->Location) ? escapeText($record->Location) : '', "\r\n", "END:VEVENT\r\n";
        }
        echo "END:VCALENDAR\r\n";
    } catch (Exception $e) {
        echo $e;
        exit;
    }
}

Example #7

File: FormHelper.php Project: letsdrink/ouzo

function passwordFieldTag($name, $value, array $attributes = array())
{
    $attr = _prepareAttributes($attributes, array('name' => $name, 'value' => escapeText($value)));
    return '<input type="password" ' . $attr . '/>';
}

Example #8

File: post.php Project: qorcjftns/devlog

function editPost()
{
    if (!isset($_SESSION['user'])) {
        $_SESSION['error'] .= "Please Log in and retry.";
        header("Location: " . $_POST['from']);
        return;
    }
    if (!isset($_POST['tag']) || count($_POST['tag']) == 0) {
        $_SESSION['error'] .= "Please set more than one tag.";
        header("Location: " . $_POST['from']);
        return;
    }
    $con = new mysqli("localhost", "root", "cjftns119", "DevLog");
    $user_id = $_SESSION['user']['u_id'];
    $post_id = $_POST['p_id'];
    $title = mysqli_real_escape_string($con, $_POST['title']);
    $body = mysqli_real_escape_string($con, escapeText($_POST['body']));
    $raw = mysqli_real_escape_string($con, $_POST['body']);
    // Check if the user can delete post.
    $query = "SELECT p_user FROM dl_posts WHERE p_id={$post_id}";
    $result = $con->query($query);
    $row = $result->fetch_assoc();
    if ($row['p_user'] != $user_id) {
        $_SESSION['error'] .= "You don't have permission to delete this post.";
        header("Location: " . $_POST['from']);
        return;
    }
    $tags = $_POST['tag'];
    // Check if there is bad tag
    for ($i = 0; $i < count($tags); $i++) {
        $tag = mysqli_real_escape_string($con, $tags[$i]);
        $query = "SELECT t_special FROM dl_tags WHERE BINARY t_name = '{$tag}'";
        $result = $con->query($query);
        if ($result->num_rows > 0) {
            $row = $result->fetch_assoc();
            if ($row['t_special'] == 1) {
                $_SESSION['error'] .= "Tag '" . $tag . "' is not valid. Please try different tag name.";
                header("Location: " . $_POST['from']);
                return;
            }
        }
    }
    // Remove tag list.
    $query = "DELETE FROM dl_posts_tags WHERE pt_post={$post_id}";
    $con->query($query);
    // tags
    for ($i = 0; $i < count($tags); $i++) {
        $tag = mysqli_real_escape_string($con, $tags[$i]);
        $query = "SELECT t_id FROM dl_tags WHERE BINARY t_name = '{$tag}'";
        $result = $con->query($query);
        if ($result->num_rows == 0) {
            $query = "INSERT INTO dl_tags(t_name) VALUES ('{$tag}')";
            $con->query($query);
            $query = "SELECT t_id FROM dl_tags WHERE BINARY t_name = '{$tag}'";
            $result = $con->query($query);
        }
        $row = $result->fetch_assoc();
        $query = "INSERT INTO dl_posts_tags(pt_post, pt_tag) VALUES ({$post_id}, {$row['t_id']})";
        $con->query($query);
        echo "{$tag}({$row['t_id']}) : " . $con->error . "<br>";
    }
    $query = "UPDATE dl_posts SET p_title = '{$title}', p_body = '{$body}', p_body_raw = '{$raw}' WHERE p_id={$post_id}";
    $con->query($query);
    $con->close();
    header("Location: /b/" . join($tags, "/") . "/" . $post_id);
    return;
}