function getFileContent($m) { global $xmlrpcerruser; global $xmlrpcString; $file_name = $m->getParam(0); $file_path = $m->getParam(1); $file_name = $file_name->scalarval(); $file_path = $file_path->scalarval(); $sql = "SELECT * FROM `" . DB_PREFIX . DB_TBL_FILES . "` WHERE \n\t\t`name` = '" . mysql_escape_string($file_name) . "' AND \n\t\t`path` = '" . mysql_escape_string($file_path) . "'"; $sql = mysql_query($sql); if (false == $sql) { dbg(); my_die(); } $aList = array(); while ($row = mysql_fetch_assoc($sql)) { $aList[] = $row; } if (empty($aList)) { return new xmlrpcresp(0, $xmlrpcerruser, 'file not exist'); } $aList = current($aList); if (!defined($aList['path'])) { return new xmlrpcresp(0, $xmlrpcerruser, 'file path not correct (remote error)'); } $response = saferead(constant($aList['path']) . '/' . $aList['name']); // Возвращаем $response = base64_encode($response); return new xmlrpcresp(new xmlrpcval($response), $xmlrpcString); }
function escape($string) { return addslashes( $string ); // Disable rest for now, causing problems if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' ) return mysql_escape_string( $string ); else return mysql_real_escape_string( $string, $this->dbh ); }
function ViewLog() { global $db_host, $db_user, $db_pass, $db_name; global $total, $page, $size, $view_size; global $client_count_info, $client_from_info, $client_where_info, $client_select_info, $client_order_info; $page = intval($_GET["page"]); $role = $_GET["role"]; $Conn = mysql_connect($db_host, $db_user, $db_pass); mysql_query("SET NAMES 'GBK'"); mysql_select_db($db_name, $Conn); $role = mysql_escape_string($role); $qs = "{$client_count_info} {$client_from_info} {$client_where_info} and clc.role_name = '{$role}'"; $result = mysql_query($qs); $row = mysql_fetch_row($result); $total = intval($row[0]); $b = $page * $size - $size; $e = $size; printf("<p>查询条件是角色名: <b>{$role}</b><p>"); $qs = "{$client_select_info} {$client_from_info} {$client_where_info} and clc.role_name = '{$role}' {$client_order_info} limit {$b}, {$e}"; $result = mysql_query($qs); $content = array(); while ($row = mysql_fetch_row($result)) { $content[count($content)] = $row; } printf(GetClientLogHTML($content)); }
/** * Функція для пошуку інформації про користувачів * * @param array $data Дані для пошуку (шуканий текст) */ public function searchArticles($data) { /* * Оберігаю дані */ $text = strip_tags($data); $text = mysql_escape_string($text); /* * Лайки-шукачі інформації) */ $where = "`text` LIKE '%{$text}%' OR `href` LIKE '%{$text}%' OR `en_text` LIKE '%{$text}%'"; $u = $this->db->select('bio_gr_articles', '*', $where); /** Перевірка присутності результатів * */ /* * Результати відсутні - виводимо відповідне повідомлення */ if ($this->db->getCount() == 0) { print '<div class="alert alert-danger"><span class="glyphicon glyphicon-remove-circle"></span> За даним запитом не знайдено нічого</div>'; } else { $users = '<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">'; $users .= '<ul class="list-group">'; for ($i = 0; $i < sizeof($u); $i++) { $users .= '<li class="list-group-item">'; $users .= '' . $u[$i]['text'] . '<a href="' . $u[$i]['href'] . '">Link</a>'; $users .= '</li>'; } $users .= '</ul>'; $users .= '</div>'; print $users; } }
function modul($posisi) { global $koneksi_db, $STYLE_INCLUDE, $SCRIPT_INCLUDE; $total = 0; $numb = 0; if (isset($_GET['pilih'])) { $pilih = mysql_escape_string(strip_tags($_GET['pilih'])); $numb = mysql_num_rows(mysql_query("SELECT `id` FROM `actions` WHERE `modul` = '{$pilih}'")); $modulku = mysql_query("SELECT * FROM `actions` LEFT JOIN `modul` ON (`modul`.`id` = `actions`.`modul_id`) WHERE `actions`.`modul` = '{$pilih}' AND `actions`.`posisi` = '{$posisi}' ORDER BY `actions`.`order`"); $total = mysql_num_rows($modulku); while ($viewmoduls = mysql_fetch_assoc($modulku)) { if (file_exists($viewmoduls['isi']) && $viewmoduls['type'] == 'module') { include $viewmoduls['isi']; kotakjudul($viewmoduls['modul'], @$out, ''); $out = ''; } if ($viewmoduls['type'] == 'block') { kotakjudul($viewmoduls['modul'], $viewmoduls['isi'], ''); } } } if ($total == 0 && $numb == 0) { $modulku = $koneksi_db->sql_query("SELECT * FROM modul WHERE published= 1 AND posisi= '{$posisi}' ORDER BY ordering"); while ($viewmodul = $koneksi_db->sql_fetchrow($modulku)) { if (file_exists($viewmodul['isi']) && $viewmodul['type'] == 'module') { include $viewmodul['isi']; kotakjudul($viewmodul['modul'], @$out, ''); $out = ''; } if ($viewmodul['type'] == 'block') { kotakjudul($viewmodul['modul'], $viewmodul['isi'], ''); } } } }
function login() { global $dbsettings; $link = opendb(); if (isset($_POST["submit"])) { $query = doquery("SELECT * FROM {{table}} WHERE username='******' AND password='******' LIMIT 1", "users"); if (mysql_num_rows($query) != 1) { die("Invalid username or password. Please go back and try again."); } $row = mysql_fetch_array($query); if (isset($_POST["rememberme"])) { $expiretime = time() + 31536000; $rememberme = 1; } else { $expiretime = 0; $rememberme = 0; } $cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme; setcookie("dkgame", $cookie, $expiretime, "/", "", 0); header("Location: index.php"); die; } $page = gettemplate("login"); $title = "Log In"; display($page, $title, false, false, false, false); }
function clean($n) { $n = htmlentities($n); $n = htmlspecialchars($n); $n = mysql_escape_string($n); return $n; }
public function saveProtype($dataForm, $ptyleId = "") { global $mySession; $db = new Db(); $data_update['ptyle_name'] = $dataForm['ptyle_name']; if ($ptyleId == "") { $chkQry = $db->runQuery("select * from " . PROPERTYTYPE . " where ptyle_name='" . mysql_escape_string(trim($dataForm['ptyle_name'])) . "'"); if ($chkQry != "" and count($chkQry) > 0) { //if Property Type Name is exists than return false / 0 // No Data Inserted return 0; } else { # If Property Type Name Not Already Exista. # Insert New Record Into Database $db->save(PROPERTYTYPE, $data_update); return 1; } } else { $chkQry = $db->runQuery("select * from " . PROPERTYTYPE . " where ptyle_name='" . mysql_escape_string(trim($dataForm['ptyle_name'])) . "' and ptyle_id!=" . $ptyleId); if ($chkQry != "" and count($chkQry) > 0) { return 0; } else { $condition = 'ptyle_id=' . $ptyleId; $result = $db->modify(PROPERTYTYPE, $data_update, $condition); return 1; } } }
function article_inp($data) { $date = date('Y-m-d H:i:s'); $datetime = array(); if (!empty($data['postdate'])) { $data['postdate'] = date("Y-m-d H:i:s", strtotime($data['postdate'])); } else { $data['postdate'] = $date; } if (!empty($data['expired_date'])) { $data['expired_date'] = date("Y-m-d H:i:s", strtotime($data['expired_date'])); } else { $data['expired_date'] = '0000-00-00'; } $data['title'] = mysql_escape_string($data['title']); $data['brief'] = mysql_escape_string($data['brief']); $data['content'] = mysql_escape_string($data['content']); if ($data['action'] == 'insert') { $query = "INSERT INTO \n\t\t\t\t\t\t{$this->prefix}_news_content (title,brief,content,image,file,categoryid,articletype,\n\t\t\t\t\t\t\t\t\t\t\t\tcreated_date,posted_date,expired_date,authorid,n_status)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $data['title'] . "','" . $data['brief'] . "','" . $data['content'] . "','" . $data['image'] . "'\n ,'" . $data['image_url'] . "','" . $data['categoryid'] . "','" . $data['articletype'] . "','" . $date . "'\n ,'" . $data['postdate'] . "','" . $data['expired_date'] . "','" . $data['authorid'] . "','" . $data['n_status'] . "')"; //pr($query);exit; } else { if ($data['categoryid'] == '1' && $data['articletype'] == '2' || $data['categoryid'] == '8') { $date = $data['postdate']; } $query = "UPDATE {$this->prefix}_news_content\n\t\t\t\t\t\tSET \n\t\t\t\t\t\t\ttitle = '{$data['title']}',\n\t\t\t\t\t\t\tbrief = '{$data['brief']}',\n\t\t\t\t\t\t\tcontent = '{$data['content']}',\n\t\t\t\t\t\t\timage = '{$data['image']}',\n\t\t\t\t\t\t\tfile = '{$data['image_url']}',\n articletype = '{$data['articletype']}',\n\t\t\t\t\t\t\tposted_date = '{$data['postdate']}',\n expired_date = '{$data['expired_date']}',\n\t\t\t\t\t\t\tauthorid = '{$data['authorid']}',\n\t\t\t\t\t\t\tn_status = {$data['n_status']}\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tid = '{$data['id']}'"; } // pr($query); $result = $this->query($query); return $result; }
function ViewLog() { global $db_host, $db_user, $db_pass, $db_name; global $total, $page, $size, $view_size; global $server_count_info, $server_from_info, $server_select_info, $server_where_info, $server_order_info; $page = intval($_GET["page"]); $code = $_GET["code"]; $Conn = mysql_connect($db_host, $db_user, $db_pass); mysql_query("SET NAMES 'GBK'"); mysql_select_db($db_name, $Conn); $code = mysql_escape_string($code); $qs = "{$server_count_info} {$server_from_info} {$server_where_info} and li.error_code = '{$code}'"; $result = mysql_query($qs); $row = mysql_fetch_row($result); $total = intval($row[0]); $b = $page * $size - $size; $e = $size; printf("<p>查询条件是错误码: <b>{$code}</b><p>"); $qs = "{$server_select_info} {$server_from_info} {$server_where_info} and li.error_code = '{$code}' order by happened_time desc limit {$b}, {$e}"; $result = mysql_query($qs); $content = array(); while ($row = mysql_fetch_row($result)) { $content[count($content)] = $row; } printf(GetServerLogHTML($content)); }
} private function esc_str($val) { if ($val == '') { return 'NULL'; } return "'" . mysql_escape_string($val) . "'";
function getSuggestions($keyword) { DbConnect(); $patterns = array('/\\s+/', '/"+/', '/%+/'); $replace = array(''); $keyword = preg_replace($patterns, $replace, $keyword); if ($keyword != '' and preg_match('/^[ _a-zà-ÿA-ZÀ-ß0-9]*$/i', $keyword)) { $keyword = mysql_escape_string($keyword); $query = "SELECT name FROM game_items_factsheet WHERE name LIKE '" . $keyword . "%' ORDER BY BINARY name"; } else { $query = "SELECT name FROM game_items_factsheet WHERE name=''"; } $result = myquery($query); $output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'; $output .= '<response>'; if ($result != false) { if (mysql_num_rows($result)) { while ($row = mysql_fetch_array($result)) { $output .= '<name>' . iconv("Windows-1251", "UTF-8//IGNORE", $row['name']) . '</name>'; } } } $output .= '</response>'; mysql_close(); return $output; }
function getNotices() { // @fixme there should be a common func for this if (common_config('db', 'type') == 'pgsql') { if (!empty($this->out->tag)) { $tag = pg_escape_string($this->out->tag); } } else { if (!empty($this->out->tag)) { $tag = mysql_escape_string($this->out->tag); } } $weightexpr = common_sql_weight('fave.modified', common_config('popular', 'dropoff')); $cutoff = sprintf("fave.modified > '%s'", common_sql_date(time() - common_config('popular', 'cutoff'))); $qry = "SELECT notice.*, {$weightexpr} as weight "; if (isset($tag)) { $qry .= 'FROM notice_tag, notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff} and notice.id = notice_tag.notice_id and '{$tag}' = notice_tag.tag"; } else { $qry .= 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff}"; } $qry .= ' GROUP BY notice.id,notice.profile_id,notice.content,notice.uri,' . 'notice.rendered,notice.url,notice.created,notice.modified,' . 'notice.reply_to,notice.is_local,notice.source,notice.conversation, ' . 'notice.lat,notice.lon,location_id,location_ns,notice.repeat_of' . ' ORDER BY weight DESC'; $offset = 0; $limit = NOTICES_PER_SECTION + 1; $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; $notice = Memcached_DataObject::cachedQuery('Notice', $qry, 1200); return $notice; }
function newCmtFormHlr($author = false, $email = false, $author_id = false, $article_id = false, $content = false, $date = false) { if ($content == false) { $content = $_REQUEST['comment_text']; } if ($article_id == false) { $article_id = $_REQUEST['id']; } $reg = Registry::instance(); $_hinfo = $reg->get('hamster_info'); $login_status = $reg->get('login_status'); if ($login_status == 3) { $author = mysql_escape_string(htmlspecialchars($_hinfo['name'])); $email = ''; $author_id = intval($_hinfo['id']); if ($_REQUEST['comment_text'] == '') { return array(); } require_once 'lib/markdown/markdown.php'; $content = Markdown(strip_tags($content)); } else { $content = '<p>' . htmlspecialchars($content) . '</p>'; $email = mysql_escape_string(htmlspecialchars($_REQUEST['comment_email'])); if ($_REQUEST['comment_name'] != '' && $name == false) { $author = mysql_escape_string(htmlspecialchars($_REQUEST['comment_name'])); } else { $author = 'НЛО'; } if (strpos($_REQUEST['comment_text'], 'http://') !== false || $_REQUEST['comment_text'] == '' || $_REQUEST['comment_sid'] != $_SESSION['comment_sid'] || !isset($_SESSION['comment_sid']) || time() - $_SESSION['comment_stamp'] < 2) { return array(); } } $prs = array('author' => $author, 'email' => $email, 'author_id' => $author_id, 'article_id' => intval($article_id), 'content' => mysql_escape_string($content), 'date' => local2gm()); return $prs; }
protected function _get_query_order($key, $value) { /** * Returns an ORDER BY argument, given an argument from the query string. * * The return value of this function goes right after an 'ORDER BY', so it * might be 'b.reporter ASC' or 'u.date_created DESC'. * * @param $key - The resource attribute on which the request says to sort. For * example, if the QS parameter is 'sort-reporter', $key here will be * 'reporter'. * @param $value - The sense of the sort; 1 for ascending, -1 for descending. */ if ($key == 'reporter') { $key .= '_id'; } elseif ($key == 'private') { $key = 'view_state'; } elseif ($key == 'date_submitted' || $key == 'last_modified') { $key = mysql_escape_string($key); } else { throw new HTTPException(500, "Can't sort bugnotes by attribute '{$key}'"); } $sql = "n.{$key}"; if ($value == 1) { $sql .= ' ASC'; } elseif ($value == -1) { $sql .= ' DESC'; } return $sql; }
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = $theValue != "" ? intval($theValue) : "NULL"; break; case "double": $theValue = $theValue != "" ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = $theValue != "" ? "'" . date("Y-m-d", strtotime($theValue)) . "'" : "NULL"; break; case "time": $theValue = $theValue != "" ? "'" . date("H:i:s", strtotime($theValue)) . "'" : "NULL"; break; case "datetime": $theValue = $theValue != "" ? "'" . date("Y-m-d H:i:s", strtotime($theValue)) . "'" : "NULL"; break; case "defined": $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; }
function login() { $username = $_POST['username']; //防sql注入语句 //第一种方法:addslashes():使用反斜线引用特殊字符 //$username=addslashes($username); //第二种方法:mysql_escape_string():转换一个字符串,用于mysql_query $username = mysql_escape_string($username); $password = md5($_POST['password']); $sql = "select * from imooc_user where username='******' and password='******'"; /*以下语句打印出的sql语句,看出恶意攻击的sql注入 //如有人在账户名中输入“ ' or 1=1 # ” //这段代码,那语句会变成select * from imooc_user where username='******' and password='******' //那等于用户名为空或者1=1的sql语句,这句永远为空,则返回ture,那根据下面语句,就会直接登录 //echo $sql;exit; */ //$resNum=getResultNum($sql); $row = fetchOne($sql); //echo $resNum; if ($row) { $_SESSION['loginFlag'] = $row['id']; $_SESSION['username'] = $row['username']; $mes = "登陆成功!<br/>3秒钟后跳转到首页<meta http-equiv='refresh' content='3;url=index.php'/>"; } else { $mes = "登陆失败!<a href='login.php'>重新登陆</a>"; } return $mes; }
function error($message, $title) { global $link, $game_config; if ($game_config['debug'] == 1) { echo "<h2>{$title}</h2><br><font color=red>{$message}</font><br><hr>"; echo "<table>" . $this->log . "</table>"; } //else{ //A futuro, se creara una tabla especial, para almacenar //los errores que ocurran. global $user, $xnova_root_path, $phpEx; include $xnova_root_path . 'config.' . $phpEx; if (!$link) { die('mySQL no esta disponible por el momento, sentimos el inconveniente...'); } $query = "INSERT INTO {{table}} SET\n\t\t\t\t`error_sender` = '{$user['id']}' ,\n\t\t\t\t`error_time` = '" . time() . "' ,\n\t\t\t\t`error_type` = '{$title}' ,\n\t\t\t\t`error_text` = '" . mysql_escape_string($message) . "' ,\n\t\t\t\t`error_page` = '" . mysql_escape_string($_SERVER['HTTP_REFERER']) . "';"; $sqlquery = mysql_query(str_replace("{{table}}", $dbsettings["prefix"] . 'errors', $query)) or die('error fatal'); $query = "explain select * from {{table}}"; $q = mysql_fetch_array(mysql_query(str_replace("{{table}}", $dbsettings["prefix"] . 'errors', $query))) or die('error fatal: '); if (!function_exists('message')) { echo "Fehler, bitte den Fehler dem Administrator melden. Fehler n°: <b>" . $q['rows'] . "</b>"; } else { message("Fehler, bitte den Fehler dem Administrator melden. Fehler n°: <b>" . $q['rows'] . "</b>", "Erreur"); } //} die; }
function execute($array = array()) { if (count($this->__boundParams) > 0) { $array =& $this->__boundParams; } $__query = $this->__query; if (count($array) > 0) { foreach ($array as $k => $v) { if (!is_int($k) || substr($k, 0, 1) === ':') { if (!isset($tempf)) { $tempf = $tempr = array(); } array_push($tempf, $k); array_push($tempr, '"' . mysql_escape_string($v) . '"'); } else { $parse = create_function('$v', 'return \'"\'.mysql_escape_string($v).\'"\';'); $__query = preg_replace("/(\\?)/e", '$parse($array[$k++]);', $__query); break; } } if (isset($tempf)) { foreach ($tempf as $k => $v) { $search[$k] = '/' . preg_quote($tempf[$k], '`') . '\\b/'; } $__query = preg_replace($search, $tempr, $__query); } } if (is_null($this->__result =& $this->__uquery($__query))) { $keyvars = false; } else { $keyvars = true; } $this->__boundParams = array(); return $keyvars; }
function action() { $imie = mysql_escape_string($_REQUEST['imie']); $nazwisko = mysql_escape_string($_REQUEST['nazwisko']); $pesel = mysql_escape_string($_REQUEST['pesel']); $adres = mysql_escape_string($_REQUEST['adres']); $miasto = mysql_escape_string($_REQUEST['miasto']); $kod = mysql_escape_string($_REQUEST['kod']); $dl_prenum = mysql_escape_string($_REQUEST['dl_prenum']); $today = date('Y-m-d'); $datapom = explode("-", $today); $miesiac_waznosci = $datapom[1] + $dl_prenum; $rok_waznosci = $datapom[0]; if ($miesiac_waznosci > 12) { $miesiac_waznosci = $miesiac_waznosci - 12; $rok_waznosci = $rok_waznosci + 1; } $data_waznosci = $rok_waznosci . "-" . $miesiac_waznosci . "-" . $datapom[2]; $tablica = array("imie_prenum" => $imie, "nazwisko_prenum" => $nazwisko, "pesel_prenum" => $pesel, "adres_prenum" => $adres, "miasto_prenum" => $miasto, "kod_prenum" => $kod, "data_wpisu" => $today, "data_waznosci" => $data_waznosci, "status_prenum" => 1); var_dump($tablica); $this->getDb()->insert("prenumerator", $tablica); $prenum = $this->getDb()->fetchAll("select * from prenumerator"); $view = $this->getView(); $view->assign("klienci", $prenum); $view->display("prenum.tpl"); }
public static function sess_write($sid, $sess_data) { if (self::$skip || checkSign(2)) { return true; } $sess_data = MyReq::sessDecode($sess_data); $sess_data['ip'] = mysql_escape_string($sess_data['ip']); $sess_data['userinfo'] = mysql_escape_string(serialize($sess_data['userinfo'])); extract($sess_data); include ROOT_PATH . "/include/config.php"; $reflash = $_SERVER["REQUEST_TIME"]; if (empty($username)) { $username = "******"; } if (empty($usertype)) { $usertype = 1; } if (empty($usergroup)) { $usergroup = 0; } self::$cnt = mysql_connect($setting['db']['host'], $setting['db']['user'], $setting['db']['pass']); mysql_query("SET NAMES '" . $setting['db']['charset'] . "'", self::$cnt); mysql_select_db($setting['db']['name']); $result = mysql_query("REPLACE INTO " . $setting['db']['pre'] . "user_online (sid, ip, username, usertype, usergroup, reflash, url, userinfo) VALUES ('{$sid}', '{$ip}', '{$username}', '{$usertype}', '{$usergroup}', '{$reflash}', '{$url}', '{$userinfo}')", self::$cnt); return $result; }
function trunkalarmoptions_saveconfig() { require_once 'DB.php'; # clean up $engine = mysql_escape_string($_POST['engine']); $pbxname = mysql_escape_string($_POST['pbxname']); # Make SQL thing $sql = "UPDATE `trunkalarmoptions` SET"; $sql .= " `engine`='{$engine}',"; $sql .= " `pbxname`='{$pbxname}'"; $sql .= " `trunkemail`='{$trunkemail}'"; $sql .= " `trunkalarmext`='{$trunkext}'"; $sql .= " `trunkalarmnumber`='{$trunknumber}'"; $sql .= " LIMIT 1;"; $sql = "UPDATE `trunkalarmoptions` SET"; $sql .= " `engine`='{$engine}',"; $sql .= " `pbxname`='{$pbxname}'"; $sql .= " LIMIT 1;"; $sql = "UPDATE `trunkalarmoptions` SET"; $sql .= " `engine`='{$engine}',"; $sql .= " `trunkemail`='{$trunkemail}'"; $sql .= " LIMIT 1;"; $sql = "UPDATE `trunkalarmoptions` SET"; $sql .= " `engine`='{$engine}',"; $sql .= " `trunkalarmext`='{$trunkext}'"; $sql .= " LIMIT 1;"; $sql = "UPDATE `trunkalarmoptions` SET"; $sql .= " `engine`='{$engine}',"; $sql .= " `trunkalarmnumber`='{$trunknumber}'"; $sql .= " LIMIT 1;"; sql($sql); needreload(); }
function EditPaymentGateway($payment_gateway_name, $payment_gateway_account, $payment_gateway_status) { global $db; $record["payment_gateway_account"] = $payment_gateway_account; $record["payment_gateway_status"] = $payment_gateway_status; $db->AutoExecute('payment_gateway', $record, 'UPDATE', "payment_gateway_name ='" . mysql_escape_string($payment_gateway_name) . "'"); }
public function saveCurrency($dataForm, $currencyId = "") { global $mySession; $db = new Db(); $data_update['currency_name'] = trim($dataForm['currency_name']); $data_update['currency_code'] = strtoupper(trim($dataForm['currency_code'])); $data_update['exchange_rate'] = $dataForm['exchange_rate']; $maxquery = $db->runQuery("select max(currency_order) as MAX from " . CURRENCY . " "); if ($currencyId == "") { $currencyId = 0; } $chkQry2 = $db->runQuery("select * from " . CURRENCY . " where currency_code='" . mysql_escape_string(trim($data_update['currency_code'])) . "' and currency_id!=" . $currencyId); if ($chkQry != "" and count($chkQry) > 0) { return 0; } else { if ($currencyId > 0) { $condition = 'currency_id=' . $currencyId; $db->modify(CURRENCY, $data_update, $condition); return 1; } else { $data_update['currency_order'] = $maxquery[0]['MAX'] + 1; $db->save(CURRENCY, $data_update); return 1; } } }
function run_in_background($command, $output, $taskID = null) { if ($this->onlineMode) { $this->removeDeadProcessesFromQueue(); if (!isset($taskID)) { mysql_query("insert ignore into task (cmd, output) values ('" . mysql_escape_string($command) . "','" . mysql_escape_string($output) . "')"); } else { $runningProcessCount = mysql_num_rows(mysql_query("Select id from task where running=true")); if ($runningProcessCount < $this->processLimit) { mysql_query("update task set running=true where id=" . $taskID); $this->startProcess($command, $output); mysql_query("Delete from task where id=" . $taskID); } } $sIndex = strrpos($output, '/'); if ($sIndex === false) { $sIndex = strrpos($output, '\\'); } if ($sIndex === false) { $sIndex = strrpos($output, PATH_SEPARATOR); } if ($sIndex === false) { $sIndex = -1; } return substr($output, $sIndex + 1); } else { return $this->startProcess($command, $output); } //sleep ( rand(5,10) ); // Sleep for 5 seconds so other taks don't get ran to quickly }
function generate_rows($q) { global $db; $rows = array(); $USERURL = new URL('userview'); for ($row = 0; $row < $q->rows(); $row++) { $email = $q->field($row, 'email'); $criteria = $q->field($row, 'criteria'); $SEARCHENGINE = new SEARCHENGINE($criteria); $r = $db->query("SELECT user_id,firstname,lastname FROM users WHERE email = '" . mysql_escape_string($email) . "'"); if ($r->rows() > 0) { $user_id = $r->field(0, 'user_id'); $USERURL->insert(array('u' => $user_id)); $name = '<a href="' . $USERURL->generate() . '">' . $r->field(0, 'firstname') . ' ' . $r->field(0, 'lastname') . '</a>'; } else { $name = $email; } $created = $q->field($row, 'created'); if ($created == '0000-00-00 00:00:00') { $created = ' '; } $rows[] = array($name, $SEARCHENGINE->query_description_long(), $created); } return $rows; }
function setOp() { if (isset($_GET["op"])) { $this->op = mysql_escape_string($_GET["op"]); switch ($this->op) { case 'add': $this->layout = "vista/geozona_form.phtml"; $this->tilSec = "Agregar Geo Zona"; break; case 'mod': $this->layout = "vista/geozona_form.phtml"; $this->tilSec = "Editar Geo Zona"; if (isset($_GET["id"])) { $this->poligono = $this->poMP->find($_GET["id"]); $this->puntos = $this->poMP->fetchPuntos($this->poligono->ID_POLIGONO); } break; } } else { $this->layout = "vista/geozona.phtml"; if ($this->cp->cp->isAdmin() || $this->cp->cp->isSuperAdmin()) { $this->poligonos = $this->poMP->fetchByCuenta($this->cp->getSession()->get("accountID")); } else { $this->poligonos = $this->poMP->fetchByUser($this->cp->getSession()->get("userID")); } } }
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = $theValue != "" ? intval($theValue) : "NULL"; break; case "double": $theValue = $theValue != "" ? doubleval($theValue) : "NULL"; break; case "date": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; }
function auth() { $id = mysql_escape_string($_POST['login']); $password = mysql_escape_string($_POST['password']); $query = mysql_query("SELECT * FROM tbl_auth WHERE id = '{$id}' and password ='******' limit 1"); if (mysql_num_rows($query) == 1) { $_SESSION['auth'] = "1"; $_SESSION['id'] = $id; $_SESSION['name'] = get_agency_name($id); //this is the first time we use this function to pull the agency name. $_SESSION['ses_start'] = date('Y-m-d-h-i-s'); $_SESSION['log_ip'] = $_SERVER['REMOTE_ADDR']; log_activity('login'); load_index(); } else { $error_message = 'Sorry, try again! (your ip address has been recorded)'; // This is an example of a generic log entry $_SESSION['extra'] = $id; //we set the extra var to the attemped user id $_SESSION['log_ip'] = $_SERVER['REMOTE_ADDR']; //we record the ip address log_activity('failed login'); //we use a string to id the activity and write the log // end of logging show_login($error_message); } //echo $query; }
public static function getAsJson($file, $force = false) { $json = array(); getimagesize($file, $info); if (isset($info["APP13"])) { $iptc = iptcparse($info["APP13"]); if (isset($iptc['2#120'])) { $caption = implode('|', $iptc['2#120']); // nb: '|' should never actually appear $caption = ensureUTF8($caption); // since could be 'local' encoding $caption = mysql_escape_string($caption); // safety. stackoverflow.com/q/1162491 $json['caption'] = $caption; } if (isset($iptc['2#025'])) { $json['keywords'] = $iptc['2#025']; } // keep as array set_error_handler("ignoreAnyError", E_ALL); // TOTEST, currently no exif enabled on localhost if (function_exists('exif_read_data')) { $json['exif'] = exif_read_data($tmpfile, 0, false); } // fails on a very few files (corrupt EXIF) restore_error_handler(); } Log::info("json for :" . $file); Log::info($json); return $json; }