Example #1
1
function dbkit_run_query_with_array($sql, $args)
{
    foreach ($args as &$arg) {
        if (is_array($arg)) {
            if (count($arg) == 0) {
                $arg = array(-1);
            }
            $parts = array();
            foreach ($arg as $part) {
                $parts[] = "'" . mysql_real_escape_string("{$part}") . "'";
            }
            $arg = "(" . implode(",", $parts) . ")";
        } else {
            $arg = "'" . mysql_real_escape_string("{$arg}") . "'";
        }
    }
    $sql = str_replace("?", "%s", $sql);
    array_unshift($args, $sql);
    $sql = call_user_func_array('sprintf', $args);
    dbkit_log_query($sql);
    $res = mysql_query($sql);
    if (!$res) {
        die("database query failed: " . mysql_error());
    }
    return $res;
}
Example #2
1
function query_operon_gene_percentage($species_id)
{
    $spe = array();
    $spe['name'] = '';
    $spe['ncs'] = array();
    $spe['total_gene'] = 0;
    $spe['in_operon'] = 0;
    $species_id = mysql_real_escape_string($species_id);
    $sql = "SELECT id, name FROM Species WHERE id={$species_id}";
    $result = mysql_query($sql) or die("Invalid query: " . mysql_error());
    $row = mysql_fetch_array($result);
    $spe['name'] = $row['name'];
    unset($result);
    $sql = "SELECT id,NC_id,protein_gene_number,rna_gene_number,operon_number FROM NC WHERE species_id={$species_id}";
    $result = mysql_query($sql) or die("Invalid query: " . mysql_error());
    $n = mysql_num_rows($result);
    for ($i = 0; $i < $n; $i++) {
        $row = mysql_fetch_array($result);
        $NC_id = $row['id'];
        $row['total_gene_num'] = $row['protein_gene_number'] + $row['rna_gene_number'];
        $sql2 = "SELECT sum(size) as total_genes FROM Operon WHERE size>=2 AND NC_id={$NC_id} ORDER BY id";
        $result2 = mysql_query($sql2) or die("Invalid query: " . mysql_error());
        $row2 = mysql_fetch_array($result2);
        $row['gene_in_operon'] = $row2['total_genes'];
        #$row['percent'] = round($row['gene_in_operon'] / $row['total_gene_num'],2);
        array_push($spe['ncs'], $row);
        $spe['total_gene'] += $row['total_gene_num'];
        $spe['in_operon'] += $row['gene_in_operon'];
    }
    $spe['percent'] = round(100 * $spe['in_operon'] / $spe['total_gene'], 2);
    return $spe;
}
Example #3
1
 public static function toRegularString($string)
 {
     if (!is_string($string)) {
         return null;
     }
     return mysql_real_escape_string($string);
 }
function formatField($input)
{
    $input = strip_tags($input);
    $input = str_replace(";", ":", $input);
    $input = mysql_real_escape_string($input);
    return trim($input);
}
function get_all_promo_events()
{
    connect_and_select_db(DB_SERVER, DB_UN, DB_PWD, DB_NAME);
    $startDate = mysql_real_escape_string($_POST['startDate']);
    $endDate = mysql_real_escape_string($_POST['endDate']);
    //Retrieve all events that occur during the time period including the outer bounds
    if ($startDate == null || $startDate == "") {
        $startDate = "0000-00-00";
    }
    if ($endDate == null || $endDate == "") {
        $endDate = "9999-99-99";
    }
    //$startDate = str_replace("-", "", $startDate);
    //$endDate = str_replace("-", "", $endDate);
    $sql = "SELECT * FROM AdEvent WHERE " . "(StartDate >= '{$startDate}' " . "AND StartDate <= '{$endDate}') " . "OR (EndDate >= '{$startDate}' " . "AND EndDate <= '{$endDate}') " . "ORDER BY AdEvent.StartDate ASC;";
    //$sql = "SELECT * FROM AdEvent ORDER BY AdEvent.StartDate ASC";            --older, incorrect version
    $error_message = "Could not successfully run query ({$sql}) from DB: ";
    $search_events_result = get_result_set_from_select_query($sql, $error_message);
    //$result is non-empty. So count the rows
    $numrows = mysql_num_rows($search_events_result);
    //Create an appropriate message
    $message = "";
    if ($numrows == 0) {
        $message = "No events found in database";
    }
    ui_show_events_retrieved($message, $search_events_result);
}
 public function index()
 {
     $email = "";
     if ($this->post and !$this->csrf) {
         global $site;
         $site['flash']['error'] = "Invalid form submission";
     } elseif ($this->post) {
         $email = mysql_real_escape_string($_POST['email']);
         $user = User::find("users.email = '{$email}' AND users.suspended = 0 AND users.activated = 1", null, false, 1);
         if ($user) {
             // Disable any active lost password requests
             $lost_passwords = $user->get_lost_passwords();
             if (count($lost_passwords) > 0) {
                 foreach ($lost_passwords as $lost_password) {
                     $lost_password->used = true;
                     $lost_password->save();
                 }
             }
             // Make a new lost password request
             $lost_password = new LostPassword($user);
             if ($lost_password->save()) {
                 Email::send_lost_password($lost_password);
                 Site::flash("notice", "Instructions on how to reset your password have been sent to {$user->email}");
                 Redirect("resetpassword");
             } else {
                 $this->site['flash']['error'] = "Unable to send password reset instructions";
             }
         } else {
             $this->site['flash']['error'] = "Unable to find a user with that email address";
         }
     }
     $this->assign("email", $email);
     $this->title = "Lost Password";
     $this->render("lost_password/index.tpl");
 }
Example #7
0
 public function createForum($name, $category, $subcategory)
 {
     if (isset($this->authIdentity)) {
         $insert_data = array('creator' => $this->authIdentity->userid, 'category' => $category, 'subcategory' => $subcategory, 'name' => mysql_real_escape_string($name), 'vote' => 'a:0:{}');
         $forumid = $this->insert($insert_data);
     }
 }
Example #8
0
function handleRegister()
{
    //showLog("handleLogin");
    //
    $ret = array('op' => 'register', 'msg' => 'Registration Successful', 'error_code' => '0');
    $username = $_POST["username"];
    $email = $_POST["email"];
    $password = $_POST["password"];
    $upass = md5(mysql_real_escape_string($_POST['password']));
    $dao = new DAOuser();
    // ensure that user with same email does not exist in database
    $user = $dao->getByEmail($email);
    // user already exists for give email
    if ($user != NULL) {
        $ret["error_code"] = "1";
        $ret["msg"] = "Email '" . $email . "' already exists";
        echo json_encode($ret);
        return;
    }
    // ensure that user with same username does not exist in database
    $user = $dao->getByUsername($username);
    // user already exists for give username
    if ($user != NULL) {
        $ret["error_code"] = "1";
        $ret["msg"] = "Username '" . $username . "' already exists";
        echo json_encode($ret);
        return;
    }
    $user = new user($_POST['username'], $upass, $_POST['email']);
    $dao->save($user);
    echo json_encode($ret);
}
 public function forSql($value, $maxLength = 0)
 {
     if ($maxLength > 0) {
         $value = substr($value, 0, $maxLength);
     }
     return mysql_real_escape_string($value, $this->dbConnection->getResource());
 }
Example #10
0
function addm($char, $mes, $priv)
{
    setlocale(LC_ALL, "ru_RU.CP1251");
    if (!isset($char['sex']) || $char['sex'] == "male") {
        $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\1", $mes);
    } else {
        $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\2", $mes);
    }
    $mes = '<span style="color:#FF2828;font-size:12px;">' . iconv("Windows-1251", "UTF-8//IGNORE", $mes) . '</style>';
    $message = $mes;
    $message = mysql_real_escape_string($message);
    $sel = myquery("SELECT `count` FROM `game_bot_chat_resp` WHERE `id` = '" . $char['name'] . "';");
    $n = mysql_fetch_array($sel);
    if ($n['count'] <= 4) {
        myquery("INSERT INTO `game_bot_chat_resp` (`id`,`count`) VALUES ('" . $char['name'] . "','1') ON DUPLICATE KEY UPDATE `count` = `count` + 1;");
        $update_chat = myquery("insert into game_log (town,fromm,too,message,date,ptype) values (0,'-1','" . $char['user_id'] . "','" . $message . "','" . time() . "'," . $priv . ")");
    } else {
        $sel = myquery("SELECT `text` FROM `game_bot_chat_annoy` ORDER BY RAND() ASC LIMIT 1");
        $mes = mysql_fetch_array($sel);
        if (!isset($char['sex']) || $char['sex'] == "male") {
            $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\1", $mes);
        } else {
            $mes = preg_replace("/\\{([\\d\\w\\s]*?)\\|([\\d\\w\\s]*?)\\}/i", "\\2", $mes);
        }
        $message = mysql_real_escape_string('<span style="color:#FF2828;font-size:12px;">' . iconv("Windows-1251", "UTF-8//IGNORE", $mes['text']) . '</style>');
        $update_chat = myquery("insert into game_log (town,fromm,too,message,date,ptype) values (0,'-1','" . $char['user_id'] . "','" . $message . "','" . time() . "'," . $priv . ")");
    }
}
Example #11
0
function _wobi_addWebseedfiles($torrent_file_path, $relative_path, $httplocation, $hash)
{
    $prefix = WOBI_PREFIX;
    $fd = fopen($torrent_file_path, "rb") or die(errorMessage() . "File upload error 1</p>");
    $alltorrent = fread($fd, filesize($torrent_file_path));
    fclose($fd);
    $array = BDecode($alltorrent);
    // Add in Bittornado HTTP seeding spec
    //
    //add information into database
    $info = $array["info"] or die("Invalid torrent file.");
    $fsbase = $relative_path;
    // We need single file only!
    mysql_query("INSERT INTO " . $prefix . "webseedfiles (info_hash,filename,startpiece,endpiece,startpieceoffset,fileorder) values (\"{$hash}\", \"" . mysql_real_escape_string($fsbase) . "\", 0, " . (strlen($array["info"]["pieces"]) / 20 - 1) . ", 0, 0)");
    // Edit torrent file
    //
    $data_array = $array;
    $data_array["httpseeds"][0] = WOBI_URL . "/seed.php";
    //$data_array["url-list"][0] = $httplocation;
    $to_write = BEncode($data_array);
    //write torrent file
    $write_httpseed = fopen($torrent_file_path, "wb");
    fwrite($write_httpseed, $to_write);
    fclose($write_httpseed);
    //add in piecelength and number of pieces
    $query = "UPDATE " . $prefix . "summary SET piecelength=\"" . $info["piece length"] . "\", numpieces=\"" . strlen($array["info"]["pieces"]) / 20 . "\" WHERE info_hash=\"" . $hash . "\"";
    quickQuery($query);
}
Example #12
0
 public static function authentication()
 {
     //		print_r($_SERVER);
     //		exit();
     if (!isset($_SERVER['PHP_AUTH_USER'])) {
         header('WWW-Authenticate: Basic realm="My Realm"');
         header('HTTP/1.0 401 Unauthorized');
         echo 'Text to send if user hits Cancel button';
         exit;
     } else {
         $db = new DB();
         $username = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
         $password = mysql_real_escape_string($_SERVER['PHP_AUTH_PW']);
         $domain = 'nebula.com';
         $hash = md5($username . ':' . $domain . ':' . $password);
         $sql = "SELECT id from n_nebulauser WHERE username='******' AND ha1='{$hash}'";
         $q = $db->query($sql);
         if (mysql_num_rows($q)) {
             $fetch = mysql_fetch_assoc($q);
             return $fetch['id'];
         } else {
             return null;
         }
     }
     return false;
 }
Example #13
0
 function prepare($id, $data = false, $period_sec = false)
 {
     //Если задана очистка подготовленного сохранения
     if ($id == 'clear') {
         $this->temp = false;
         return true;
     }
     //Если не передано что готовить
     if (!$data) {
         return false;
     }
     $t = mktime();
     if (!$period_sec) {
         $period_sec = 86400;
     }
     //+20дней=86400
     if (!is_string($data)) {
         $serr = serialize($data);
     } else {
         $serr = $data;
     }
     $serr = mysql_real_escape_string($serr);
     /*
     	  if(1==3 && unserialize($serr) != $data ){
     	$this->temp=false;
     	return false;
     }
     */
     $this->temp = "REPLACE INTO z_fs_queries SET fq_id='{$id}', fq_content='{$serr}', fq_create=" . $t . ", fq_dead=" . ($t + $period_sec);
     $this->last_id = $id;
     return true;
 }
Example #14
0
 public function getAreaList($stfips, $areatype)
 {
     $link = getDatabaseConnection();
     $query = sprintf("select * from wid.geog " . "where stfips = '%s' and areatype = '%s' order by stfips, areatype, area", mysql_real_escape_string($stfips), mysql_real_escape_string($areatype));
     $arealist = $this->getJSONResult($query, $link);
     return $arealist;
 }
Example #15
0
 private function loadData()
 {
     $title = mysql_real_escape_string($this->title);
     $text = mysql_real_escape_string($this->text);
     $data = array("title" => "'{$title}'", "type" => "'{$this->type}'", "text" => "'{$text}'");
     return $data;
 }
Example #16
0
 function check_str($string, $trim = true)
 {
     global $db_type, $db;
     //when code in db is urlencoded the ' does not need to be modified
     if ($db_type == "sqlite") {
         if (function_exists('sqlite_escape_string')) {
             $string = sqlite_escape_string($string);
         } else {
             $string = str_replace("'", "''", $string);
         }
     }
     if ($db_type == "pgsql") {
         $string = pg_escape_string($string);
     }
     if ($db_type == "mysql") {
         if (function_exists('mysql_real_escape_string')) {
             $tmp_str = mysql_real_escape_string($string);
         } else {
             $tmp_str = mysqli_real_escape_string($db, $string);
         }
         if (strlen($tmp_str)) {
             $string = $tmp_str;
         } else {
             $search = array("", "\n", "\r", "\\", "'", "\"", "");
             $replace = array("\\x00", "\\n", "\\r", "\\\\", "\\'", "\\\"", "\\");
             $string = str_replace($search, $replace, $string);
         }
     }
     $string = $trim ? trim($string) : $string;
     return $string;
 }
Example #17
0
function SaveOptions($username, $email, $calendar_ids, $project_ids)
{
    $email = mysql_real_escape_string($email);
    /* get the range of years that studies have occured */
    $sqlstring = "select * from users where username = '******'";
    //echo $sqlstring;
    $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    if (mysql_num_rows($result) > 0) {
        /* update */
        $sqlstring = "update users set user_email = '{$email}' where username = '******'";
        $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    } else {
        /* insert */
        $sqlstring = "insert into users (username, user_email) values ('{$username}', '{$email}')";
        $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    }
    $sqlstring = "select * from users where username = '******'";
    $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    $row = mysql_fetch_array($result, MYSQL_ASSOC);
    $user_id = $row['user_id'];
    $sqlstring = "delete from calendar_notifications where not_userid = {$user_id}";
    $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    foreach ($calendar_ids as $cal_id) {
        $sqlstring = "insert into calendar_notifications (not_userid, not_calendarid) values ({$user_id}, {$cal_id})";
        $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    }
    $sqlstring = "delete from project_notifications where not_userid = {$user_id}";
    $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    foreach ($project_ids as $prj_id) {
        $sqlstring = "insert into project_notifications (not_userid, not_projectid) values ({$user_id}, {$prj_id})";
        $result = mysql_query($sqlstring) or die("Query failed: " . mysql_error() . "<br><i>{$sqlstring}</i><br>");
    }
}
Example #18
0
 /**
  * execute query - show be regarded as private to insulate the rest of
  * the application from sql differences
  * @access private
  */
 function query($sql)
 {
     global $CONF;
     if (is_null($this->dblink)) {
         $this->_connect();
     }
     //been passed more parameters? do some smart replacement
     if (func_num_args() > 1) {
         //query contains ? placeholders, but it's possible the
         //replacement string have ? in too, so we replace them in
         //our sql with something more unique
         $q = md5(uniqid(rand(), true));
         $sql = str_replace('?', $q, $sql);
         $args = func_get_args();
         for ($i = 1; $i <= count($args); $i++) {
             $sql = preg_replace("/{$q}/", "'" . preg_quote(mysql_real_escape_string($args[$i])) . "'", $sql, 1);
         }
         //we shouldn't have any $q left, but it will help debugging if we change them back!
         $sql = str_replace($q, '?', $sql);
     }
     $this->dbresult = mysql_query($sql, $this->dblink);
     if (!$this->dbresult) {
         die("Query failure: " . mysql_error() . "<br />{$sql}");
     }
     return $this->dbresult;
 }
 function writeToDestination($data)
 {
     $sqlInsertStatement = "INSERT INTO SAKPART (SP_SAID, SP_U1, SP_KORTNAVN, SP_NAVN, SP_ADRESSE, SP_POSTNR, SP_POSTSTED, SP_UTLAND, SP_EPOSTADR, SP_KONTAKT, SP_ROLLE, SP_FAKS, SP_TLF) VALUES (";
     $sqlInsertStatement .= "'" . $data->SP_SAID . "',";
     $sqlInsertStatement .= "'" . $data->SP_U1 . "',";
     $sqlInsertStatement .= "'" . $data->SP_KORTNAVN . "',";
     $sqlInsertStatement .= "'" . mysql_real_escape_string($data->SP_NAVN) . "',";
     $sqlInsertStatement .= "'" . mysql_real_escape_string($data->SP_ADRESSE) . "',";
     $sqlInsertStatement .= "'" . $data->SP_POSTNR . "',";
     $sqlInsertStatement .= "'" . $data->SP_POSTSTED . "',";
     $sqlInsertStatement .= "'" . $data->SP_UTLAND . "',";
     $sqlInsertStatement .= "'" . $data->SP_EPOSTADR . "',";
     $sqlInsertStatement .= "'" . $data->SP_KONTAKT . "',";
     $sqlInsertStatement .= "'" . $data->SP_ROLLE . "',";
     $sqlInsertStatement .= "'" . $data->SP_FAKS . "',";
     $sqlInsertStatement .= "'" . $data->SP_TLF . "'";
     $sqlInsertStatement .= ");";
     $this->uttrekksBase->printErrorIfDuplicateFail = false;
     if ($this->uttrekksBase->executeStatement($sqlInsertStatement) == false) {
         // 1062 == duplicate key. Scary to hardcode, but can't find mysql constants somewhere
         if (mysql_errno() == Constants::MY_SQL_DUPLICATE) {
             // This table is know to contain duplicates. We just log and continue
             $this->logger->log($this->XMLfilename, "Duplicate value detected. Value is SP_SAID (" . $data->SP_SAID . "), SP_NAVN (" . $data->SP_NAVN . ")", Constants::LOG_WARNING);
         }
     }
     $this->uttrekksBase->printErrorIfDuplicateFail = true;
     //		$this->uttrekksBase->executeStatement($sqlInsertStatement);
 }
Example #20
0
function modul($posisi)
{
    global $koneksi_db, $STYLE_INCLUDE, $SCRIPT_INCLUDE;
    $total = 0;
    $numb = 0;
    if (isset($_GET['pilih'])) {
        $pilih = mysql_real_escape_string(strip_tags($_GET['pilih']));
        $numb = mysql_num_rows(mysql_query("SELECT `id` FROM `actions` WHERE `modul_hrd` = '{$pilih}'"));
        $modulku = mysql_query("SELECT * FROM `actions` LEFT JOIN `modul_hrd` ON (`modul_hrd`.`id` = `actions`.`modul_id`) WHERE `actions`.`modul_hrd` = '{$pilih}' AND `actions`.`posisi` = '{$posisi}' ORDER BY `actions`.`order`");
        $total = mysql_num_rows($modulku);
        while ($viewmoduls = mysql_fetch_assoc($modulku)) {
            if (file_exists($viewmoduls['isi']) && $viewmoduls['type'] == 'module') {
                include $viewmoduls['isi'];
                kotakjudul($viewmoduls['modul'], @$out, '');
                $out = '';
            }
            if ($viewmoduls['type'] == 'block') {
                kotakjudul($viewmoduls['modul'], $viewmoduls['isi'], '');
            }
        }
    }
    if ($total == 0 && $numb == 0) {
        $modulku = $koneksi_db->sql_query("SELECT * FROM modul_hrd WHERE published= 1 AND posisi= '{$posisi}' ORDER BY ordering");
        while ($viewmodul = $koneksi_db->sql_fetchrow($modulku)) {
            if (file_exists($viewmodul['isi']) && $viewmodul['type'] == 'module') {
                include $viewmodul['isi'];
                kotakjudul($viewmodul['modul'], @$out, '');
                $out = '';
            }
            if ($viewmodul['type'] == 'block') {
                kotakjudul($viewmodul['modul'], $viewmodul['isi'], '');
            }
        }
    }
}
Example #21
0
function clear_string($cl_str)
{
    $cl_str = strip_tags($cl_str);
    $cl_str = mysql_real_escape_string($cl_str);
    $cl_str = trim($cl_str);
    return $cl_str;
}
Example #22
0
function serialize_exif($uploaded_file)
{
    //$exif_tmp = read_exif_data_raw($_FILES['upload_file']['tmp_name'],0);
    $exif_tmp = read_exif_data_raw($uploaded_file, 0);
    $flat_exif_tmp = flatten_array($exif_tmp);
    if (in_array("DataDumpMakerNote", $flat_exif_tmp)) {
        // this field is set to empty because it causes trouble
        $flat_exif_tmp['DataDumpMakerNote'] = NULL;
    }
    //search for all "unknown:*" fields because like the MakerNote it causes trouble.
    // Thanks to erdbeerbaum for pointing this out.
    foreach ($flat_exif_tmp as $key => $value) {
        $pos = strpos($key, "unknown:");
        if ($pos === 0) {
            $flat_exif_tmp[$key] = NULL;
        }
    }
    foreach ($flat_exif_tmp as $key => $value) {
        $flat_exif_tmp[$key] = trim($value);
    }
    $exif_info = serialize($flat_exif_tmp);
    // we need to escape the string before saving it to the db
    $exif_info = mysql_real_escape_string($exif_info);
    return $exif_info;
}
Example #23
0
 function update($vTablename, $aUpdate = array(), $sWhere)
 {
     $count = 0;
     $fields = '';
     foreach ($aUpdate as $col => $val) {
         if ($count++ != 0) {
             $fields .= ', ';
         }
         $col = mysql_real_escape_string($col);
         $val = mysql_real_escape_string($val);
         $fields .= "`{$col}` = '{$val}' ";
     }
     $sql = "UPDATE `{$vTablename}` SET {$fields} ";
     $count = 0;
     $fields = '';
     foreach ($aUpdate as $col => $val) {
         if ($count++ != 0) {
             $fields .= ', ';
         }
         $col = mysql_real_escape_string($col);
         $val = mysql_real_escape_string($val);
         $fields .= "`{$col}` = {$val}";
     }
     $sql .= " WHERE {$sWhere}";
     // echo $sql;
     if ($this->db->query($sql) === TRUE) {
         return "Success";
     } else {
         return "Error Update Table: " . $this->db->error;
     }
 }
	function escape($string) {
		return addslashes( $string ); // Disable rest for now, causing problems
		if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' )
			return mysql_escape_string( $string );
		else
			return mysql_real_escape_string( $string, $this->dbh );
	}
Example #25
0
 function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
 {
     if (PHP_VERSION < 6) {
         $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
     }
     $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
     switch ($theType) {
         case "text":
             $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
             break;
         case "long":
         case "int":
             $theValue = $theValue != "" ? intval($theValue) : "NULL";
             break;
         case "double":
             $theValue = $theValue != "" ? doubleval($theValue) : "NULL";
             break;
         case "date":
             $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
             break;
         case "defined":
             $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
             break;
     }
     return $theValue;
 }
Example #26
0
function insert_item()
{
    // Connect to the 'test' database
    // The parameters are defined in the teach_cn.inc file
    // These are global constants
    connect_and_select_db(DB_SERVER, DB_UN, DB_PWD, DB_NAME);
    // Get the information entered into the webpage by the user
    // These are available in the super global variable $_POST
    // This is actually an associative array, indexed by a string
    $itemNumber = mysql_real_escape_string($_POST['itemNumber']);
    $itemDescription = mysql_real_escape_string($_POST['itemDescription']);
    $category = mysql_real_escape_string($_POST['category']);
    $departmentName = mysql_real_escape_string($_POST['departmentName']);
    $purchaseCost = mysql_real_escape_string($_POST['purchaseCost']);
    $retailPrice = mysql_real_escape_string($_POST['retailPrice']);
    // Create a String consisting of the SQL command. Remember that
    // . is the concatenation operator. $varname within double quotes
    // will be evaluated by PHP
    $insertStmt = "INSERT INTO Item (ItemNumber, ItemDescription, Category, DepartmentName,\n\t\t       PurchaseCost, FullRetailPrice) values ( '{$itemNumber}','{$itemDescription}', '{$category}',\n                      '{$departmentName}', '{$purchaseCost}', '{$retailPrice}')";
    //Execute the query. The result will just be true or false
    $result = mysql_query($insertStmt);
    $message = "";
    if (!$result) {
        $message = "Error in inserting Item. <br />Item Number: {$itemNumber}<br />Item Description:\n{$itemDescription} <br />Category:\n{$category}\n<br />Department\n Name: {$departmentName} <br />" . mysql_error();
    } else {
        $message = "Data for Item inserted successfully. <br />Item Number: {$itemNumber}<br />Item Description: {$itemDescription} <br />Category: {$category} <br />Department Name: {$departmentName}";
    }
    ui_show_item_insert_result($message, $itemNumber, $itemDescription, $category, $departmentName, $purchaseCost, $retailPrice);
}
Example #27
0
 function FindOrk2Player($ork3_id, $aname, $fname, $lname, $chapter)
 {
     if (array_key_exists($chapter, $this->chapterMap)) {
         $sql = "\n                    select * \n                        from ORKplayers\n                        where chapterID = {$this->chapterMap[$chapter]}\n                            and aname like '{$aname}' and fname like '{$fname}' and lname like '{$lname}'";
         $player = $this->ORK2->query($sql);
         if ($player->size() == 1) {
             //echo "Found $ork3_id: ($aname): {$player->playerID}; ";
             $this->iOrk2->RecordTransfer('players', 'Player', $player->playerID, $ork3_id, array(), 1);
             return true;
         } else {
             if ($player->size() > 1) {
                 //echo "Too many...";
             } else {
                 //echo "No hits...";
             }
         }
     }
     $sql = "\n                select * \n                    from ORKplayers\n                    where \n                        aname like '" . mysql_real_escape_string($aname) . "' \n                        and fname like '" . mysql_real_escape_string($fname) . "' \n                        and lname like '" . mysql_real_escape_string($lname) . "'";
     $player = $this->ORK2->query($sql);
     if ($player->size() == 1) {
         //echo "Found $ork3_id: ($aname): {$player->playerID}; ";
         $this->iOrk2->RecordTransfer('players', 'Player', $player->playerID, $ork3_id, array(), 1);
         return true;
     } else {
         if ($player->size() > 1) {
             //echo "Too many...";
         } else {
             //echo "No hits...";
         }
     }
     return false;
 }
Example #28
0
 function escape_string($s, $strip_tags = true)
 {
     if ($strip_tags) {
         $s = strip_tags($s);
     }
     return mysql_real_escape_string($s, $this->link);
 }
Example #29
0
function file_to_str($file, $size)
{
    $link = start_nchsls();
    $fd = fopen($file, 'r');
    $str = fread($fd, $size);
    return mysql_real_escape_string($str, $link);
}
Example #30
0
function add_message($locale, $groupid, $message)
{
    global $mysqlprefix;
    $link = connect();
    perform_query("insert into {$mysqlprefix}chatresponses (locale,groupid,vcvalue) values ('" . mysql_real_escape_string($locale, $link) . "'," . ($groupid ? intval($groupid) . ", " : "null, ") . "'" . mysql_real_escape_string($message, $link) . "')", $link);
    mysql_close($link);
}