PHP pdo_escape_string Examples

Example #1

File: pdo_mysql.php Project: jalota16/nightcaviar

 function mysql_escape_string($string = NULL)
 {
     return pdo_escape_string(func_get_args());
 }

Example #2

File: language.php Project: danorama/orsee

function language__multiselectfield_item($content_type, $ptablevarname, $formfieldvarname, $selected, $language = "", $existing = false, $where = '', $show_count = false, $multi = true, $mpoptions = array())
{
    if (!$language) {
        global $lang;
        $language = lang('lang');
    }
    $items = array();
    $pars = array(':content_type' => $content_type);
    $query = "SELECT *, " . lang('lang') . " AS item\n            FROM " . table('lang') . "\n            WHERE content_type= :content_type\n            ORDER BY " . pdo_escape_string($language);
    $result = or_query($query, $pars);
    while ($line = pdo_fetch_assoc($result)) {
        $items[$line['content_name']] = stripslashes($line['item']);
    }
    $mylist = array();
    if (!$existing) {
        $mylist = $items;
    } else {
        $query = "SELECT count(*) as tf_count, " . pdo_escape_string($ptablevarname) . " as tf_value\n                FROM " . table('participants') . "\n                WHERE " . table('participants') . ".participant_id IS NOT NULL ";
        if ($where) {
            $query .= " AND " . $where . " ";
        }
        $query .= " GROUP BY " . pdo_escape_string($ptablevarname) . "\n                ORDER BY " . pdo_escape_string($ptablevarname);
        $result = or_query($query);
        while ($line = pdo_fetch_assoc($result)) {
            $thisname = "";
            if (isset($items[$line['tf_value']])) {
                $thisname .= $items[$line['tf_value']];
            } elseif ($line['tf_value'] == 0) {
                $thisname .= '-';
            } else {
                $thisname .= $line['tf_value'];
            }
            if ($show_count) {
                $thisname .= ' (' . $line['tf_count'] . ')';
            }
            $mylist[$line['tf_value']] = $thisname;
        }
    }
    $out = "";
    if (!is_array($mpoptions)) {
        $mpoptions = array();
    }
    if (!isset($mpoptions['picker_icon'])) {
        $mpoptions['picker_icon'] = 'bars';
    }
    if ($multi) {
        $out .= get_multi_picker($formfieldvarname, $mylist, $selected, $mpoptions);
    } else {
        $out .= '<SELECT name="' . $formfieldvarname . '">
                <OPTION value=""';
        if (!is_array($selected) || count($selected) == 0) {
            $out .= ' SELECTED';
        }
        $out .= '>-</OPTION>
                ';
        foreach ($mylist as $k => $v) {
            $out .= '<OPTION value="' . $k . '"';
            if (is_array($selected) && $selected[0] == $out || $selected == $k) {
                $out .= ' SELECTED';
            }
            $out .= '>' . $v . '</OPTION>
                ';
        }
        $out .= '</SELECT>
        ';
    }
    return $out;
}

Example #3

File: orsee_mysql.php Project: kfarr2/psu-orsee

function or_nonparam_query($query, $pars = array())
{
    if (isset($pars[0]) && is_array($pars[0])) {
        $query = $query . ' with ' . count($pars) . ' sets of parameters';
    } else {
        foreach ($pars as $k => $v) {
            $query = str_replace($k, pdo_escape_string($v), $query);
        }
    }
    return $query;
}

Example #4

File: instructor_session_page.php Project: psnguyen/enqueue

//function setDeleteFlag(){
if (isset($_GET["w1"]) && isset($_GET["w2"])) {
    $deleteName = $_GET["w1"];
    $deleteDescr = $_GET["w2"];
    $host = 'dbserver.engr.scu.edu';
    $username = '******';
    $password = '******';
    $database = 'sdb_pnguyen';
    if (!($conn = pdo_connect("{$host}", $username, $password))) {
        die('Error connecting to ' . host . '. ' . pdo_error());
    }
    if (!pdo_select_db($database, $conn)) {
        die('Error selecting ' . $database . '. ' . pdo_error());
    }
    $deleteName = pdo_escape_string($deleteName);
    $deleteDescr = pdo_escape_string($deleteDescr);
    $newQuery = "UPDATE `enqueue` SET `isSolved` = '1', `TimeOut` = now() WHERE `reqDescrip` LIKE '%{$deleteDescr}%' AND `studentName` LIKE '%{$deleteName}%'";
    if (pdo_query($newQuery)) {
    } else {
        echo 'update not complete';
        die(pdo_error());
    }
    //	}
}
if (isset($_POST["savebutton"])) {
    $host = 'dbserver.engr.scu.edu';
    $username = '******';
    $password = '******';
    $database = 'sdb_pnguyen';
    if (!($conn = pdo_connect("{$host}", $username, $password))) {
        die('Error connecting to ' . host . '. ' . pdo_error());

Example #5

File: tit.php Project: schwebke/tit

    $user = $_SESSION['tit']['username'];
    $now = date("Y-m-d H:i:s");
    if (trim($description) != '') {
        $query = "INSERT INTO comments (issue_id, description, user, entrytime) values('{$issue_id}','{$description}','{$user}','{$now}')";
        // create
        $db->exec($query);
    }
    if ($NOTIFY["COMMENT_CREATE"]) {
        notify($id, "[{$TITLE}] New Comment Posted", "New comment posted by {$user}\r\nTitle: " . get_col($id, "issues", "title") . "\r\nURL: http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}?id={$issue_id}");
    }
    header("Location: {$_SERVER['PHP_SELF']}?id={$issue_id}");
}
// Delete Comment
if (isset($_GET["deletecomment"])) {
    $id = pdo_escape_string($_GET['id']);
    $cid = pdo_escape_string($_GET['cid']);
    // only comment poster or admin can delete comment
    if ($_SESSION['tit']['admin'] || $_SESSION['tit']['username'] == get_col($cid, "comments", "user")) {
        $db->exec("DELETE FROM comments WHERE id='{$cid}'");
    }
    header("Location: {$_SERVER['PHP_SELF']}?id={$id}");
}
//
//      FUNCTIONS
//
// PDO quote, but without enclosing single-quote
function pdo_escape_string($str)
{
    global $db;
    $quoted = $db->quote($str);
    return $db->quote("") == "''" ? substr($quoted, 1, strlen($quoted) - 2) : $quoted;

Example #6

File: post_request.php Project: psnguyen/enqueue

    $host = 'dbserver.engr.scu.edu';
    $username = '******';
    $password = '******';
    $database = 'sdb_pnguyen';
    if (!($conn = pdo_connect("{$host}", $username, $password))) {
        die('Error connecting to ' . host . '.' . pdo_error());
    }
    if (!pdo_select_db($database, $conn)) {
        die('Error selecting ' . $database . '. ' . pdo_error());
    }
    //      $studentName = $_POST['name'];
    $studentName = $_SESSION['userName'];
    $descr = $_POST['description'];
    $category = $_POST['category'];
    $classID = $_SESSION['classID'];
    $className = "COEN175";
    $instrName = "Nate";
    $isSolved = 1;
    $studentName = pdo_escape_string($studentName);
    $descr = pdo_escape_string($descr);
    $countQuery = "SELECT * FROM `enqueue` WHERE `classID` = '{$classID}'";
    $getCountQuery = pdo_query($countQuery);
    $row_count = pdo_num_rows($getCountQuery);
    $NewRequestQuery = "INSERT INTO `enqueue` (`classID`, `reqCount`, `order`, `className`, `instructorName`, `studentName`,`reqDescrip`, `category`, `timeIn`, `timeSpent`, `isSolved`) VALUES ('{$classID}', '{$row_count}', '100', 'none','none', '{$studentName}', '{$descr}', '{$category}', now(),'0', '0')";
    if (pdo_query($NewRequestQuery)) {
    } else {
        echo 'insert not completed';
        die(pdo_error());
    }
    header("Location:student_session_page.php?");
}

Example #7

File: authenticate.php Project: psnguyen/enqueue

session_start();
include_once "pdo_mysql.php";
$username = '******';
$password = '******';
$host = 'dbserver.engr.scu.edu';
$database = 'sdb_pnguyen';
if (!($server = pdo_connect("{$host}", $username, $password))) {
    die('Error connecting to ' . $host . '.' . pdo_error());
}
if (!($conn = pdo_select_db($database, $server))) {
    die('Error selecting ' . $database . '.' . pdo_error());
}
$username = $_POST['login'];
$password = $_POST['password'];
$username = pdo_escape_string($username);
$password = pdo_escape_string($password);
$result = "SELECT `user` FROM `enqueue_login` WHERE `email` = '{$username}' AND `password` = '{$password}' AND `isInstructor` = 1";
//$instructorquery = pdo_query($result);
$result2 = "SELECT `user` FROM `enqueue_login` WHERE `email` = '{$username}' AND `password` = '{$password}' AND `isInstructor` = 0";
//$studentquery = pdo_query($result2);
/* if(pdo_num_rows($instructorquery)==0 && pdo_num_rows($studentquery) == 0){
	  	header("Location: landing_page.php");
	  }
	  else if(pdo_num_rows($studentquery > 0)){
	  		header( "Location: student_landing_page.php" ); 	
	  }
	  else if(pdo_num_rows($instructorquery > 0)){
	  		header( "Location: instructor_landing_page.html" ); 
	  }*/
$instructorquery = pdo_query($result);
if (pdo_num_rows($instructorquery) > 0) {