function upload($database, $userlogin, $file, $maxsize, $extensions) { if (isset($_FILES[$file]) && $_FILES[$file]['error'] == 0) { $upload = false; $upload_dest = '../Users/Images/' . $_SESSION['login'] . '.jpg'; if ($_FILES[$file]['size'] <= $maxsize) { $infosfichier = pathinfo($_FILES[$file]['name']); $extension_upload = $infosfichier['extension']; if (in_array($extension_upload, $extensions)) { $upload = move_uploaded_file($_FILES[$file]['tmp_name'], $upload_dest); } } else { $msg = "<span class=\"red\">Photo volumineuse</span>"; } if ($upload == true) { $photo = pg_escape_string($upload_dest); $query_photo = pg_query($database, "UPDATE users SET photo='{$photo}' WHERE login='******'") or die('Échec requête : ' . pg_last_error()); if ($query_photo != false) { $msg = "Envoi du fichier \"" . $_FILES[$file]['name'] . "\" réussi"; } else { $msg = "Photo envoyée mais non ajouté à la base"; } pg_free_result($query_photo); } else { $msg = "<span class=\"red\">Envoi du fichier \"" . $_FILES[$file]['name'] . "\" échoué</span>"; } } else { $msg = "Photo de profil supprimée"; } return $msg; }
function Q($sql, $str = false) { if ($str == false && !is_integer($sql)) { $value = -1; } return pg_escape_string($sql); }
function check_str($string, $trim = true) { global $db_type, $db; //when code in db is urlencoded the ' does not need to be modified if ($db_type == "sqlite") { if (function_exists('sqlite_escape_string')) { $string = sqlite_escape_string($string); } else { $string = str_replace("'", "''", $string); } } if ($db_type == "pgsql") { $string = pg_escape_string($string); } if ($db_type == "mysql") { if (function_exists('mysql_real_escape_string')) { $tmp_str = mysql_real_escape_string($string); } else { $tmp_str = mysqli_real_escape_string($db, $string); } if (strlen($tmp_str)) { $string = $tmp_str; } else { $search = array("", "\n", "\r", "\\", "'", "\"", ""); $replace = array("\\x00", "\\n", "\\r", "\\\\", "\\'", "\\\"", "\\"); $string = str_replace($search, $replace, $string); } } $string = $trim ? trim($string) : $string; return $string; }
function fnSanitizePost($data, $sdb = "PG") { //escapes,strips and trims all members of the post array if (is_array($data)) { $areturn = array(); foreach ($data as $skey => $svalue) { $areturn[$skey] = fnSanitizePost($svalue); } return $areturn; } else { if (!is_numeric($data)) { //with magic quotes on, the input gets escaped twice, we want to avoid this. if (get_magic_quotes_gpc()) { $data = stripslashes($data); } //escapes a string for insertion into the database switch ($sdb) { case "MySQL": $data = mysql_real_escape_string($data); break; case "PG": $data = pg_escape_string($data); break; } $data = strip_tags($data); //strips HTML and PHP tags from a string } $data = trim($data); //trims whitespace from beginning and end of a string return $data; } }
function escape_string($s, $strip_tags = true) { if ($strip_tags) { $s = strip_tags($s); } return pg_escape_string($s); }
protected function processValid() { global $cfg; $db = Database::getInstance($cfg['DPS']['dsn']); if (is_numeric($this->fieldData['resultCount'])) { if ($this->fieldData['submit'] == 'Clear List') { for ($i = 0; $i < $this->fieldData['resultCount']; $i++) { $cb = 'checkbox_' . $i; $id = 'trackID_' . $i; if (is_numeric(pg_escape_string($this->fieldData[$id])) && pg_escape_string($this->fieldData[$id] != "")) { $trUpdate['censor'] = 'f'; $trUpdate['flagged'] = 'f'; $trWhere = "id = " . pg_escape_string($this->fieldData[$id]); $db->update('audio', $trUpdate, $trWhere, true); } } } else { for ($i = 0; $i < $this->fieldData['resultCount']; $i++) { $cb = 'checkbox_' . $i; $id = 'trackID_' . $i; if ($this->fieldData[$cb] == "on" && is_numeric(pg_escape_string($this->fieldData[$id])) && pg_escape_string($this->fieldData[$id] != "")) { $trUpdate['censor'] = 't'; $trUpdate['flagged'] = 'f'; $trWhere = "id = " . pg_escape_string($this->fieldData[$id]); $db->update('audio', $trUpdate, $trWhere, true); } } } } }
protected function processValid() { global $cfg; $db = Database::getInstance($cfg['DPS']['dsn']); $audio = $this->fieldData['audioID']; $style = $this->fieldData['style']; $AwWall = $this->fieldData['awwallID']; $AwItemPos = $this->fieldData['awitemPos']; $text = ""; $subStr = explode("\n", $_POST["text"]); foreach ($subStr as $value) { $text = $text . pg_escape_string($value) . "\n"; } $text = rtrim($text, "\n"); if ($text != '' && $audio != '' && is_numeric($audio)) { $sql = "SELECT COUNT(*) FROM aw_items, aw_walls \n\t\t\t\tWHERE aw_walls.id = aw_items.wall_id\n\t\t\t\tAND aw_walls.id = " . pg_escape_string($AwWall) . " \n\t\t\t\tAND aw_items.item = " . pg_escape_string($AwItemPos); $count = $db->getOne($sql); if ($count == 0) { $AwItem = array(); $AwItem['text'] = $text; $AwItem['audio_id'] = $audio; $AwItem['style_id'] = $style; $AwItem['wall_id'] = $AwWall; $AwItem['item'] = $AwItemPos; $db->insert('aw_items', $AwItem, true); } else { //do error stuff } } }
function FetchLogs($channel) { $html = ""; $c = 0; $logs = array(); $display_joins = isset($_GET['data']); if ($display_joins) { $sql = "SELECT * FROM logs WHERE channel = '" . pg_escape_string($channel) . "' and time > to_timestamp( '" . pg_escape_string($_GET["start"] . " 00:00:00") . "', 'MM/DD/YYYY HH24:MI:SS' ) and time < to_timestamp( '" . pg_escape_string($_GET["end"] . " 23:59:59") . "', 'MM/DD/YYYY HH24:MI:SS' ) order by time asc;"; } else { $sql = "SELECT * FROM logs WHERE channel = '" . pg_escape_string($channel) . "' and time > to_timestamp( '" . pg_escape_string($_GET["start"] . " 00:00:00") . "', 'MM/DD/YYYY HH24:MI:SS' ) and time < to_timestamp( '" . pg_escape_string($_GET["end"] . " 23:59:59") . "', 'MM/DD/YYYY HH24:MI:SS' ) and type = 0 order by time asc;"; } $query = pg_query($sql); if (!$query) { die('SQL failure: ' . pg_last_error()); } while ($item = pg_fetch_assoc($query)) { $logs[] = $item; $c++; } if ($c == 0) { return "No logs found, try a different filter"; } $html .= "<p>Displaying {$c} items:</p>\n"; if (isset($_GET["wiki"])) { $html .= LogsWiki::Render2($logs); } else { $html .= LogsHtml::RenderLogs($logs); } return $html; }
function DDLB_Choices($Name = 'page_size', $selected = '', $ChoiceSuffix = '') { # return the HTML which forms a dropdown list box. # optionally, select the item identified by $selected. $Debug = 0; $HTML = '<select name="' . htmlentities($Name); $HTML .= '" title="select a page size"'; $HTML .= ">\n"; if ($Debug) { echo "{$NumRows} rows found!<br>"; echo "selected = '{$selected}'<br>"; } foreach ($this->Choices as $choice => $value) { $HTML .= '<option value="' . htmlspecialchars(pg_escape_string($value)) . '"'; if ($value == $selected) { $HTML .= ' selected'; } $HTML .= '>' . htmlspecialchars(pg_escape_string($choice)); if ($ChoiceSuffix) { $HTML .= ' ' . htmlspecialchars(pg_escape_string($ChoiceSuffix)); } $HTML .= "</option>\n"; } $HTML .= '</select>'; return $HTML; }
function CreateHTML() { global $freshports_CommitMsgMaxNumOfLinesToShow; if (isset($this->Filter)) { $sql = "select * from LatestCommitsFiltered({$this->MaxNumberOfPorts}, {$this->UserID}, '" . pg_escape_string($this->Filter) . "')"; } else { # $sql = "select * from LatestCommits($this->MaxNumberOfPorts, $this->UserID)"; $sql = "\n SELECT LC.*, STF.message AS stf_message\n FROM LatestCommits({$this->MaxNumberOfPorts}, 0, '" . pg_escape_string($this->BranchName) . "') LC LEFT OUTER JOIN sanity_test_failures STF\n ON LC.commit_log_id = STF.commit_log_id\nORDER BY LC.commit_date_raw DESC, LC.category, LC.port, element_pathname"; } if ($this->Debug) { echo "\n<p>sql={$sql}</p>\n"; } $result = pg_exec($this->dbh, $sql); if (!$result) { die("read from database failed"); exit; } $DisplayCommit = new DisplayCommit($this->dbh, $result); $DisplayCommit->Debug = $this->Debug; $DisplayCommit->SetDaysMarkedAsNew($this->DaysMarkedAsNew); $DisplayCommit->SetUserID($this->UserID); $DisplayCommit->SetWatchListAsk($this->WatchListAsk); $RetVal = $DisplayCommit->CreateHTML(); $this->HTML = $DisplayCommit->HTML; return $RetVal; }
public function quote($string, $withQuotes = true) { if (!is_scalar($string) && !is_null($string) && (!is_object($string) || !method_exists($string, '__toString'))) { throw new Exception('Trying to quote "' . gettype($string) . '". Value: "' . var_export($string, true) . '"'); } return $withQuotes ? "'" . pg_escape_string($string) . "'" : pg_escape_string($string); }
function Add($UserID, $CommitLogID) { # # Add an item to the list # # # make sure we don't report the duplicate entry error when adding... # $PreviousReportingLevel = error_reporting(E_ALL ^ E_WARNING); # # The subselect ensures the user can only add things to their # own watch list # $sql = "\nINSERT INTO {$this->_TableName}\nSELECT {$UserID} as user_id, \n\t (SELECT id from commit_log where message_id = '" . pg_escape_string($CommitLogID) . "') as commit_log_id\n WHERE not exists (\n SELECT T.user_id, T.commit_log_id\n FROM {$this->_TableName} T\n WHERE T.user_id = {$UserID}\n AND T.commit_log_id = (SELECT id from commit_log where message_id = '" . pg_escape_string($CommitLogID) . "'))"; if ($this->_Debug) { echo "<pre>{$sql}</pre>"; } $result = pg_exec($this->dbh, $sql); if ($result) { $return = 1; } else { # If this isn't a duplicate key error, then break if (stristr(pg_last_error(), "Cannot insert a duplicate key") == '') { $return = -1; } else { $return = 1; } } error_reporting($PreviousReportingLevel); return $return; }
public static function _run($xml, $conn_pg) { global $user_maclabel; $table = array(); $data = array(); foreach ($xml->children() as $k => $v) { if (!isset($table[$k])) { $table[$k] = array(); } if (!isset($data[$k])) { $data[$k] = array(); } $assoc = array(); foreach ($v->children() as $r => $c) { $d = (string) $c; if ($d !== '') { if (is_numeric($d)) { $d = floatval($d); if (!isset($table[$k][$r])) { $table[$k][$r] = 'float'; } } else { $table[$k][$r] = 'varchar(255)'; } } if ($d !== '') { $assoc[$r] = "'" . pg_escape_string($d) . "'"; } } $data[$k][] = $assoc; } //ooo, how much memory is used here... foreach ($table as $k => $v) { $mod = ""; if ($user_maclabel) { $mod .= "ALTER TABLE {$k} SET MAC TO NULL; ALTER TABLE {$k} DISABLE COLUMN MACS;"; } $mod .= "DROP TABLE IF EXISTS {$k}; CREATE TABLE {$k} ( "; foreach ($v as $col => $typ) { if ($col != 'maclabel') { $mod .= "\"{$col}\" {$typ},"; } } $mod .= "CHECK(TRUE))"; $mod .= ($_POST['mac_records'] ? " WITH (MACS = true)" : "") . ";"; if ($_POST['mac_columns']) { $mod .= "ALTER TABLE {$k} ENABLE COLUMN MACS;"; } pg_query($conn_pg, $mod) or die("error on query " . pg_last_error($conn_pg)); } foreach ($data as $k => $t) { pg_query($conn_pg, "BEGIN;"); foreach ($t as $v) { $ins = "INSERT INTO {$k} ( " . implode(",", array_keys($v)) . ") VALUES (" . implode(",", array_values($v)) . ");"; pg_query($conn_pg, $ins) or die("error on query " . pg_last_error($conn_pg)); } pg_query($conn_pg, "ANALYZE {$k};"); pg_query($conn_pg, "COMMIT;"); } }
function Fetch() { $sql = "\n\t\tSELECT DISTINCT\n\t\t\tcommit_log.commit_date - SystemTimeAdjust() AS commit_date_raw,\n\t\t\tcommit_log.id AS commit_log_id,\n\t\t\tcommit_log.encoding_losses AS encoding_losses,\n\t\t\tcommit_log.message_id AS message_id,\n\t\t\tcommit_log.committer AS committer,\n\t\t\tcommit_log.description AS commit_description,\n\t\t\tto_char(commit_log.commit_date - SystemTimeAdjust(), 'DD Mon YYYY') AS commit_date,\n\t\t\tto_char(commit_log.commit_date - SystemTimeAdjust(), 'HH24:MI') AS commit_time,\n\t\t\tNULL AS port_id,\n\t\t\tNULL AS category,\n\t\t\tNULL AS category_id,\n\t\t\tNULL AS port,\n\t\t\telement_pathname(element.id) AS pathname,\n\t\t\tNULL AS version,\n\t\t\tcommit_log_elements.revision_name AS revision,\n\t\t\tNULL AS epoch,\n\t\t\telement.status AS status,\n\t\t\tNULL AS needs_refresh,\n\t\t\tNULL AS forbidden,\n\t\t\tNULL AS broken,\n\t\t\tNULL AS deprecated,\n\t\t\tNULL AS ignore,\n\t\t\tNULL AS expiration_date,\n\t\t\tNULL AS date_added,\n\t\t\tNULL AS element_id,\n\t\t\tNULL AS short_description,\n\t\t\tNULL AS stf_message"; if ($this->UserID) { $sql .= ",\n\t onwatchlist "; } $sql .= "\n FROM commit_log, commit_log_elements, element "; if ($this->UserID) { $sql .= "\n\t LEFT OUTER JOIN\n\t (SELECT element_id as wle_element_id, COUNT(watch_list_id) as onwatchlist\n\t FROM watch_list JOIN watch_list_element \n\t ON watch_list.id = watch_list_element.watch_list_id\n\t AND watch_list.user_id = " . $this->UserID . "\n\t AND watch_list.in_service\t\t\n\t GROUP BY wle_element_id) AS TEMP\n\t ON TEMP.wle_element_id = element.id"; } $sql .= "\n\t WHERE commit_log.id IN (SELECT tmp.id FROM (SELECT DISTINCT CL.id, CL.commit_date\n FROM commit_log CL\n WHERE CL.committer = '" . pg_escape_string($this->Committer) . "'\nORDER BY CL.commit_date DESC "; if ($this->Limit) { $sql .= " LIMIT " . $this->Limit; } if ($this->Offset) { $sql .= " OFFSET " . $this->Offset; } $sql .= ")as tmp)\n\t AND commit_log_elements.commit_log_id = commit_log.id\n\t AND commit_log_elements.element_id = element.id\n ORDER BY 1 desc,\n\t\t\tcommit_log_id"; if ($this->Debug) { echo '<pre>' . $sql . '</pre>'; } $this->LocalResult = pg_exec($this->dbh, $sql); if ($this->LocalResult) { $numrows = pg_numrows($this->LocalResult); if ($this->Debug) { echo "That would give us {$numrows} rows"; } } else { $numrows = -1; echo 'pg_exec failed: ' . "<pre>{$sql}</pre>"; } return $numrows; }
function search_db($netid) { global $dbfields; if (!preg_match("/\\A[a-z]{3}([0-9]*)\\Z/i", $netid)) { return array(); } init_db(); $query = "select * from users where netid='" . pg_escape_string($netid) . "'"; $result = pg_query($query); $present = pg_fetch_array($result, null, PGSQL_ASSOC); if ($present == null) { return array(); } $person = new Person($netid); pg_free_result($result); foreach ($dbfields as $f) { $query = "select * from " . $f . " where netid='" . pg_escape_string($netid) . "'"; $result = pg_query($query); while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) { $value = $line[$f]; if ($line["ldap"] === "f") { $person->db_fields[$f][] = $value; } else { $person->ldap_fields[$f][] = $value; } } pg_free_result($result); } $person->refresh_db(); return array($person); }
protected function setupTemplate() { global $cfg; parent::setupTemplate(); $db = Database::getInstance($cfg['DPS']['dsn']); $scriptID = pg_escape_string($this->fieldData['scriptID']); $auth = Auth::getInstance(); $userID = $auth->getUserID(); $date = time(); if (is_numeric($scriptID)) { $script_query = "SELECT bit_or(permissions) \n\t\t\t\tFROM v_tree_script\n\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\tAND userid = {$userID}"; $checkScripts = $db->getOne($script_query); if (substr($checkScripts, 0, 1) == "1") { if (substr($checkScripts, 1, 1) == "1") { $this->assign('write', 't'); } else { $this->assign('write', 'f'); } $script_sql = "SELECT * FROM scripts WHERE id = " . $scriptID; $script = $db->getRow($script_sql); $script['m'] = (int) ($script['length'] / 60); $script['s'] = $script['length'] - $script['m'] * 60; $script['niceProducer'] = AuthUtil::getUsername($script['creator']); $this->assign('script', $script); } else { $this->assign('error', 'You do not have permission to edit that script.'); } } else { $this->assign('error', 'Invalid Show ID supplied'); } $this->assign('Admin', AuthUtil::getDetailedUserrealmAccess(array(1), $userID)); }
/** * Construtor. */ function clsEnderecoExterno($idpes = FALSE, $tipo = FALSE, $idtlog = FALSE, $logradouro = FALSE, $numero = FALSE, $letra = FALSE, $complemento = FALSE, $bairro = FALSE, $cep = FALSE, $cidade = FALSE, $sigla_uf = FALSE, $reside_desde = FALSE, $bloco = FALSE, $apartamento = FALSE, $andar = FALSE, $idpes_cad = FALSE, $idpes_rev = FALSE, $zona_localizacao = 1) { $idtlog = urldecode($idtlog); $objPessoa = new clsPessoa_($idpes); if ($objPessoa->detalhe()) { $this->idpes = $idpes; } $this->tipo = $tipo; $objTipoLog = new clsTipoLogradouro($idtlog); if ($objTipoLog->detalhe()) { $this->idtlog = $idtlog; } $this->logradouro = pg_escape_string($logradouro); $this->numero = $numero; $this->letra = $letra; $this->complemento = pg_escape_string($complemento); $this->bairro = pg_escape_string($bairro); $this->cep = $cep; $this->cidade = pg_escape_string($cidade); $objSiglaUf = new clsUf($sigla_uf); if ($objPessoa->detalhe()) { $this->sigla_uf = $sigla_uf; } $this->idpes_cad = $idpes_cad ? $idpes_cad : $_SESSION['id_pessoa']; $this->idpes_rev = $idpes_rev ? $idpes_rev : $_SESSION['id_pessoa']; $this->reside_desde = $reside_desde; $this->bloco = $bloco; $this->apartamento = $apartamento; $this->andar = $andar; $this->zona_localizacao = $zona_localizacao; $this->tabela = 'endereco_externo'; }
function helper_userdata($data) { $user_data = array(); $user_data['accion'] = pg_escape_string($data->accion); $user_data["municipio"] = $data->municipio; return $user_data; }
function transform($x, $y, $oldEPSG, $newEPSG) { if (is_null($x) || !is_numeric($x) || is_null($y) || !is_numeric($y) || is_null($oldEPSG) || !is_numeric($oldEPSG) || is_null($newEPSG) || !is_numeric($newEPSG)) { return null; } if (SYS_DBTYPE == 'pgsql') { $con = db_connect(DBSERVER, OWNER, PW); $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as minx"; $resMinx = db_query($sqlMinx); $minx = floatval(db_result($resMinx, 0, "minx")); $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as miny"; $resMiny = db_query($sqlMiny); $miny = floatval(db_result($resMiny, 0, "miny")); } else { $con_string = "host=" . GEOS_DBSERVER . " port=" . GEOS_PORT . " dbname=" . GEOS_DB . "user="******"password="******"Error while connecting database"); /* * @security_patch sqli done */ $sqlMinx = "SELECT X(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as minx"; $resMinx = pg_query($con, $sqlMinx); $minx = floatval(pg_fetch_result($resMinx, 0, "minx")); $sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as miny"; $resMiny = pg_query($con, $sqlMiny); $miny = floatval(pg_fetch_result($resMiny, 0, "miny")); } return array("x" => $minx, "y" => $miny); }
function bindParameters($binds) { krsort($binds); $safe = '$1G#$2T#$3E$#'; $this->sql = str_replace(':', ':' . $safe, $this->sql); $this->sql = str_replace(':-', ':-' . $safe, $this->sql); $this->sql = str_replace('->', '->' . $safe, $this->sql); foreach ($binds as $key => $value) { if (is_array($value)) { if (is_null($value[0])) { $this->sql = str_replace(':' . $safe . $key, "NULL", $this->sql); $this->sql = str_replace(':-' . $safe . $key, "NULL", $this->sql); } else { $this->sql = str_replace(':' . $safe . $key, pg_escape_string($value[0]), $this->sql); $this->sql = str_replace(':-' . $safe . $key, "'" . pg_escape_string($value[0]) . "'", $this->sql); } } else { if (is_null($value)) { $this->sql = str_replace(':' . $safe . $key, "NULL", $this->sql); } else { if (gettype($value) == "string") { $this->sql = str_replace(':' . $safe . $key, "'" . pg_escape_string($value) . "'", $this->sql); } else { $this->sql = str_replace(':' . $safe . $key, $value, $this->sql); } } $this->sql = str_replace('->' . $safe . $key, $value, $this->sql); } } //return $this->sql; }
function getNotices() { // @fixme there should be a common func for this if (common_config('db', 'type') == 'pgsql') { if (!empty($this->out->tag)) { $tag = pg_escape_string($this->out->tag); } } else { if (!empty($this->out->tag)) { $tag = mysql_escape_string($this->out->tag); } } $weightexpr = common_sql_weight('fave.modified', common_config('popular', 'dropoff')); $cutoff = sprintf("fave.modified > '%s'", common_sql_date(time() - common_config('popular', 'cutoff'))); $qry = "SELECT notice.*, {$weightexpr} as weight "; if (isset($tag)) { $qry .= 'FROM notice_tag, notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff} and notice.id = notice_tag.notice_id and '{$tag}' = notice_tag.tag"; } else { $qry .= 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff}"; } $qry .= ' GROUP BY notice.id,notice.profile_id,notice.content,notice.uri,' . 'notice.rendered,notice.url,notice.created,notice.modified,' . 'notice.reply_to,notice.is_local,notice.source,notice.conversation, ' . 'notice.lat,notice.lon,location_id,location_ns,notice.repeat_of' . ' ORDER BY weight DESC'; $offset = 0; $limit = NOTICES_PER_SECTION + 1; $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; $notice = Memcached_DataObject::cachedQuery('Notice', $qry, 1200); return $notice; }
protected function processValid() { global $cfg; $db = Database::getInstance($cfg['DPS']['dsn']); $itemID = pg_escape_string($this->fieldData['itemID']); $sql = "SELECT showplanid FROM showitems WHERE id = {$itemID}"; $showID = $db->getOne($sql); $sql = "SELECT * FROM showitems\n\t\t\tWHERE showplanid = {$showID} ORDER BY position ASC"; $showItems = $db->getAll($sql); $lastItem = false; foreach ($showItems as $item) { if ($item['id'] == $itemID) { if ($lastItem !== false) { $upUpdate = array(); $downUpdate = array(); $upWhere = "showplanid = {$showID} and id = " . $item['id']; $downWhere = "showplanid = {$showID} and id = " . $lastItem['id']; $upUpdate['position'] = $lastItem['position']; $downUpdate['position'] = $item['position']; $db->update('showitems', $upUpdate, $upWhere, true); $db->update('showitems', $downUpdate, $downWhere, true); } } $lastItem = $item; } }
protected function setupTemplate() { global $cfg; parent::setupTemplate(); $db = Database::getInstance($cfg['DPS']['dsn']); $auth = Auth::getInstance(); $userID = $auth->getUserID(); $audioID = pg_escape_string($this->fieldData['audioID']); $sql = "SELECT jinglepkgid FROM audiojinglepkgs WHERE audioid = {$audioID}"; $jinglepkgID = $db->getOne($sql); $sql = "SELECT name FROM jinglepkgs WHERE id = {$jinglepkgID}"; $currentpkg = $db->getOne($sql); if ($currentpkg == '') { $currentpkg = 'Default'; } $sql = "SELECT title FROM audio WHERE id = {$audioID}"; $jinglename = $db->getOne($sql); $sql = "SELECT name, id FROM jinglepkgs"; $jinglepkgs = $db->getAll($sql); $this->assign('access_playlist', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 33), $userID)); $this->assign('access_sue', AuthUtil::getDetailedUserrealmAccess(array(24, 20, 3), $userID)); $this->assign('Admin', AuthUtil::getDetailedUserrealmAccess(array(1), $userID)); $this->assign('jinglepkgs', $jinglepkgs); $this->assign('currentpkg', $currentpkg); $this->assign('currentpkgid', $jinglepkgID); $this->assign('jinglename', $jinglename); $this->assign('jingleID', $audioID); }
public function process($data) { $search = $_GET['q']; $siteId = $_GET['s']; if (isset($_GET['parent'])) { $parent = WDStringUtils::toUnixName($_GET['parent']); } else { $parent = null; } $title = isset($_GET['title']) && $_GET['title'] == 'yes'; if (!is_numeric($siteId) || $search == null || strlen($search) == 0) { return; } $search = pg_escape_string(preg_quote(str_replace(' ', '-', $search))); $siteId = pg_escape_string($siteId); $orTitle = $title ? "OR title ~* '^{$search}'" : ""; $query = "SELECT unix_name, COALESCE(title,unix_name) AS title FROM page "; $query .= "WHERE site_id ='{$siteId}' AND (unix_name ~* '^{$search}' {$orTitle})"; if ($parent) { $parent = pg_escape_string($parent); $query .= " AND parent_page_id IN (SELECT page_id FROM page WHERE unix_name = '{$parent}') "; } $query .= "ORDER BY unix_name"; Database::init(); return array('pages' => Database::connection()->query($query)->fetchAll()); }
protected function setupTemplate() { global $cfg; parent::setupTemplate(); $db = Database::getInstance($cfg['DPS']['dsn']); $auth = Auth::getInstance(); $userID = $auth->getUserID(); $scriptID = pg_escape_string($this->fieldData['scriptID']); if (!is_numeric($scriptID)) { $this->assign('permError', 't'); } else { $sql = "SELECT count(*) FROM v_tree_script\n\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileW'] . "' = '" . $cfg['DPS']['fileW'] . "'"; if ($db->getOne($sql) > 0) { $sql = "SELECT dirid FROM scriptsdir\n\t\t\t\t\tWHERE scriptid = {$scriptID}"; $dirID = $db->getOne($sql); "SELECT count(*) FROM v_tree_dir\n\t\t\t\t\tWHERE id = {$dirID}\n\t\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileW'] . "' = '" . $cfg['DPS']['fileW'] . "'"; if ($db->getOne($sql) > 0) { $flag = true; } } if ($flag) { $sql = "SELECT * FROM scripts WHERE id = {$scriptID}"; $script = $db->getRow($sql); $sql = "SELECT count(*) FROM v_tree_script\n\t\t\t\t\tWHERE id = {$scriptID}\n\t\t\t\t\t\tAND\tuserid = {$userID}\n\t\t\t\t\t\tAND permissions & B'" . $cfg['DPS']['fileO'] . "' = '" . $cfg['DPS']['fileO'] . "'"; $check = $db->getOne($sql); if ($check > 0) { $this->assign('own', 't'); } $this->assign('script', $script); $this->assign('treeType', ''); } else { $this->assign('permError', 't'); } } }
protected function setupTemplate() { global $cfg; parent::setupTemplate(); $db = Database::getInstance($cfg['DPS']['dsn']); $trackIDs = explode(";", $this->fieldData['trackID']); $tracksDetails = array(); foreach ($trackIDs as $trackID) { $sql = "SELECT audio.*, albums.name AS album \n\t\t\tFROM audio, albums \n\t\t\tWHERE audio.music_album = albums.id \n\t\t\t\tAND audio.id = " . pg_escape_string($trackID); $trackDetails = $db->getRow($sql); $sql = "SELECT DISTINCT artists.name AS name \n\t\t\tFROM artists, audioartists \n\t\t\tWHERE audioartists.audioid = " . pg_escape_string($trackID) . " \n\t\t\t\tAND audioartists.artistid = artists.id"; $trackDetails['artist'] = $db->getColumn($sql); $sql = "SELECT DISTINCT keywords.name AS name \n\t\t\tFROM keywords, audiokeywords \n\t\t\tWHERE audiokeywords.audioid = " . pg_escape_string($trackID) . " \n\t\t\t\tAND audiokeywords.keywordid = keywords.id"; $trackDetails['keywords'] = $db->getColumn($sql); $samples = $trackDetails['length_smpl']; $trackDetails['length'] = $tracksLen = round($samples / 44100 / 60) . "mins " . $samples / 44100 % 60 . "secs."; $sql = "SELECT * FROM audiocomments \n\t\t\tWHERE audioid = " . pg_escape_string($trackID) . " \n\t\t\tORDER BY creationdate ASC"; $trackDetails['comments'] = $db->getAll($sql); foreach ($trackDetails['comments'] as &$comment) { $comment['username'] = AuthUtil::getUsername($comment['userid']); $comment['comment'] = str_replace("\n", "<br>", $comment['comment']); $comment['ctime'] = substr($comment['creationdate'], 0, 10); } $tracksDetails[] = $trackDetails; } $auth = Auth::getInstance(); $userID = $auth->getUserID(); $this->assign('RequestTrack', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 29), $userID)); $this->assign('Access_CommentTrack', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 34), $userID)); $this->assign('Access_EditTrack', AuthUtil::getDetailedUserrealmAccess(array(3, 21, 27), $userID)); $this->assign('Admin', AuthUtil::getDetailedUserrealmAccess(array(1), $userID)); $this->assign('tracksDetails', $tracksDetails); }
public function quote($val) { if (is_null($val)) { return $val; } return "'" . pg_escape_string($val) . "'"; }
function escape($str) { if ($this->db && $this->connected) { $x = @pg_escape_string($this->db, $str); return $x; } }
protected function createEvent ($evname,$evid,$evmgr,$evcontact,$evmin,$evmax,$evfee,$evprize1,$evprize2,$evprize3) { $this->ename = pg_escape_string($evname); $this->eid = pg_escape_string($evid); $this->emgr = pg_escape_string($evmgr); $this->econtact = pg_escape_string($evcontact); $this->emin = pg_escape_string($evmin); $this->emax = pg_escape_string($evmax); $this->efee = pg_escape_string($evfee); $this->eprize1 = pg_escape_string($evprize1); $this->eprize2 = pg_escape_string($evprize2); $this->eprize3 = pg_escape_string($evprize3); $qry = "Insert into event(ev_name,ev_id,ev_mgr,ev_contact,ev_min,ev_max,ev_fee,ev_prize1,ev_prize2,ev_prize3) values ('".$this->ename."', '".$this->eid."', '".$this->emgr."', '".$this->econtact."', ".$this->emin.", ".$this->emax.", ".$this->efee.", '".$this->eprize1."', '".$this->eprize2."', '".$this->eprize3."') RETURNING ev_no"; $eventNo=pg_fetch_assoc(dbquery($qry)); $this->eno=$eventNo['ev_no']; }
static function find($h) { $db = Zend_Registry::get('db'); $h = pg_escape_string($h); $sql = "select * from auth_hash where hash='{$h}'"; return $db->fetchRow($sql); }