PHP Database::Escape Examples

Example #1

File: Database.php Project: Zipcore/GMDonate

 static function Insert($TableName, $Data)
 {
     $InsertQuery = "INSERT INTO `{$TableName}` (";
     $Incrementer = 0;
     foreach ($Data as $Key => $Value) {
         $Incrementer++;
         $InsertQuery .= "`" . $Key . "` ";
         if (count($Data) > $Incrementer) {
             $InsertQuery .= ",";
         }
     }
     $InsertQuery .= ") VALUES (";
     $Incrementer = 0;
     foreach ($Data as $Key => $Value) {
         $Incrementer++;
         if (is_numeric($Value)) {
             $InsertQuery .= $Value;
         } else {
             $InsertQuery .= "'" . Database::Escape($Value) . "'";
         }
         if (count($Data) > $Incrementer) {
             $InsertQuery .= ",";
         }
     }
     $InsertQuery .= ");";
     Database::Query($InsertQuery);
 }

Example #2

File: User.php Project: Zipcore/GMDonate

 public static function RegisterUser($SteamID, $IP)
 {
     $AuthHash = md5(rand()) . md5(rand());
     $SteamID = Database::Escape($SteamID);
     $IP = Database::Escape($IP);
     Database::Query("INSERT INTO `gmd_users` VALUES (NULL, '%s', '%s', '%s', 0, 0.0);", $AuthHash, $SteamID, $IP);
     return User::GetByField("User", "SteamID", $SteamID);
 }

Example #3

File: class_compiler.php Project: transformersprimeabcxyz/cms-intel-fake

 public function CompilePage($a_id, $a_mode = COMPILER_MODE_FRONTEND)
 {
     self::$Mode = $a_mode;
     $result = Database::Query("SELECT * FROM `" . DB_TBL_PAGES . "` WHERE `id` = '" . $a_id . "'");
     if (!$result->HasData()) {
         die("Page with id #" . $a_id . " not found!");
     }
     $this->m_pageid = $result->GetValue('id');
     $this->m_pagename = $result->GetValue('name');
     $compiled = $this->BuildTemplate($result->GetValue('template') . ".tmpl");
     if ($a_mode == COMPILER_MODE_FRONTEND) {
         Database::Query("UPDATE `" . DB_TBL_PAGES . "` SET `compiled` = '" . Database::Escape(serialize($compiled)) . "' WHERE `id` = '" . $a_id . "'");
         return $compiled;
     } else {
         return $compiled;
     }
     // Do not insert editor pages into db
 }

Example #4

File: class_content.php Project: transformersprimeabcxyz/cms-intel-fake

 public static function GetPage($a_id)
 {
     $id = Database::Escape($a_id);
     $result = Database::Query("SELECT * FROM `" . DB_TBL_PAGES . "` WHERE `id` = '" . $id . "'");
     if (!$result->HasData()) {
         die('Unknown page id');
     }
     self::$m_pagename = unserialize($result->GetValue('name'));
     $doc = unserialize($result->GetValue('compiled'));
     if (!$doc) {
         $compiler = new Compiler();
         $doc = $compiler->CompilePage($id);
     }
     // Plugin Hook
     $data_object = new stdClass();
     $data_object->doc = $doc;
     ObjMgr::GetPluginMgr()->ExecuteHook("On_PrepareTemplate", $data_object);
     // Title
     Content::AddTitle($doc, Locales::GetConstString("PAGE_TITLE", NULL, self::$m_pagename[Locales::$m_locale]));
     return $doc->getHtml();
 }

Example #5

File: class_editor.php Project: transformersprimeabcxyz/cms-intel-fake

 public static function GetModule($a_id)
 {
     $id = Database::Escape($a_id);
     $module = new Module($id);
     $doc = $module->Build();
     // Plugin Hook
     $data_object = new stdClass();
     $data_object->doc = $doc;
     ObjMgr::GetPluginMgr()->ExecuteHook("On_PrepareTemplate", $data_object);
     $data = array();
     $data['html'] = $doc->getHtml();
     $data['module_data'] = self::$m_data['module_data'];
     return json_encode($data);
 }

Example #6

File: class_locales.php Project: transformersprimeabcxyz/cms-intel-fake

 public static function WriteData($a_id, $a_data)
 {
     $id = Database::Escape($a_id);
     $data = Database::Escape(serialize($a_data));
     Database::Query("UPDATE `" . DB_TBL_DATA . "` SET `data` = '" . $data . "' WHERE `id` = '" . $id . "'");
 }

Example #7

File: class_account.php Project: transformersprimeabcxyz/cms-intel-fake

 public function LoadSession()
 {
     // Check Cookies
     if (!UGetCookie('userid')) {
         return false;
     }
     if (!UGetCookie('session')) {
         return false;
     }
     // Escape string
     $userid = Database::Escape(UGetCookie('userid'));
     // Query for user
     $account_data = Database::Query("SELECT * FROM `" . DB_TBL_ACCOUNT . "` WHERE `id` = '" . $userid . "';");
     if (!$account_data->HasData()) {
         return false;
     }
     // Query session data
     $session_data = Database::Query("SELECT * FROM `" . DB_TBL_ACCOUNT_SESSIONS . "` WHERE `id` = '" . $userid . "';");
     if (!$session_data->HasData()) {
         return false;
     }
     if (UGetCookie('session') != $session_data->GetValue('hash')) {
         return false;
     }
     // Set User Data
     $user = $account_data->GetRow();
     foreach ($user as $key => $value) {
         $this->{"m_" . $key} = $value;
     }
     return true;
 }

Example #8

File: DB_Accessor.php Project: Zipcore/GMDonate

 public static function GetAllByField($ClassName = "", $FieldName = "", $Value = "")
 {
     $ClassValues = get_class_vars($ClassName);
     // Check Table Name
     if (!isset($ClassValues["TableName"])) {
         trigger_error("Unknown table name for class [" . $ClassName . "]");
         return false;
     }
     if (!is_numeric($Value)) {
         $Value = "'" . Database::Escape($Value) . "'";
     }
     $Query = Database::Query("SELECT * FROM `%s` WHERE `%s` = %s;", $ClassValues["TableName"], $FieldName, $Value);
     $Results = array();
     while ($Row = $Query->fetch_assoc()) {
         array_push($Results, new $ClassName($Row));
     }
     return $Results;
 }