PHP protect_sql Exemples

Exemple #1

Fichier : admins.php Projet : tcarmet/Piscine_php

function select_info_admin($bdd2, $id)
{
    $id = protect_sql($id, "intval");
    $finish = array();
    $sql = "SELECT id_admin, login, email, id_ranks FROM `administrators` WHERE id_admin = " . $id . "";
    if ($data = $bdd2->query_select($sql)) {
        $sql_2 = "SELECT * FROM `administrators_ranks` WHERE id_rank = " . $data[0]['id_ranks'] . "";
        if ($data_2 = $bdd2->query_select($sql_2)) {
            $data[0]['rank'] = $data_2[0]['name'];
            return $data[0];
        }
        return 0;
    } else {
        return 0;
    }
}

Exemple #2

Fichier : players.php Projet : tcarmet/Piscine_php

function select_info_user($bdd2, $id)
{
    $id = protect_sql($id, "intval");
    $finish = array();
    $sql = "SELECT id_player, login, email, nbr_points FROM `players` WHERE id_player = " . $id . "";
    if ($data = $bdd2->query_select($sql)) {
        $sql_2 = "SELECT * FROM `players_grades` WHERE " . $data[0]['nbr_points'] . " BETWEEN min_points AND max_points";
        if ($data_2 = $bdd2->query_select($sql_2)) {
            $data[0]['grade'] = $data_2[0]['name'];
            return $data[0];
        }
        return 0;
    } else {
        return 0;
    }
}

Exemple #3

Fichier : composants.php Projet : tcarmet/Piscine_php

function delete_type($bdd2, $id)
{
    $id = protect_sql($id, "intval");
    $sql = "DELETE FROM type_of_games WHERE id_type_game = '" . $id . "'";
    if ($bdd2->query($sql)) {
        return 1;
    } else {
        return 0;
    }
}

Exemple #4

Fichier : functions.php Projet : tcarmet/Piscine_php

function update_article_sql($id, $title, $firstname, $name, $desc, $age, $price)
{
    $title = protect_sql($title, "none");
    $firstname = protect_sql($firstname, "none");
    $name = protect_sql($name, "none");
    $desc = protect_sql($desc, "none");
    $age = protect_sql($age, "intval");
    $price = protect_sql($price, "intval");
    $sql = 'UPDATE articles SET title = "' . $title . '", firstname_articles = "' . $firstname . '", name_articles = "' . $name . '", desc_articles = "' . $desc . '", age = "' . $age . '", price = "' . $price . '" WHERE id_articles = "' . $id . '"';
    $bdd = connect_bdd();
    if (mysqli_query($bdd, $sql)) {
        mysqli_close($bdd);
        return 1;
    } else {
        echo mysqli_error($bdd);
        mysqli_close($bdd);
        return 0;
    }
}

Exemple #5

Fichier : games.php Projet : tcarmet/Piscine_php

function check_game($bdd2, $id)
{
    $id = protect_sql($id, "intval");
    $sql = "SELECT id_game FROM `play_in` WHERE id_player = '" . $id . "'";
    if ($data = $bdd2->query_select($sql)) {
        foreach ($data as $key => $value) {
            $sql2 = "SELECT state FROM `games` WHERE id_game = '" . $data[0]['id_game'] . "'";
            if ($data2 = $bdd2->query_select($sql2)) {
                if ($data2[0]['state'] != "Finie") {
                    return 1;
                }
            }
        }
        return 0;
    } else {
        return 0;
    }
}