/** * Quote a value for use in a query. * @param $value * @return string */ public function quote($value) { if (is_array($value)) { $result = []; foreach ($value as $single) { $result[] = $this->quote($single); } return sprintf('(%s)', implode(', ', $result)); } else { return $this->pdo->quote($value); } }
/** * Override the template-fetching-function of the Parser * * @global string $IP * @global string $wgTemplatePath * @global string $wgTemplateExtension * @global string $wgTemplatePrefix * @param Title $title * @return array */ function fetchTemplateAndTitle($title) { #echo "\n--- Trying to find offline template: $title ---\n"; global $wgTemplateDB, $wgTemplateFileID; $finalTitle = $title; $template_text = null; # $$$ need to fix later for all languages # We pad the title with '~' to force the database to import strings $title_orig = '~' . $wgTemplateFileID . '~' . strtolower($title); $db = new PDO('sqlite:' . $wgTemplateDB); $tl = $db->quote($title_orig); #echo "\n--- ($title_orig) --- \n"; $result = $db->query("SELECT body FROM templates WHERE title = {$tl} LIMIT 1"); $data = $result->fetchAll(); $max_loop_count = 25; while ($max_loop_count && sizeof($data) == 0) { $result = $db->query("SELECT redirect FROM redirects WHERE title = {$tl} LIMIT 1"); $data = $result->fetchAll(); if (sizeof($data) == 0) { break; } $redirect = $db->quote($data[0]['redirect']); $result = $db->query("SELECT body FROM templates WHERE title = {$redirect} LIMIT 1"); $data = $result->fetchAll(); --$max_loop_count; } if (sizeof($data) > 0) { $template_text = substr($data[0]['body'], 1); #echo "\n--- TT:($template_text):TT --- \n"; } else { $template_text = ''; } $ret = array($template_text, $finalTitle); return $ret; }
public function quote($str) { if (!$this->link) { return false; } return $this->link->quote($str); }
/** * @param $field * @param $operator * @param $value * @return $this */ public function where($field, $operator, $value) { $value = is_numeric($value) ? $value : $this->pdo->quote($value); if (in_array($operator, $this->operators)) { $this->whereAnd[] = "`{$field}` {$operator} {$value}"; return $this; } die(sprintf('unsupported operator %s', $operator)); }
function generate_insert_query($line, $places, $table, PDO $db, $v_ids) { global $salt; foreach ($places as $field => $place) { $fields[] = $field; if ($field == 'password') { $values[] = $db->quote(md5($salt . $line[$place])); } else { $values[] = $db->quote($line[$place]); } } $username = $line[$places['username']]; switch ($table) { case 'v_users': if (empty($username) || $username == 'NULL') { return false; } // we'll assume that every user should be able to login if (!in_array('password', $fields)) { $fields[] = 'password'; $values[] = $db->quote(md5($salt . $username)); } break; case 'v_extensions': $ext = $line[$places['extension']]; if (empty($ext) || $ext == 'NULL') { return false; } // let's also assume every extension should also have a vm pin if (!in_array('vm_password', $fields)) { $fields[] = 'vm_password'; $values[] = $db->quote($ext); } /* if we have a username but no user_list, * let's assume we want the extension tied to the current user */ if (!in_array('user_list', $fields) && $username) { $fields[] = 'user_list'; $values[] = $db->quote(sprintf('|%s|', $username)); } $idx = array_search('username', $fields); unset($fields[$idx]); unset($values[$idx]); break; default: break; } if (!in_array('v_id')) { //print "v_id not found, adding one for localhost<br>\n"; //printf('<pre>%s</pre>', print_r($v_ids, true)); $fields[] = 'v_id'; $values[] = $v_ids['localhost']; } $query = sprintf('INSERT INTO %s (%s) VALUES (%s);', $table, join(', ', $fields), join(', ', $values)); return $query; }
public function authenticate($login, $password) { $query = "\n\t\t\tSELECT *\n\t\t\tFROM\t`user`\n\t\t\tWHERE\t`user_login` = " . $this->_oDbAdapter->quote($login) . "\n\t\t\t\tAND `user_password` = " . $this->_oDbAdapter->quote(sha1($password)) . "\n\t\t"; $mResult = $this->_oDbAdapter->query($query)->fetch(); if ($mResult) { trigger_error('User #' . $mResult->user_id . ' authenticated', E_USER_NOTICE); $this->setIdentity($mResult); return true; } trigger_error('Could not authenticate user `' . $login . '` authenticated', E_USER_NOTICE); return false; }
/** * Экранирует значение * @param string|array $value * @param int $type * @return string */ public function quote($value, $type = \PDO::PARAM_STR) { if (is_array($value)) { foreach ($value as $key => $val) { $value[$key] = $this->db->quote($val, $type); } $quoted_value = implode(', ', $value); } else { $quoted_value = $this->db->quote($value, $type); } return $quoted_value; }
function quote($Param) { $args = func_get_args(); if (count($args) > 1) { foreach ($args as &$arg) { if ($x = $this->DB->quote($arg)) { $arg = $x; } } } else { return $this->DB->quote($args[0]); } }
function news_add($catid, $title, $text) { try { $db = new PDO("sqlite:D:\\OpenServer\\domains\\test.git\\news.db"); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $title = $db->quote($title); $text = $db->quote($text); $time = time(); $sql = "INSERT INTO news(catid,title,text,time) VALUES({$catid},{$title},{$text},{$time})"; $db->exec($sql); } catch (PDOException $e) { echo $e->getMessage(); } $db = null; }
/** * 备份数据库 * @param string|array $table 表名或表名数组,为空时备份所有表 * @return bool */ public function backup($table = null) { $tables = empty($table) ? $this->getTables() : (is_array($table) ? $table : array($table)); $filePre = $this->dataDir . '/' . date('Ymd', time()); $tablesStructure = ''; $i = 0; $dataTemp = array(); $dataHead = ''; $backupData = ''; $file = ''; foreach ($tables as $table) { $tablesStructure .= '------------------------------------------' . PHP_EOL . '-- 表名:' . $table . PHP_EOL . '--------' . PHP_EOL . 'DROP TABLE IF EXISTS ' . $table . ';' . PHP_EOL; $createtable = $this->query('SHOW CREATE TABLE ' . $table)->fetchAll(); $createtable = end($createtable[0]); $createtable = preg_replace('/AUTO_INCREMENT=\\d*/i', 'AUTO_INCREMENT=0', $createtable); $tablesStructure .= $createtable . ';' . PHP_EOL; $data = $this->query('SELECT * FROM ' . $table)->fetchAll(); $dataHead = 'INSERT INTO ' . $table . ' VALUES' . PHP_EOL; foreach ($data as $rowIndex => $row) { foreach ($row as $colKey => $colValue) { $row[$colKey] = $this->db->quote($colValue); } $dataTemp[] = '(' . implode(', ', $row) . ')'; $data[$rowIndex] = ''; if ($i < 200) { $i++; } else { $backupData .= $dataHead . implode(',' . PHP_EOL, $dataTemp) . ';' . PHP_EOL; $dataTemp = array(); $i = 0; } } if (!empty($dataTemp)) { $backupData .= $dataHead . implode(',' . PHP_EOL, $dataTemp) . ';' . PHP_EOL; } $file = $filePre . '/' . $table . $this->dataFix; dir_check(dirname($file)); file_put_contents($file, $backupData, LOCK_EX); $i = 0; $dataTemp = array(); $dataHead = null; $backupData = ''; } $file = $filePre . '/' . $this->structureFile; dir_check(dirname($file)); file_put_contents($file, $tablesStructure, LOCK_EX); return true; }
/** @return string */ public function Quote($string) { if (!$this->connected) { $this->Connect(); } return $this->Conn->quote($string); }
function quote($str, $parameter_type = PDO::PARAM_STR) { if ($str === null) { return 'NULL'; } return parent::quote($str, $parameter_type); }
public function quote($string, $parameterType = null) { if (!$this->pdo) { $this->connect(); } return $this->pdo->quote($string, $parameterType); }
/** * Quotes a value for insertion into a query. * * @param mixed $value * @return string */ function transform($value) { if (strlen($value) == 0) { return 'NULL'; } return $this->pdo->quote($value); }
/** * 用引号引用内容 * * @param mixed $value to quote * @return string */ public function quote($value) { if (!$this->pdo) { $this->connect(); } return $this->pdo->quote($value); }
/** * Allow a value to be escaped * * @param $str * @return string */ function escape($str) { if (!$this->isConnected()) { $this->connect(); } return $this->unquote_outer($this->pdo->quote((string) $str)); }
public function getRecent($tp) { $db = new PDO('mysql:host=localhost;dbname=saddahaq_facebook_apps', 'root', 'vivenfarms'); $tmp = $db->query("SELECT _ID_ id FROM table_free_basics_saddahaq WHERE _Typ_ = " . $db->quote($tp) . " ORDER BY _Tme_ DESC LIMIT 0,42"); $res = $tmp->fetchAll(PDO::FETCH_ASSOC); return $res[0]; }
/** * Prepara valor segun tipo especificado. * * @param mixed $valor Valor a preparar * @param string $tipo Tipo de valor pasado: bol, txt, num, def * @param bool $permiteVacio Define si permite cadena de texto vacio en vez de nulo * * @return string Retorna valor escapado para MySQL */ public function prepararValor($valor, $tipo = 'txt', $permiteVacio = false) { if (is_array($valor)) { if (empty($valor)) { return 'NULL'; } foreach ($valor as $llave => $v) { $valor[$llave] = $this->prepararValor($v, $tipo); } return $valor; } // Retornamos valor boleano según el tipo if ($tipo == 'bol' || $tipo == 'bool') { return $valor ? '1' : '0'; } // Detectamos y retornamos valor nulo if ($valor === null || $valor === false) { return 'NULL'; } if (!$permiteVacio && $valor === '') { return 'NULL'; } // Retornamos valor numerico según el tipo if ($tipo == 'num' || $tipo == 'int') { if ($valor === '') { return 'NULL'; } return strval(floatval($valor)); } // Retornamos valor textual como valor predeterminado return $this->pdo->quote($valor); }
/** * @param string $str * @return string */ public static function esc($str) { if (!_db::connected()) { _db::reconnect(); } return _db::$con->quote($str); }
/** * Helper function to generate the SQL for a given entity field * @param string $name the name of the field to generate SQL for * @param array $spec the entity spec array for the field * @param boolean $alias whether to also generate an "AS" alias for the field - defaults to false * @param string|null $func the function to call against the field (count, avg, sum, max, min) * @param array|null $pivot if there was a pivot for this query, this should be an array of values that uniquely identify this field * @param array|null $pivot_fields if there was a pivot for this query, this should be an array of the specs for the pivoted fields * @return string the SQL string for this field, with an op */ protected function getFieldSQL($name, $spec, $alias = false, $func = null, $pivot = null, $pivot_fields = null) { $sql = $spec['field']; $q = $this->getFieldQuote(); if ($func !== null) { if ($pivot === null) { $sql = strtoupper($func) . '(' . $sql . ')'; if ($alias) { $sql .= ' AS ' . $q . $func . '-' . $name . $q; } } else { $casewhen = array(); foreach ($pivot as $key => $val) { $pivot_field = $pivot_fields[$key]; $casewhen[] = $pivot_field['field'] . '=' . $this->db->quote($val); } $sql = strtoupper($func) . '(CASE WHEN ' . implode(' AND ', $casewhen) . ' THEN ' . $sql . ' ELSE NULL END)'; if ($alias) { $sql .= ' AS ' . $q . implode(',', $pivot) . ' ' . $func . '-' . $name . $q; } } } elseif ($alias) { $sql .= ' AS ' . $name; } return $sql; }
/** * Quote Trusted Value * * The ability to quote values without notices * * @param $value * @return mixed */ public function quoteTrustedValue($value) { if ($this->resource instanceof \PDO) { return $this->resource->quote($value); } return '\'' . addcslashes($value, "\n\r\\'\"") . '\''; }
public function quote($value, $type = null) { if (is_array($value) || is_object($value)) { return "''"; } return parent::quote($value, $type ? $type : $this->_getPdoDataType(gettype($value))); }
/** * Returns the quoted version of the specified value. * * Do not use this function to quote data in a query, use the bound parameters instead. {@see self::query()} * * @param mixed $value The value to quote. * * @return string The quoted value. * * @throws DatabaseException If no database connection is established. */ public function quote($value) { if (empty($this->connection)) { throw new DatabaseException('Connection to the database is not established'); } return $this->connection->quote($value, $this->getParamType($value)); }
public function selectDB($dbname) { if ($this->conn->getAttribute(PDO::ATTR_DRIVER_NAME) == 'mysql') { return $this->conn->exec("use " . PDO::quote($dbname)); } return false; }
/** * Escapes SQL string * * @param string $string * @return string */ public function escapeString($string) { $quotedString = $this->connection->quote($string); // real_escape_string( $string ); return mb_substr($quotedString, 1, mb_strlen($quotedString) - 2); //dirty hack to delete quotes }
/** * Executes the generated query. * @return boolean Was query successfull or not. */ public function execute() { $this->queryStr = $this->buildQuery(); // Connect and execute $this->connect(); if ($this->prepared && $this->tokenCount > 0) { // Prepare tokenised values. $this->sth = $this->dbh->prepare($this->queryStr); foreach ($this->tokens as $token) { $this->sth->bindParam($token['token'], $token['value']); } if (!$this->sth->execute()) { $this->reset(); return false; } } else { foreach ($this->tokens as $token) { $this->queryStr = str_replace($token['token'], $this->dbh->quote($token['value']), $this->queryStr); } $this->sth = $this->dbh->query($this->queryStr); if ($this->sth === false) { $this->reset(); return false; } $this->dbh->errorInfo(); } $this->lastQuery = $this->queryStr; $this->reset(); return true; }
/** * @param string $string * @return string */ public function quoteString($string) { if (!$this->_dbHandler) { $this->connect(); } return $this->_dbHandler->quote($string); }
/** * Quote Trusted Value * * The ability to quote values without notices * * @param $value * @return mixed */ public function quoteTrustedValue($value) { if ($this->resource instanceof \PDO) { return $this->resource->quote($value); } return '\'' . str_replace('\'', '\'\'', $value) . '\''; }
private function buildInsertQuery($tablename, array $fields) { $columns = $values = array(); foreach ($fields as $field => $value) { $columns[] = $field; $values[] = $this->db->quote($value); } $columns = implode(',', $columns); $values = implode(',', $values); return "INSERT INTO {$tablename} ({$columns}) VALUES ({$values})"; }
/** * Write a message to the log * * @param array $messages * @throws \RuntimeException */ public function write(array $messages) { $stmt = $this->dbh->prepare("INSERT INTO " . $this->dbh->quote($this->tableName) . " (level, level_name, message, creation_time)" . " VALUES (:level, :level_name, :message, :creation_time)"); foreach ($messages as $record) { list($datetime, $level, $levelCode, $message) = $record; $stmt->bindParam(':creation_time', $datetime->getTimestamp(), \PDO::PARAM_INT); $stmt->bindParam(':level', $levelCode, \PDO::PARAM_INT); $stmt->bindParam(':level_name', $level, \PDO::PARAM_STR); $stmt->bindParam(':message', $message, \PDO::PARAM_STR); $stmt->execute(); } }