public function get_fenye($FenYe_class)
{
$sql1 = "select * from emp limit " . ($FenYe_class->page_now - 1) * $FenYe_class->page_display_row . "," . $FenYe_class->page_display_row;
$sql2 = "select count(id) from emp";
$sqlHelper = new sqlHelper();
$sqlHelper->fenye_dql($sql1, $sql2, $FenYe_class);
}
function update_mes($sender, $getter)
{
$sqlHelper = new sqlHelper();
$sql = "update message set mes_received = 1 where sender= '{$getter}' and getter = '{$sender}'";
$res = $sqlHelper->execute_dml($sql);
return $res;
}
function checkuser($user, $pw)
{
$sqlHelper = new sqlHelper();
$sql = "select name from member where name='" . $user . "'";
$sql1 = "select password from member where name='" . $user . "'";
$res = $sqlHelper->execute_dql($sql);
$num = mysql_num_rows($res);
if ($num == 0) {
return 2;
} else {
$row = mysql_fetch_row($res);
if ($row[0] == $user) {
$res2 = $sqlHelper->execute_dql($sql1);
if ($row = mysql_fetch_row($res2)) {
if ($row[0] == md5($pw)) {
return 1;
} else {
return 0;
}
}
} else {
return 2;
}
}
}
function get_fenye($fenye_class)
{
$sql1 = "select * from upload limit " . ($fenye_class->page_now - 1) * $fenye_class->page_display_row . "," . $fenye_class->page_display_row;
$sql2 = "select count(id) from upload";
$sqlhelpter = new sqlHelper();
$sqlhelpter->fenye($sql1, $sql2, $fenye_class);
}
function get_country($id)
{
$sqlhelper = new sqlHelper();
$sql = "select * from country where c_id=" . $id;
$arr = $sqlhelper->execute_dql2($sql);
//file_put_contents("d:/mylog.txt",print_r($arr),FILE_APPEND);
return $arr;
}
public function get_data_from_emp($page_now, $page_display_row)
{
$sql = "select * from emp limit " . ($page_now - 1) * $page_display_row . "," . $page_display_row;
$sqlHelper = new sqlHelper();
$res = $sqlHelper->execute_dql2($sql);
$sqlHelper->close_connect();
return $res;
}
function getEmpListByPage($pageNow, $pageSize){
$sql="select * from empmanage limit ".$pageSize.' offset '.($pageNow-1)*$pageSize;
$sqlHelper=new sqlHelper();
$res=$sqlHelper->execute_dql2($sql);
//mysql_free_result($res);
$sqlHelper->close_connect();
//print_r($res);
return $res;
}
function getMember($user)
{
$sqlHelper = new sqlHelper();
$sql = "select name from member where name != '" . $user . "'";
$res = $sqlHelper->execute_dql($sql);
$arr = array();
while ($row = mysql_fetch_assoc($res)) {
$arr[] = $row;
}
return $arr;
}
public function checkAdmin($id, $password)
{
$sql = "select password,name from admin where id=" . $id;
$sqlHelper = new sqlHelper();
$res = $sqlHelper->execute_dql($sql);
while ($row = mysql_fetch_assoc($res)) {
if ($row['password'] == md5($password)) {
return true;
}
}
mysql_free_result($res);
$sqlHelper->close_connect();
return false;
}
function getMessage($sender, $receiver)
{
$sql = "select * from message where sender='{$sender}' and receiver='{$receiver}' and isGet=0";
//file_put_contents("F:/GitHub/Ajax-Practice/mylog4.log",$sql."\r\n",FILE_APPEND);
$sqlHelper = new sqlHelper();
$array = $sqlHelper->execute_dql2($sql);
//file_put_contents("F:/GitHub/Ajax-Practice/mylog4.log",$array."\r\n",FILE_APPEND);
$messageInfo = "<meses>";
for ($i = 0; $i < count($array); $i++) {
$row = $array[$i];
$messageInfo .= "<mesid>{$row['id']}</mesid><sender>{$row['sender']}</sender><receiver>{$row['receiver']}</receiver><content>{$row['content']}</content><sendTime>{$row['sendTime']}</sendTime>";
}
$messageInfo .= "</meses>";
file_put_contents("F:/GitHub/Ajax-Practice/mylog4.log", $messageInfo . "\r\n", FILE_APPEND);
return $messageInfo;
$sqlHelper->close_connect();
}
public function checkAdmin($id, $password)
{
$sql = "select password,name from admin where id=" . $id;
$sqlHelper = new sqlHelper();
$res = $sqlHelper->execute_dql($sql);
if ($res == false) {
header("Location: /empManage/views/user/login.php?error=1");
exit;
}
while ($row = mysql_fetch_assoc($res)) {
if ($row['password'] == md5($password)) {
return true;
}
}
mysql_free_result($res);
$sqlHelper->close_connect();
return false;
}
public static function firstChar(array $data = array(), DocumentParser $modx, $_DocLister, prepare_DL_Extender $_extDocLister)
{
$char = mb_substr($data['pagetitle'], 0, 1, 'UTF-8');
$oldChar = $_extDocLister->getStore('char');
if ($oldChar !== $char) {
$sanitarInIDs = $_DocLister->sanitarIn($_DocLister->getIDs());
$where = sqlHelper::trimLogicalOp($_DocLister->getCFGDef('addWhereList', ''));
$where = sqlHelper::trimLogicalOp(($where ? $where . ' AND ' : '') . $_DocLister->filtersWhere());
$where = sqlHelper::trimLogicalOp(($where ? $where . ' AND ' : '') . "SUBSTRING(c.pagetitle,1,1) = '" . $modx->db->escape($char) . "'");
if ($_DocLister->getCFGDef('idType', 'parents') == 'parents') {
if ($where != '') {
$where .= " AND ";
}
$where = "WHERE {$where} c.parent IN (" . $sanitarInIDs . ")";
if (!$_DocLister->getCFGDef('showNoPublish', 0)) {
$where .= " AND c.deleted=0 AND c.published=1";
}
} else {
if ($sanitarInIDs != "''") {
$where .= ($where ? " AND " : "") . "c.id IN ({$sanitarInIDs}) AND";
}
$where = sqlHelper::trimLogicalOp($where);
if ($_DocLister->getCFGDef('showNoPublish', 0)) {
if ($where != '') {
$where = "WHERE {$where}";
}
} else {
if ($where != '') {
$where = "WHERE {$where} AND ";
} else {
$where = "WHERE {$where} ";
}
$where .= "c.deleted=0 AND c.published=1";
}
}
$q = $_DocLister->dbQuery("SELECT count(c.id) as total FROM " . $_DocLister->getTable('site_content', 'c') . " " . $where);
$total = $modx->db->getValue($q);
$data['OnNewChar'] = $_DocLister->parseChunk($_DocLister->getCFGDef('tplOnNewChar'), compact("char", "total"));
$_extDocLister->setStore('char', $char);
if ($oldChar !== null) {
$data['CharSeparator'] = $_DocLister->parseChunk($_DocLister->getCFGDef('tplCharSeparator'), compact("char", "total"));
}
}
return $data;
}
/**
* Экранирование строки в SQL запросе LIKE
* @see: http://stackoverflow.com/a/3683868/2323306
*
* @param DocumentParser $modx
* @param string $field поле по которому осуществляется поиск
* @param string $value искомое значение
* @param string $escape экранирующий символ
* @param string $tpl шаблон подстановки значения в SQL запрос
* @return string строка для подстановки в SQL запрос
*/
public static function LikeEscape($modx, $field, $value, $escape = '=', $tpl = '%[+value+]%')
{
$str = '';
$escaped = false;
if (!empty($field) && is_string($field) && is_scalar($value) && $value !== '') {
$field = sqlHelper::tildeField($field);
if (is_scalar($escape) && !empty($escape) && !in_array($escape, array("_", "%", "'"))) {
$str = str_replace(array($escape, '_', '%'), array($escape . $escape, $escape . '_', $escape . '%'), $value);
$escaped = true;
}
$str = $modx->db->escape($str);
$str = str_replace('[+value+]', $str, $tpl);
if ($escaped) {
$str = "{$field} LIKE '{$str}' ESCAPE '{$escape}'";
} else {
$str = "{$field} LIKE '{$str}'";
}
}
return $str;
}
<?php require_once '../../conn/conn.php'; require_once '../../conn/sqlHelper.php'; $sqlhelper = new sqlHelper(); $id = $_SESSION["role"]; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> 添加商场</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="author" content="liuxiao@WiiPu -- http://www.wiipu.com" /> <link rel="stylesheet" href="../css/style2.css" type="text/css"/> <link rel="stylesheet" type="text/css" href="../css/jquery.datetimepicker.css"/> <script type="text/javascript" src="../js/jquery-1.6.2.min.js"></script> <script type="text/javascript" src="../js/upload.js"></script> </head> <body> <div class="bgintor"> <div class="tit1"> <ul> <li><a href="#">添加商场</a> </li> </ul> </div> <div class="listintor"> <div class="header1"><img src="../images/square.gif" width="6" height="6" alt="" /> <span>位置:商场管理 -> <strong>添加商场</strong></span> </div> <div class="fromcontent"> <form action="add_mall_do.php" method="post" id="doForm">
/**
* Экранирование строки в SQL запросе LIKE
* @see: http://stackoverflow.com/a/3683868/2323306
*
* @param string $field поле по которому осуществляется поиск
* @param string $value искомое значение
* @param string $escape экранирующий символ
* @param string $tpl шаблон подстановки значения в SQL запрос
* @return string строка для подстановки в SQL запрос
*/
public function LikeEscape($field, $value, $escape = '=', $tpl = '%[+value+]%')
{
return sqlHelper::LikeEscape($this->modx, $field, $value, $escape, $tpl);
}
/**
* @TODO: 3) Формирование ленты в случайном порядке (если отключена пагинация и есть соответствующий запрос)
* @TODO: 5) Добавить фильтрацию по основным параметрам документа
*/
protected function getChildrenList()
{
$where = array();
$out = array();
$tmpWhere = $this->getCFGDef('addWhereList', '');
$tmpWhere = sqlHelper::trimLogicalOp($tmpWhere);
if (!empty($tmpWhere)) {
$where[] = $tmpWhere;
}
$tmpWhere = sqlHelper::trimLogicalOp($this->_filters['where']);
if (!empty($tmpWhere)) {
$where[] = $tmpWhere;
}
$tbl_site_content = $this->getTable('site_content', 'c');
$sort = $this->SortOrderSQL("if(c.pub_date=0,c.createdon,c.pub_date)");
list($from, $sort) = $this->injectSortByTV($tbl_site_content . ' ' . $this->_filters['join'], $sort);
$sanitarInIDs = $this->sanitarIn($this->IDs);
$tmpWhere = null;
if ($sanitarInIDs != "''") {
switch ($this->getCFGDef('showParent', '0')) {
case '-1':
$tmpWhere = "c.parent IN (" . $sanitarInIDs . ")";
break;
case 0:
$tmpWhere = "c.parent IN (" . $sanitarInIDs . ") AND c.id NOT IN(" . $sanitarInIDs . ")";
break;
case 1:
default:
$tmpWhere = "(c.parent IN (" . $sanitarInIDs . ") OR c.id IN({$sanitarInIDs}))";
break;
}
}
if (($addDocs = $this->getCFGDef('documents', '')) != '') {
$addDocs = $this->sanitarIn($this->cleanIDs($addDocs));
if (empty($tmpWhere)) {
$tmpWhere = "c.id IN({$addDocs})";
} else {
$tmpWhere = "((" . $tmpWhere . ") OR c.id IN({$addDocs}))";
}
}
if (!empty($tmpWhere)) {
$where[] = $tmpWhere;
}
if (!$this->getCFGDef('showNoPublish', 0)) {
$where[] = "c.deleted=0 AND c.published=1";
}
if (!empty($where)) {
$where = "WHERE " . implode(" AND ", $where);
} else {
$where = '';
}
$fields = $this->getCFGDef('selectFields', 'c.*');
$group = $this->getGroupSQL($this->getCFGDef('groupBy', 'c.id'));
if ($sanitarInIDs != "''" || $this->getCFGDef('ignoreEmpty', '0')) {
$sql = $this->dbQuery("SELECT {$fields} FROM " . $from . " " . $where . " " . $group . " " . $sort . " " . $this->LimitSQL($this->getCFGDef('queryLimit', 0)));
$rows = $this->modx->db->makeArray($sql);
foreach ($rows as $item) {
$out[$item['id']] = $item;
}
}
return $out;
}
/**
* Конструктор условий для WHERE секции
*
* @param $table_alias алиас таблицы
* @param $field поле для фильтрации
* @param $operator оператор сопоставления
* @param $value искомое значение
* @return string
*/
protected function build_sql_where($table_alias, $field, $operator, $value)
{
$this->DocLister->debug->debug('Build SQL query for filters: ' . $this->DocLister->debug->dumpData(func_get_args()), 'buildQuery', 2);
$output = sqlHelper::tildeField($field, $table_alias);
switch ($operator) {
case '=':
case 'eq':
case 'is':
$output .= " = '" . $this->modx->db->escape($value) . "'";
break;
case '!=':
case 'no':
case 'isnot':
$output .= " != '" . $this->modx->db->escape($value) . "'";
break;
case '>':
case 'gt':
$output .= ' > ' . str_replace(',', '.', floatval($value));
break;
case '<':
case 'lt':
$output .= ' < ' . str_replace(',', '.', floatval($value));
break;
case '<=':
case 'elt':
$output .= ' <= ' . str_replace(',', '.', floatval($value));
break;
case '>=':
case 'egt':
$output .= ' >= ' . str_replace(',', '.', floatval($value));
break;
case '%':
case 'like':
$output = $this->DocLister->LikeEscape($output, $value);
break;
case 'like-r':
$output = $this->DocLister->LikeEscape($output, $value, '=', '[+value+]%');
break;
case 'like-l':
$output = $this->DocLister->LikeEscape($output, $value, '=', '%[+value+]');
break;
case 'regexp':
$output .= " REGEXP '" . $this->modx->db->escape($value) . "'";
break;
case 'against':
/** content:pagetitle,description,content,introtext:against:искомая строка */
if (trim($value) != '') {
$field = explode(",", $this->field);
$field = implode(",", $this->DocLister->renameKeyArr($field, $this->getTableAlias()));
$output = "MATCH ({$field}) AGAINST ('{$this->modx->db->escape($value)}*')";
}
break;
case 'containsOne':
$words = explode($this->DocLister->getCFGDef('filter_delimiter', ','), $value);
$word_arr = array();
foreach ($words as $word) {
/**
* $word оставляю без trim, т.к. мало ли, вдруг важно найти не просто слово, а именно его начало
* Т.е. хочется найти не слово содержащее $word, а начинающееся с $word. Для примера:
* искомый $word = " когда". С trim найдем "...мне некогда..." и "...тут когда-то...";
* Без trim будт обнаружено только "...тут когда-то..."
*/
$word_arr[] = $this->DocLister->LikeEscape($output, $word);
}
if (!empty($word_arr)) {
$output = '(' . implode(' OR ', $word_arr) . ')';
} else {
$output = '';
}
break;
case 'in':
$output .= ' IN(' . $this->DocLister->sanitarIn($value, ',', true) . ')';
break;
case 'notin':
$output .= ' NOT IN(' . $this->DocLister->sanitarIn($value, ',', true) . ')';
break;
default:
$output = '';
}
$this->DocLister->debug->debugEnd("buildQuery");
return $output;
}
public function del_emp_by_id($id)
{
$sqlHelper = new sqlHelper();
$sql = "delete from emp where id=" . $id;
return $sqlHelper->execute_dml($sql);
}
protected function getChildrenList()
{
$where = array();
$out = array();
$tmpWhere = $this->getCFGDef('addWhereList', '');
$tmpWhere = sqlHelper::trimLogicalOp($tmpWhere);
if (!empty($tmpWhere)) {
$where[] = $tmpWhere;
}
$sanitarInIDs = $this->sanitarIn($this->IDs);
$tmpWhere = null;
if ($sanitarInIDs != "''") {
$tmpWhere = "(`{$this->getParentField()}` IN (" . $sanitarInIDs . ")";
switch ($this->getCFGDef('showParent', '0')) {
case -1:
$tmpWhere .= ")";
break;
case 0:
$tmpWhere .= " AND `{$this->getPK()}` NOT IN(" . $sanitarInIDs . "))";
break;
case 1:
default:
$tmpWhere .= " OR `{$this->getPK()}` IN({$sanitarInIDs}))";
break;
}
}
if (($addDocs = $this->getCFGDef('documents', '')) != '') {
$addDocs = $this->sanitarIn($this->cleanIDs($addDocs));
if (empty($tmpWhere)) {
$tmpWhere = $this->getPK() . " IN({$addDocs})";
} else {
$tmpWhere = "((" . $tmpWhere . ") OR {$this->getPK()} IN({$addDocs}))";
}
}
if (!empty($tmpWhere)) {
$where[] = $tmpWhere;
}
if (!empty($where)) {
$where = "WHERE " . implode(" AND ", $where);
} else {
$where = '';
}
$fields = $this->getCFGDef('selectFields', '*');
$group = $this->getGroupSQL($this->getCFGDef('groupBy', "`{$this->getPK()}`"));
if ($sanitarInIDs != "''" || $this->getCFGDef('ignoreEmpty', '0')) {
$sql = $this->dbQuery("SELECT {$fields} FROM " . $this->table . " " . $where . " " . $group . " " . $this->SortOrderSQL($this->getPK()) . " " . $this->LimitSQL($this->getCFGDef('queryLimit', 0)));
$rows = $this->modx->db->makeArray($sql);
foreach ($rows as $item) {
$out[$item[$this->getPK()]] = $item;
}
}
return $out;
}
<?php require_once 'sqlHelper.php'; $sql = "select password,name from admin where id=fff"; $sqlHelper = new sqlHelper(); $res = $sqlHelper->execute_dql($sql); var_dump($res);
$action = "regexp";
$char = "^[{$char}]";
} else {
$char = null;
}
}
}
if (is_null($char)) {
$modx->sendErrorPage();
}
$p =& $modx->event->params;
if (!is_array($p)) {
$p = array();
}
if (!empty($loadfilter)) {
$field = explode(".", $field);
$field = end($field);
if (!empty($p['filters'])) {
$p['filters'] = rtrim(trim($p['filters']), ";") . ";";
}
$p['filters'] = "AND({$loadfilter}:{$field}:{$action}:{$char})";
} else {
$field = sqlHelper::tildeField($field);
if ($action == 'regexp') {
$where = $field . " REGEXP '" . $modx->db->escape($char) . "'";
} else {
$where = sqlHelper::LikeEscape($modx, $field, $char, '=', '[+value+]%');
}
$p['addWhereList'] = empty($p['addWhereList']) ? $where : sqlHelper::trimLogicalOp($p['addWhereList']) . " AND " . $where;
}
return $modx->runSnippet("DocLister", $p);
public function dql_update_emp($id, $name, $grade, $email, $salary)
{
$sql = "update emp set name='{$name}',grade={$grade},email='{$email}',salary={$salary} where id =" . $id;
$sqlHelper = new sqlHelper();
return $sqlHelper->execute_dml($sql);
}
<?php include_once '../../conn/sqlHelper.php'; $sqlhelper = new sqlHelper(); $province_name = $_POST['province_name']; $city_name = $_POST['city_name']; $sql = "select county_name,county_code from county where province_name='" . $province_name . "' and city_name='" . $city_name . "'"; $arr = $sqlhelper->execute_more($sql); $data = json_encode($arr); echo $data;
<?php
require_once '../../conn/conn.php';
require_once '../../conn/sqlHelper.php';
$sqlhelper = new sqlHelper();
$role = $_SESSION["role"];
$mall_id = $_GET["mall_id"];
$select = "select * from mall where id='{$mall_id}'";
$result = mysql_query($select);
$row = mysql_fetch_array($result);
$province = $row["province"];
$city = $row["city"];
$county = $row["county"];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> 商场管理</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="liuxiao@WiiPu -- http://www.wiipu.com" />
<link rel="stylesheet" href="../css/style2.css" type="text/css"/>
<link rel="stylesheet" type="text/css" href="../css/jquery.datetimepicker.css"/>
<script type="text/javascript" src="../js/jquery-1.6.2.min.js"></script>
<script type="text/javascript" src="../js/upload.js"></script>
</head>
<body>
<div class="bgintor">
<div class="tit1">
<ul>
<li><a href="#">商场管理</a> </li>
</ul>