コード例 #1
0
function process_image()
{
    global $target_path;
    global $clickFlag;
    global $con;
    global $dUsername;
    global $dFullname;
    $clickFlag = "You did not upload any file";
    if (isset($_FILES["passport"]["name"])) {
        $file_name = $_FILES["passport"]["name"];
        if ($_FILES["passport"]["error"] > 0) {
            echo "Error in the following file " . $file_name . ":" . $_FILES["passport"]["error"] . "<br />";
        } elseif ($_FILES["passport"]["error"] <= 0) {
            $temp_name = $_FILES["passport"]["tmp_name"];
            $imgtype = $_FILES["passport"]["type"];
            $ext = getImageExtension($imgtype);
            $imgname = $dFullname . $ext;
            $target_path = "upload/" . $imgname;
            $insert_picture = "UPDATE user_profile SET Passport = '" . mysqli_escape_string($con, $target_path) . "' WHERE Username = '******'";
            if (!mysqli_query($con, $insert_picture)) {
                echo mysqli_error($con);
            }
            if (move_uploaded_file($temp_name, $target_path)) {
                return true;
            }
        } else {
            return false;
        }
    } else {
        global $NoFileError;
        $NoFileError = "You did not upload any file";
    }
}
コード例 #2
0
function save_kmeans_data($result_kmeans, $user)
{
    $insert = null;
    $link = (require 'MySQL/ConnectionDB.php');
    mysqli_query($link, "DELETE FROM Kmeans_Data WHERE user_id = {$user}");
    $query = "INSERT INTO Kmeans_Data (user_id, centroid, ctg_id, number_likes) VALUES";
    foreach ($result_kmeans as $ctg => $category) {
        foreach ($category as $cnt => $value) {
            foreach ($value as $key => $num) {
                $insert .= "('" . mysqli_escape_string($link, $user) . "', " . "'" . mysqli_escape_string($link, $cnt) . "', " . "'" . mysqli_escape_string($link, $num[0]) . "', " . "'" . mysqli_escape_string($link, $num[1]) . "'),";
            }
        }
    }
    if ($insert != "") {
        $insert = substr($insert, 0, strlen($insert) - 1);
        $insert .= ";";
    }
    $query .= $insert;
    if ($insert) {
        $entry = mysqli_query($link, $query);
        if (!$entry) {
            die('Could not entered data k-means' . mysql_error());
        }
    }
    mysqli_close($link);
}
コード例 #3
0
ファイル: mainController.php プロジェクト: alexBLR/firmware
 public function loginAction($twig, $params)
 {
     if (is_authorized()) {
         header("Location: /");
     } else {
         if (empty($_POST['confirm'])) {
             $_POST['confirm'] = 0;
         }
         if ($_POST['confirm'] == 1) {
             if (!empty($_POST['login'])) {
                 $login = mysqli_escape_string($this->dbConnect, $_POST['login']);
                 $password = md5($_POST['password']);
                 $query = mysqli_query($this->dbConnect, "select id, login, smena from users where login = '******' and passwd = '{$password}'");
                 if (mysqli_num_rows($query) > 0) {
                     $result = mysqli_fetch_assoc($query);
                     $_SESSION['user_id'] = $result['id'];
                     $_SESSION['user_fio'] = $result['login'];
                     $_SESSION['user_smena'] = $result['smena'];
                     header("Location: /");
                 } else {
                     echo $twig->render('login.html.twig', array('error' => 'Bad credentials'));
                 }
             } else {
                 echo $twig->render('login.html.twig', array('error' => 'Login is empty'));
             }
         } else {
             echo $twig->render('login.html.twig');
         }
     }
 }
コード例 #4
0
function check_game($dbc, $Game = '')
{
    $errors = array();
    //Game Name validation, Gamename cannot be left empty, and must be between 4 and 40 characters in length
    if (empty($Game)) {
        $errors[] = "The game name field is empty.</br>";
    } else {
        if (strlen($Game) > 40) {
            $errors[] = "The game name is too long, it must be between 3 and 40 characters in length. If longer than 40 characters, please either abbreviate or use an acronym.</br>";
        } else {
            if (strlen($Game) < 3) {
                $errors[] = "The game is too short, it must be between 3 and 40 characters in length.</br>";
            } else {
                $G = mysqli_escape_string($dbc, trim($Game));
            }
        }
    }
    if (empty($errors)) {
        $qGame = "INSERT INTO game (GameName) VALUES ('{$G}')";
        $result = mysqli_query($dbc, $qGame);
        if ($result) {
            $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
            return array(true, $row);
        } else {
            $errors[] = "Insertion of the game could not complete, please try again.</br>";
        }
    }
    return array(false, $errors);
}
function check_publisher($dbc, $Publisher = '')
{
    $errors = array();
    //publisher validation, the publisher cannot be left empty, and must be between 4 and 40 characters in length
    if (empty($Publisher)) {
        $errors[] = "The Publisher Field is Empty.</br>";
    } else {
        if (strlen($Publisher) > 40) {
            $errors[] = "The Publishers name is too long, it must be between 3 and 40 characters in length. If longer than 40 characters, please either abbreviate or use an acronym.</br>";
        } else {
            if (strlen($Publisher) < 3) {
                $errors[] = "The Publisher is too short, it must be between 3 and 40 characters in length.</br>";
            } else {
                $U = mysqli_escape_string($dbc, trim($Publisher));
            }
        }
    }
    if (empty($errors)) {
        $qPub = "INSERT INTO publisher (Publisher) VALUES ('{$U}')";
        $result = mysqli_query($dbc, $qPub);
        if ($result) {
            $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
            return array(true, $row);
        } else {
            $errors[] = "Insertion of the publisher could not complete, please try again.</br>";
        }
    }
    return array(false, $errors);
}
コード例 #6
0
ファイル: groupController.php プロジェクト: alexBLR/firmware
 public function addGroupAction($twig, $params)
 {
     if ($this->getRole() == 1 or $this->getRole() == 2 or $this->getRole() == 3) {
         $name = mysqli_escape_string($this->dbConnect, $_POST['name']);
         if (!empty($name)) {
             $field = '';
             if ($this->getRole() == 2 or $this->getRole() == 3) {
                 $field = ", parrent = {$this->user}";
             }
             $query = mysqli_query($this->dbConnect, "insert into groups set name = '{$name}' {$field}");
             $rezz = mysqli_query($this->dbConnect, "SELECT last_insert_id()");
             $lastId = mysqli_fetch_row($rezz);
             foreach ($_POST['fid'] as $key => $val) {
                 if (empty($_POST['enabled'][$val])) {
                     $enabl = 1;
                 } else {
                     $enabl = 0;
                 }
                 $query = mysqli_query($this->dbConnect, "insert into prices set fid = '{$val}', parrent_group = '{$lastId[0]}', price = '{$_POST['price'][$val]}', enabled = '{$enabl}'");
             }
             if ($query) {
                 header("Location: /groups/");
             }
         } else {
             header("Location: /groups/");
         }
     }
 }
コード例 #7
0
 public function BuildQuery()
 {
     $csvfile = str_replace('\\', '/', tempnam(sys_get_temp_dir(), "mys") . ".csv");
     $fp = fopen($csvfile, "w");
     $value = '';
     // Collect rows and build csv file contents
     $index = 0;
     foreach ($this->Rows as $row) {
         $first_field = true;
         $index++;
         foreach ($this->FieldNames as $field_name) {
             if (!$first_field) {
                 $value .= ';';
             } else {
                 $first_field = false;
             }
             // Check that the current field name has been specified for this row
             if (isset($row['columns'][$field_name])) {
                 $value .= '"' . mysqli_escape_string($this->Database, $row['columns'][$field_name]) . '"';
             } else {
                 throw new RuntimeException("DbBufferedLoadFile : row #{$index} missing column '{$field_name}'.");
             }
         }
         $value .= "\n";
     }
     fwrite($fp, $value);
     fclose($fp);
     // Build the query
     $query = "\r\n\t\t\t\t\tLOAD DATA LOCAL INFILE '{$csvfile}'\r\n\t\t\t\t\tINTO TABLE {$this->TableName}\r\n\t\t\t\t\tFIELDS TERMINATED BY ';' \r\n\t\t\t\t\t\tOPTIONALLY ENCLOSED BY '\"'\r\n\t\t\t\t\t\tESCAPED BY '\"'\r\n\t\t\t\t\tLINES  TERMINATED BY '\\n'\r\n\t\t\t\t    ";
     $query .= '(' . implode(',', $this->FieldNames) . ')';
     // Remember the generated csv file for later cleaning
     $this->CsvFile = $csvfile;
     return $query;
 }
コード例 #8
0
 public function insertignore($rows)
 {
     foreach ($rows as $key => $value) {
         $f .= '`' . $key . '`, ';
         $v .= "'" . mysqli_escape_string($this->_database, $value) . "', ";
     }
     return 'insert ignore into ' . $this->table_send . ' (' . rtrim($f, ', ') . ') values (' . rtrim($v, ', ') . ')';
 }
コード例 #9
0
 public function __construct($table_name, $comment = '', $database = null, $recreate = false)
 {
     global $Database;
     $this->Name = $table_name;
     $this->Database = $database ? $database : $Database;
     $this->Comment = mysqli_escape_string($this->Database, $comment);
     $this->EnsureExists($recreate);
 }
コード例 #10
0
ファイル: Motor.php プロジェクト: schpill/standalone
 public function set($k, $v)
 {
     $k = $this->table . '.' . $k;
     $this->del($k);
     $query = "REPLACE INTO infosdb SET data_key = '{$k}', data_value = '" . mysqli_escape_string($this->db, serialize($v)) . "'";
     $result = mysqli_query($this->db, $query);
     return $this;
 }
コード例 #11
0
ファイル: DBMysqli.class.php プロジェクト: rhymix/rhymix
 /**
  * Handles quatation of the string variables from the query
  * @param string $string
  * @return string
  */
 function addQuotes($string)
 {
     if (!is_numeric($string)) {
         $connection = $this->_getConnection('master');
         $string = mysqli_escape_string($connection, $string);
     }
     return $string;
 }
コード例 #12
0
ファイル: UsuarioDAO.php プロジェクト: RobHawk90/LojaPHP
function login($connection, $email, $senha)
{
    $email = mysqli_escape_string($connection, $email);
    $senhaMd5 = md5($senha);
    $query = "SELECT * FROM Usuario WHERE email = '{$email}' AND senha = '{$senhaMd5}'";
    $result = mysqli_query($connection, $query);
    return mysqli_fetch_assoc($result);
}
コード例 #13
0
ファイル: UserDAL.php プロジェクト: ao222qc/IDV608_2
 public function getUserData($username)
 {
     $username = mysqli_escape_string($this->conn, $username);
     $query = "SELECT Username,Password FROM member WHERE Username = '******'";
     $result = $this->conn->query($query);
     $row = $result->fetch_array(MYSQLI_ASSOC);
     return isset($row) ? array("username" => $row['Username'], "password" => $row['Password']) : null;
 }
コード例 #14
0
function buscaUsuario($conexao, $email, $senha)
{
    $senhamd5 = md5($senha);
    $email = mysqli_escape_string($conexao, $email);
    $query = "select * from usuarios where email='{$email}' and senha='{$senhamd5}'";
    $resultado = mysqli_query($conexao, $query);
    return mysqli_fetch_assoc($resultado);
}
コード例 #15
0
ファイル: Db.php プロジェクト: jbeyer1984/ownFramework
 public function executeWithArgs($sql, $vars)
 {
     foreach ($vars as $identifier => $value) {
         //      Components::getInstance()->get('logger')->log('$identifier', $identifier);
         $sql = str_replace(':' . $identifier, mysqli_escape_string($this->connection, $value), $sql);
     }
     //    Components::getInstance()->get('logger')->log('$sql', $sql);
     $this->executeNoArgs($sql);
 }
コード例 #16
0
function insereProduto($conexao, $nome, $preco, $descricao, $categoria_id, $usado)
{
    $nome = mysqli_escape_string($conexao, $nome);
    $preco = mysqli_escape_string($conexao, $preco);
    $descricao = mysqli_escape_string($conexao, $descricao);
    $query = "INSERT INTO produtos (nome, preco, descricao, categoria_id, usado) values ('{$nome}','{$preco}', '{$descricao}', '{$categoria_id}','{$usado}')";
    $resultadoDaInsercao = mysqli_query($conexao, $query);
    return $resultadoDaInsercao;
}
コード例 #17
0
ファイル: Driver.php プロジェクト: xiaoguizhidao/extensiongsd
 public function quote($string)
 {
     if (function_exists('mysqli_real_escape_string')) {
         $string = mysqli_real_escape_string($this->getLink(), $string);
     } elseif (function_exists('mysqli_escape_string')) {
         $string = mysqli_escape_string($string);
     }
     return '"' . addslashes($string) . '"';
 }
コード例 #18
0
ファイル: mysqli.php プロジェクト: Jireck-npds/npds_dune
function SQL_escape_string($arr)
{
    // pas bonnnnn car ne sert à rien !
    if (function_exists("mysqli_real_escape_string")) {
        @mysqli_real_escape_string($arr);
    } elseif (function_exists("mysqli_escape_string")) {
        @mysqli_escape_string($arr);
    }
    return $arr;
}
コード例 #19
0
 function escape($string)
 {
     return addslashes($string);
     // Disable rest for now, causing problems
     if (!$this->dbh || version_compare(phpversion(), '4.3.0') == '-1') {
         return mysqli_escape_string($string);
     } else {
         return mysqli_real_escape_string($string, $this->dbh);
     }
 }
コード例 #20
0
ファイル: db_mysqli.php プロジェクト: WHTGo/EXP-Training
 public function db_update($table, $where, $data = array())
 {
     $sql_tmp = '';
     foreach ($data as $key => $val) {
         $sql_tmp .= $key . '=' . '\'' . mysqli_escape_string($conn, $val) . '\',';
     }
     $sql = 'UPDATE ' . $table . ' SET ' . trim($sql_tmp, ',') . '  WHERE  ' . $where;
     $result = $this->Get_query($sql);
     return $result;
 }
コード例 #21
0
ファイル: mysqli.php プロジェクト: npds/npds_dune
function SQL_escape_string($arr)
{
    // pas bonnnnn car ne sert à rien ! de plus la fonction DOIT avoir deux arguments !!
    if (function_exists("mysqli_real_escape_string")) {
        @mysqli_real_escape_string($arr);
    } elseif (function_exists("mysqli_escape_string")) {
        @mysqli_escape_string($arr);
    }
    return $arr;
}
コード例 #22
0
 public function escape($sql)
 {
     if (function_exists('mysqli_real_escape_string')) {
         return mysqli_real_escape_string($this->connection, $sql);
     } elseif (function_exists('mysqli_escape_string')) {
         return mysqli_escape_string($this->connection, $sql);
     } else {
         return addslashes($sql);
     }
 }
コード例 #23
0
ファイル: functions.php プロジェクト: jask0/hh_gbook
function escape_data($data, $c = NULL)
{
    if (function_exists('mysqli_real_escape_string')) {
        $data = mysqli_real_escape_string($c, trim($data));
        $data = strip_tags($data);
    } else {
        $data = mysqli_escape_string(trim($data));
        $data = strip_tags($data);
    }
    return $data;
}
コード例 #24
0
ファイル: DBMysqli.class.php プロジェクト: perzona420/xe-core
 /**
  * Handles quatation of the string variables from the query
  * @param string $string
  * @return string
  */
 function addQuotes($string)
 {
     if (version_compare(PHP_VERSION, "5.4.0", "<") && get_magic_quotes_gpc()) {
         $string = stripslashes(str_replace("\\", "\\\\", $string));
     }
     if (!is_numeric($string)) {
         $connection = $this->_getConnection('master');
         $string = mysqli_escape_string($connection, $string);
     }
     return $string;
 }
コード例 #25
0
 public static function addContact($formData)
 {
     $link = UserUtility::getDefaultConnection();
     $name = mysqli_escape_string($link, $formData['myname']);
     $email_address = mysqli_escape_string($link, $formData['myemail']);
     $subject = mysqli_escape_string($link, $formData['subject']);
     $comment = mysqli_escape_string($link, $formData['mycomments']);
     $query = "insert into contact set name = '{$name}'," . " email='{$email_address}'," . " subject='{$subject}'," . " comment='{$comment}'";
     $ok = mysqli_query($link, $query);
     return $ok;
 }
コード例 #26
0
 function getAllAlbums($connection)
 {
     $user = $_SESSION['user'];
     $sql = "select a.id, a.key, a.stickercount, au.iduser from album a left outer join albumuser au on a.id=au.idalbum and au.iduser="******" order by iduser asc";
     $sql_result = mysqli_query($connection, $sql) or exit("Sql Error" . mysqli_error($connection));
     $albumInfos = array();
     while ($sql_row = mysqli_fetch_array($sql_result)) {
         $albumInfos[] = array('albumId' => $sql_row[0], 'albumKey' => $sql_row[1], 'albumStickerCount' => $sql_row[2], 'userid' => $sql_row[3]);
     }
     return $albumInfos;
 }
コード例 #27
0
function escape_data($data)
{
    if (function_exists('mysqli_real_escape_string')) {
        global $dbc;
        $data = mysqli_real_escape_string($dbc, trim($data));
        $data = strip_tags($data);
    } else {
        $data = mysqli_escape_string($trim($data));
        $data = strip_tags($data);
    }
    return $data;
}
コード例 #28
0
ファイル: noteQuery.php プロジェクト: esironal/SimpleNote
function insertNote($conn)
{
    if (isset($_POST["note"]) and $_POST["note"] != "") {
        $note = mysqli_escape_string($conn, $_POST["note"]);
        $noteNoQuery = mysqli_query($conn, "SELECT MAX(noteNo) FROM notes;");
        // note number is maximum note number plus one
        $noteNoResult = mysqli_fetch_row($noteNoQuery);
        $noteNo = $noteNoResult[0] + 1;
        //echo "<p> {$noteNo} </p>" ;
        $insertQuery = "INSERT INTO notes VALUES(\n                                        '{$note}',\n                                        '{$noteNo}'\n                                        ); ";
        $insertData = mysqli_query($conn, $insertQuery);
    }
}
コード例 #29
0
ファイル: login.php プロジェクト: robmayhew/escargot
function set_login_cookie($id)
{
    $plain = $id . "" . microtime();
    $token = crypt($plain, ESCARGOT_SALT);
    $safe_id = mysqli_escape_string(db(), $id);
    $safe_token = mysqli_escape_string(db(), $token);
    $sql = <<<RGDM
insert into login_cookie (user_id, token) values ({$safe_id}, '{$safe_token}');
RGDM;
    $rs = mysqli_query(db(), $sql);
    diesql($rs, $sql);
    setcookie("LoginCookie", $token, time() + 10 * 365 * 24 * 60 * 60);
}
コード例 #30
0
ファイル: noteQuery.php プロジェクト: Nixes/SimpleNote
function updateNote($conn, $noteNo)
{
    if (isset($_POST["note"]) and $_POST["note"] != "" and (isset($_POST["noteNo"]) and $_POST["noteNo"] != "" and ctype_digit($_POST["noteNo"]))) {
        $noteNo = $_POST["noteNo"];
        $note = mysqli_escape_string($conn, $_POST["note"]);
        if ($noteQuery = mysqli_query($conn, "UPDATE `notes` SET note='{$note}' WHERE noteNo={$noteNo}")) {
            echo "ok";
        } else {
            echo "failed - updating";
        }
    } else {
        echo "failed - validation";
    }
}