PHP mysqli_prepの例

コード例 #1

ファイル: form_functions.php プロジェクト: ahmed-fathy-aly/Library-App

function check_max_field_lengths($field_length_array)
{
    $field_errors = array();
    foreach ($field_length_array as $fieldname => $maxlength) {
        if (strlen(trim(mysqli_prep($_POST[$fieldname]))) > $maxlength) {
            $field_errors[] = $fieldname;
        }
    }
    return $field_errors;
}

コード例 #2

ファイル: edit_user.php プロジェクト: noican/CMS_Sample

require_once "../../includes/validations_functions.php";
include "../../includes/layouts/page_header.php";
logged_in();
if (isset($_GET["userid"])) {
    $current_user = find_user_by_id($_GET["userid"]);
} else {
    $current_user = null;
}
if (!$current_user["id"]) {
    redirect_to("manage_users.php");
}
?>

<?php 
if (isset($_POST['submit'])) {
    $username = mysqli_prep($_POST["username"]);
    $password = password_encrypt($_POST["password"]);
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $field_with_max_lengths = array("username" => 60);
    validate_max_lengths($field_with_max_lengths);
    if (empty($errors)) {
        $id = $current_user["id"];
        $update_query = "UPDATE users SET ";
        $update_query .= "username = '******', ";
        $update_query .= "hashed_password = '******' ";
        $update_query .= "WHERE id = {$id} ";
        $update_query .= "LIMIT 1";
        $result = mysqli_query($connection, $update_query);
        if ($result && mysqli_affected_rows($connection) == 1) {
            $_SESSION["message"] = "User edit success.";

コード例 #3

ファイル: Add_book.php プロジェクト: ahmed-fathy-aly/Library-App

$message1 = "";
$message2 = "";
if (isset($_POST['submit'])) {
    $errors = array();
    $required_fields = array('isbn', 'title', 'author', 'img_url', 'isn');
    foreach ($required_fields as $fieldname) {
        if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
            $errors[] = $fieldname;
        }
    }
    if (empty($errors)) {
        $bisbn = mysqli_prep($_POST['isbn']);
        $btitle = mysqli_prep($_POST['title']);
        $bauthor = mysqli_prep($_POST['author']);
        $bimg = mysqli_prep($_POST['img_url']);
        $bisn = mysqli_prep($_POST['isn']);
        $query1 = "INSERT INTO book (`ISBN`, `title`, `author`,`img_url`) ";
        $query1 .= "SELECT * FROM (SELECT '{$bisbn}', '{$btitle}', '{$bauthor}','{$bimg}') as tmp ";
        $query1 .= "WHERE NOT EXISTS ( SELECT `ISBN` FROM book WHERE `ISBN` = '{$bisbn}') LIMIT 1 ";
        $result1 = $connection->query($query1);
        if ($result1) {
            $query2 = "INSERT INTO book_copy (`book_isbn`, `isn`, `is_available`) VALUES ('{$bisbn}', '{$bisn}', '1')";
            $result2 = $connection->query($query2);
        }
        if ($result2 && $result1) {
            $message2 = "Book Added Successfully";
        } else {
            $message2 = "Error Adding Book " . $connection->error;
        }
    } else {
        // Errors occurred

コード例 #4

ファイル: index.php プロジェクト: ahmed-fathy-aly/Library-App

require_once "includes/session.php";
require_once "includes/connection.php";
require_once "includes/functions.php";
if (logged_in()) {
    if (isset($_GET['admin']) && $_GET['admin'] == '0') {
        $message2 = "Login as administrator or click here to go to reader's page";
    } else {
        redirect_to("home.php");
    }
}
include_once "includes/form_functions.php";
// START FORM PROCESSING
if (isset($_SESSION['temp_email']) || isset($_SESSION['temp_password'])) {
    // Form has been submitted.
    $email = trim(mysqli_prep($_SESSION['temp_email']));
    $password = trim(mysqli_prep($_SESSION['temp_password']));
    $hashed_password = sha1($password);
    // Check database to see if email and the hashed password exist there.
    $query = "SELECT user.id,name,mail,is_admin,image_url,profstud_flag  ";
    $query .= "FROM user LEFT JOIN reader ON reader.id = user.id ";
    $query .= "WHERE mail = '{$email}' ";
    $query .= "AND hashed_password = '******' ";
    $query .= "LIMIT 1";
    $result_set = $connection->query($query);
    if ($result_set->num_rows == 1) {
        // email/password authenticated
        // and only 1 match
        $found_user = mysqli_fetch_array($result_set, MYSQLI_ASSOC);
        $_SESSION['id'] = $found_user['id'];
        $_SESSION['mail'] = $found_user['mail'];
        $_SESSION['name'] = $found_user['name'];

コード例 #5

ファイル: edit_subject.php プロジェクト: noican/CMS_Sample

require_once "../../includes/sessions.php";
require_once "../../includes/db_connect.php";
require_once "../../includes/functions.php";
require_once "../../includes/validations_functions.php";
logged_in();
find_selected_page();
if (!$current_subject) {
    redirect_to("manage_content.php");
}
include "../../includes/layouts/page_header.php";
?>


<?php 
if (isset($_POST['submit'])) {
    $menu_name = mysqli_prep($_POST["menu_name"]);
    $position = (int) $_POST["position"];
    $visible = (int) $_POST["visible"];
    $required_fields = array("menu_name", "position", "visible");
    validate_presences($required_fields);
    $field_with_max_lengths = array("menu_name" => 60);
    validate_max_lengths($field_with_max_lengths);
    if (empty($errors)) {
        $id = $current_subject["id"];
        $update_query = "UPDATE subjects SET ";
        $update_query .= "subject_name = '{$menu_name}', ";
        $update_query .= "position = '{$position}', ";
        $update_query .= "visible = '{$visible}' ";
        $update_query .= "WHERE id = {$id} ";
        $update_query .= "LIMIT 1";
        $result = mysqli_query($connection, $update_query);

コード例 #6

ファイル: add_user.php プロジェクト: ahmed-fathy-aly/Library-App

         $errors[] = $fieldname;
     }
 }
 if (empty($errors)) {
     $adduser_name = mysqli_prep($_POST['user_name']);
     $adduser_id = "";
     $adduser_email = mysqli_prep($_POST['email']);
     if (isset($_POST['code']) && !empty($_POST['code'])) {
         $adduser_code = $_POST['code'];
     }
     if (isset($_POST['limit']) && !empty($_POST['limit'])) {
         $adduser_limit = $_POST['limit'];
     }
     $adduser_pswd = $_POST['password'];
     $adduser_img = $_POST['img_url'];
     $adduser_type = mysqli_prep($_POST['user_type']);
     if ($adduser_type == "Administrator") {
         $query = "INSERT INTO `user` (`id`, `name`, `hashed_password`, `mail`, `is_admin`, `token`, `image_url`) VALUES (NULL, '{$adduser_name}', SHA1('{$adduser_pswd}'), '{$adduser_email}', '1',NULL, '{$adduser_img}')";
         $result = $connection->query($query);
         if ($result) {
             $query_id = "SELECT LAST_INSERT_ID()";
             $result_id = $connection->query($query_id);
             $found_id = mysqli_fetch_array($result_id, MYSQLI_ASSOC);
             $adduser_id = $found_id['LAST_INSERT_ID()'];
             $query1 = "INSERT INTO `admin` (`id`, `joindate`) VALUES ('{$adduser_id}', now())";
             $result1 = $connection->query($query1);
             if ($result1) {
                 $message = "Administrator Added Successfully with ID = " . $adduser_id;
             } else {
                 $message = "Error Adding Administrator";
             }

コード例 #7

ファイル: edit_page.php プロジェクト: vpandichi/wcorp

require_once "../includes/validation_functions.php";
find_selected_page();
if (!$current_page) {
    redirect_to("manage_content.php");
}
?>

<!-- Form processing -->
<?php 
if (isset($_POST['submit'])) {
    // Process the form
    $id = $current_page["id"];
    $menu_name = mysqli_prep($_POST["menu_name"]);
    $position = (int) $_POST["position"];
    $visible = (int) $_POST["visible"];
    $content = mysqli_prep($_POST["content"]);
    // Escape all strings
    $menu_name = mysqli_real_escape_string($connection, $menu_name);
    // Validations
    $required_fields = array("menu_name", "position", "visible", "content");
    validate_presences($required_fields);
    $fields_with_max_lengths = array("menu_name" => 30);
    validate_max_lengths($fields_with_max_lengths);
    // print_r($errors);
    if (empty($errors)) {
        // Perform DB query
        $query = "UPDATE pages\n\t\t\t\t\t  SET menu_name = '{$menu_name}', \n\t\t\t\t\t      position = {$position}, \n\t\t\t\t\t      visible = {$visible},\n\t\t\t\t\t      content = '{$content}'\n\t\t\t\t\t  WHERE id = {$id}\n\t\t\t\t\t  LIMIT 1";
        $result = mysqli_query($connection, $query);
        if ($result && mysqli_affected_rows($connection) == 1) {
            $_SESSION["message"] = "Editted successfully!";
            redirect_to("manage_content.php");