sql_safe PHPのコード例

コード例 #1

0

ファイルを表示

ファイル: mailer.php プロジェクト: carriercomm/shell-2

function mailer_send_newsletter($subject, $message, $type, $scheduled = NULL)
{
    if ($scheduled === NULL || $scheduled == "") {
        $scheduled = 'NULL';
    } else {
        $scheduled = "'" . date("YmdHis", strtotime($scheduled)) . "'";
    }
    $sql = "INSERT INTO newsletter SET subject='" . sql_safe($subject) . "', body='" . sql_safe($message) . "', name='" . sql_safe($type) . "', scheduled={$scheduled}";
    mysql_query($sql);
}

コード例 #2

0

ファイルを表示

ファイル: category.php プロジェクト: Viddeliten/shared_tasks

function category_get($user_id, $category_id = NULL)
{
    $return = array();
    $sql = "SELECT \n\t\ttask_category.id,\n\t\ttask_category.creator,\n\t\tIFNULL(task_category.name,'" . _("Untitled category") . "') as name,\n\t\ttask_category.description,\n\t\ttask_category.assignment_length\n\tFROM task_category \n\tLEFT JOIN task_user_category ON task_user_category.task_category_id=task_category.id\n\tWHERE " . ($category_id !== NULL ? "task_category.id=" . sql_safe($category_id) . " AND " : "") . "\n\t(creator=" . sql_safe($user_id) . "\tOR task_user_category.user_id=" . sql_safe($user_id) . ");";
    if ($cc = mysql_query($sql)) {
        while ($c = mysql_fetch_assoc($cc)) {
            $return[] = $c;
        }
    }
    return $return;
}

コード例 #3

0

ファイルを表示

ファイル: flattr.php プロジェクト: carriercomm/shell-2

function flattr_set_flattr_choice($user_id, $flattr_choice)
{
    // echo "flattr_set_flattr_choice($user_id, $flattr_choice)";
    $current_choices = flattr_get_flattr_choices($user_id);
    $new_choices = serialize($flattr_choice);
    // echo "<pre>current_choices:".print_r($current_choices,1)."</pre>";
    if (strcmp($current_choices, $new_choices)) {
        if (!$current_choices) {
            $sql = "INSERT INTO " . PREFIX . "flattr SET showFlattr=\"" . sql_safe($new_choices) . "\", user_id=" . sql_safe($user_id) . ";";
        } else {
            $sql = "UPDATE " . PREFIX . "flattr SET showFlattr=\"" . sql_safe($new_choices) . "\" WHERE user_id=" . sql_safe($user_id) . ";";
        }
        // echo "<pre>".print_r($sql,1)."</pre>";
        if (mysql_query($sql)) {
            add_message(_("New flattr choices set"));
        } else {
            add_error(sprintf(_("New flattr choices could not be set. Error: %s"), mysql_error()));
        }
    }
}

コード例 #4

0

ファイルを表示

ファイル: notice.php プロジェクト: carriercomm/shell-2

function notice_display_notices($user)
{
    $sql = "SELECT id, type, subject, message FROM " . PREFIX . "notice WHERE user="******" AND closed IS NULL";
    if ($nn = mysql_query($sql)) {
        while ($n = mysql_fetch_assoc($nn)) {
            echo '
				<div class="row notice">
					<div class="panel panel-default ' . $n['type'] . '">
						<div class="panel-heading">
							<form method="post">
								<input type="hidden" name="notice_id" value="' . $n['id'] . '">
								<input type="submit" name="notice_close" value="x" class="rightfloat close-button">
							</form>
							<h3 class="panel-title">' . $n['subject'] . '</h3>
						</div>
						<div class="panel-body">
							' . $n['message'] . '
						</div>
					</div>
				</div>';
        }
    }
}

コード例 #5

0

ファイルを表示

ファイル: edit-contact.php プロジェクト: vijo/Blue-Smiley-Organizer

    if (!$category_id) {
        $error .= '<li> Category cannot be left blank';
    }
    if (!$firstname && !$lastname && !$company) {
        $error .= '<li> First name / Last name / Company  cannot be left blank';
    }
    if (!$error) {
        if ($new_category) {
            $base_instance->query('INSERT INTO ' . $base_instance->entity['CONTACT']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')');
            $category_id = mysqli_insert_id($base_instance->db_link);
        }
        $firstname = str_replace('"', '&quot;', $firstname);
        $lastname = str_replace('"', '&quot;', $lastname);
        $address = str_replace('"', '&quot;', $address);
        $company = str_replace('"', '&quot;', $company);
        $base_instance->query('UPDATE ' . $base_instance->entity['CONTACT']['MAIN'] . ' SET firstname="' . sql_safe($firstname) . '",lastname="' . sql_safe($lastname) . '",email="' . sql_safe($email) . '",telephone="' . sql_safe($telephone) . '",fax="' . sql_safe($fax) . '",mobile="' . sql_safe($mobile) . '",address="' . sql_safe($address) . '",notes="' . sql_safe($notes) . '",company="' . sql_safe($company) . '",url="' . sql_safe($url) . '",category=' . $category_id . ',public=' . $public . ' WHERE user='******' AND ID=' . $contact_id);
        $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['CONTACT']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'");
        $cat_title = $data[1]->title;
        $base_instance->show_message('Contact updated', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelContact(item){if(confirm("Delete Contact?")){http.open(\'get\',\'delete-contact.php?item=\'+item); http.send(null);}}</script>

<a href="add-contact.php?category_id=' . $category_id . '">[Add more]</a> &nbsp;&nbsp; <a href="edit-contact.php?contact_id=' . $contact_id . '">[Edit]</a> &nbsp;&nbsp; <a href="javascript:DelContact(\'' . $contact_id . '\')">[Delete]</a> &nbsp;&nbsp; <a href="send-content.php?contact_id=' . $contact_id . '">[Send]</a><p><a href="show-contact-categories.php">[Show all Categories]</a> &nbsp; <a href="show-contact.php">[Show all Contacts]</a><p><b>Internal Link:</b> [c' . $contact_id . '] &nbsp;&nbsp; <b>Category:</b> ' . $cat_title . ' <a href="show-contact.php?category_id=' . $category_id . '">[Show]</a>');
    } else {
        $html_instance->error_message = $error;
        $company = stripslashes($company);
        $address = stripslashes($address);
        $notes = stripslashes($notes);
    }
} else {
    $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['CONTACT']['MAIN']} WHERE user='******' AND ID={$contact_id}");
    if (!$data) {
        $base_instance->show_message('Contact not found', '', 1);

コード例 #6

0

ファイルを表示

ファイル: show-reminder-days-overview.php プロジェクト: vijo/Blue-Smiley-Organizer

require 'class.base.php';
require 'class.html.php';
$base_instance = new base();
$html_instance = new html();
$userid = $base_instance->get_userid();
$datetime = date('Y-m-d H:i:s');
if (empty($_GET['order_type'])) {
    $order_type = 'DESC';
} else {
    $order_type = sql_safe($_GET['order_type']);
}
if (empty($_GET['order_col'])) {
    $order_col = 'ID';
} else {
    $order_col = sql_safe($_GET['order_col']);
}
if (empty($_GET['show_all'])) {
    $where = "WHERE DATE_ADD(last_reminded, INTERVAL frequency DAY)<'{$datetime}' AND user='******'";
    $header = 'Reminders To Do &nbsp;&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?show_all=1">[Show all Reminders]</a>';
    $show_all = 0;
} else {
    $where = "WHERE user='******'";
    $header = 'All Reminders &nbsp;&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?show_all=0">[Show Reminders To Do]</a>';
    $show_all = 1;
}
$html_instance->add_parameter(array('ACTION' => 'show_content', 'ENTITY' => 'REMINDER', 'SUBENTITY' => 'DAYS', 'MAXHITS' => 50, 'WHERE' => "{$where} AND homepage=1", 'ORDER_COL' => "{$order_col}", 'ORDER_TYPE' => "{$order_type}", 'HEADER' => "{$header}", 'SORTBAR' => 6, 'SORTBAR_FIELD1' => 'title', 'SORTBAR_NAME1' => 'Title', 'SORTBAR_FIELD2' => 'bluebox', 'SORTBAR_NAME2' => 'Days due', 'SORTBAR_FIELD3' => 'last_reminded', 'SORTBAR_NAME3' => 'Last Time Done', 'SORTBAR_FIELD4' => 'done', 'SORTBAR_NAME4' => 'Done', 'SORTBAR_FIELD5' => 'frequency', 'SORTBAR_NAME5' => 'Do every', 'SORTBAR_FIELD6' => 'datetime', 'SORTBAR_NAME6' => 'Date added', 'INNER_TABLE_WIDTH' => '95%', 'URL_PARAMETER' => "show_all={$show_all}"));
if ($order_col == 'bluebox') {
    $html_instance->para['ORDER_COL'] = '(UNIX_TIMESTAMP("' . $datetime . '")-UNIX_TIMESTAMP(last_reminded)-(frequency*86400))';
}
# translate bluebox ORDER_COL

コード例 #7

0

ファイルを表示

ファイル: show-blog-print.php プロジェクト: vijo/Blue-Smiley-Organizer

<?php

require 'class.base.php';
$base_instance = new base();
$userid = $base_instance->get_userid();
$where = '';
if (isset($_GET['text_search'])) {
    $text_search = sql_safe($_GET['text_search']);
    $where = " AND (text LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%') ";
}
if (isset($_GET['category_id'])) {
    $category_id = (int) $_GET['category_id'];
    $where .= ' AND category=' . $category_id;
} else {
    if (isset($_GET['blog_id'])) {
        $blog_id = (int) $_GET['blog_id'];
        $where = ' AND ID=' . $blog_id;
    }
}
$data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['BLOG']['MAIN']} WHERE user='******'{$where} ORDER BY datetime DESC");
echo '<head><meta http-equiv="content-type" content="text/html;charset=utf-8">
<style type="text/css">
td {font-family:Arial; font-size:10pt}
table.pastel,table.pastel td {border:1px solid #c5c5c5; border-collapse:collapse}
</style>
</head>

<table width="100%" border cellspacing=0 cellpadding=5 class="pastel">';
for ($index = 1; $index <= sizeof($data); $index++) {
    $title = $data[$index]->title;
    $text = $data[$index]->text;

コード例 #8

0

ファイルを表示

ファイル: add-file-by-url.php プロジェクト: vijo/Blue-Smiley-Organizer

             if (!copy($source, $dest)) {
                 $error .= '<li> File could not be stored';
             }
         }
     } else {
         $error .= '<li> File not supplied or too big';
     }
 }
 if (!$error) {
     $datetime = $_POST['datetime'];
     if ($public == 2) {
         $token = 't' . md5(uniqid(rand(), true));
     } else {
         $token = '';
     }
     $base_instance->query('INSERT INTO ' . $base_instance->entity['FILE']['MAIN'] . ' (datetime,text,title,filename,user,category,public,token) VALUES ("' . sql_safe($datetime) . '","' . sql_safe($text) . '","' . sql_safe($title) . '","' . sql_safe($filename) . '",' . $userid . ',' . $category_id . ',' . $public . ',"' . $token . '")');
     $file_id = mysqli_insert_id($base_instance->db_link);
     $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['FILE']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'");
     $cat_title = $data[1]->title;
     #
     $path = pathinfo($filename);
     if (isset($path['extension'])) {
         $ext = strtolower($path['extension']);
     } else {
         $ext = '';
     }
     if ($ext == 'gif' or $ext == 'png' or $ext == 'jpg' or $ext == 'jpeg') {
         $display_image = '<p><b>Display Image:</b> [image-' . $file_id . ']';
     } else {
         $display_image = '';
     }

コード例 #9

0

ファイルを表示

ファイル: add-database-select-field.php プロジェクト: vijo/Blue-Smiley-Organizer

        $select_field_id = mysqli_insert_id($base_instance->db_link);
        for ($index = 1; $index <= $number_of_fields; $index++) {
            $name_item = sql_safe($_POST['name_select_field_item_' . $index]);
            if ($name_item) {
                $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['SELECT_ITEMS']} (title,user,select_field_id) VALUES ('{$name_item}',{$userid},{$select_field_id})");
            }
        }
        $base_instance->show_message('Field saved', '<a href="add-database-number-field.php?category_id=' . $category_id . '">[Add Number Field]</a>&nbsp;&nbsp; <a href="add-database-text-field.php?category_id=' . $category_id . '">[Add Text Field]</a><p>
<a href="add-database-select-field.php?category_id=' . $category_id . '">[Add Select Field]</a> &nbsp;&nbsp; <a href="add-database-checkbox-field.php?category_id=' . $category_id . '">[Add Checkbox Field]</a><p><a href="add-database-data.php?category_id=' . $category_id . '">[Add Data]</a> &nbsp;&nbsp; <a href="edit-database-select-field.php?select_field_id=' . $select_field_id . '">[Edit Field]</a> &nbsp;&nbsp; <a href="show-database-data.php?category_id=' . $category_id . '">[Show all Data]</a>');
    }
}
if (empty($number_of_fields)) {
    $number_of_fields = 5;
}
if (isset($_POST['title_select_field'])) {
    $title_select_field = sql_safe($_POST['title_select_field']);
} else {
    $title_select_field = '';
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Select Fields', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '30%', 'BUTTON_TEXT' => 'Save Field'));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'save_it', 'VALUE' => 1));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'number_of_fields', 'VALUE' => "{$number_of_fields}"));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'category_id', 'VALUE' => "{$category_id}"));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title_select_field', 'VALUE' => "{$title_select_field}", 'SIZE' => 35, 'TEXT' => 'Name of Field'));
for ($index = 1; $index <= $number_of_fields; $index++) {
    $name = 'name_select_field_item_' . $index;
    if (isset($item_value[$index])) {
        $value = $item_value[$index];
    } else {
        $value = '';
    }

コード例 #10

0

ファイルを表示

ファイル: edit-knowledge.php プロジェクト: vijo/Blue-Smiley-Organizer

        $title = str_replace('"', '&quot;', $title);
    }
    if (!$text) {
        $error .= '<li> Text cannot be left blank';
    } else {
        $text = trim($text);
        if (strlen($text) > 65535) {
            $error .= '<li> Text is too long (Max. 65535 Characters)';
        }
    }
    if (!$error) {
        if ($new_category) {
            $base_instance->query('INSERT INTO ' . $base_instance->entity['KNOWLEDGE']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')');
            $category_id = mysqli_insert_id($base_instance->db_link);
        }
        $base_instance->query('UPDATE ' . $base_instance->entity['KNOWLEDGE']['MAIN'] . ' SET text="' . sql_safe($text) . '",title="' . sql_safe($title) . '",category=' . $category_id . ',value=' . $value . ',public=' . $public . ' WHERE user='******' AND ID=' . $knowledge_id);
        $data = $base_instance->get_data('SELECT title FROM ' . $base_instance->entity['KNOWLEDGE']['CATEGORY'] . ' WHERE user='******' AND ID=' . $category_id);
        $cat_title = $data[1]->title;
        $base_instance->show_message('Knowledge updated', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelKnow(item){if(confirm("Delete Knowledge?")){http.open(\'get\',\'delete-knowledge.php?item=\'+item); http.send(null);}}</script>

<a href="add-knowledge.php?category_id=' . $category_id . '">[Add more]</a> &nbsp;&nbsp; <a href="edit-knowledge.php?knowledge_id=' . $knowledge_id . '">[Edit]</a> &nbsp;&nbsp; <a href="javascript:DelKnow(\'' . $knowledge_id . '\')">[Delete]</a> &nbsp;&nbsp; <a href="send-content.php?knowledge_id=' . $knowledge_id . '">[Send]</a><p><a href="show-knowledge-categories.php">[Show all Categories]</a> &nbsp; <a href="show-knowledge.php">[Show all Knowledge]</a><p><b>Internal Link:</b> [k' . $knowledge_id . '] &nbsp;&nbsp; <b>Category:</b> ' . $cat_title . ' <a href="show-knowledge.php?category_id=' . $category_id . '">[Show]</a>');
    } else {
        $html_instance->error_message = $error;
        $text = stripslashes($text);
        $title = stripslashes($title);
    }
} else {
    $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['KNOWLEDGE']['MAIN']} WHERE user='******' AND ID='{$knowledge_id}'");
    if (!$data) {
        $base_instance->show_message('Knowledge not found', '', 1);
    }

コード例 #11

0

ファイルを表示

ファイル: show-to-do.php プロジェクト: vijo/Blue-Smiley-Organizer

<?php

require 'class.base.php';
require 'class.html.php';
$base_instance = new base();
$html_instance = new html();
$userid = $base_instance->get_userid();
$text_search = isset($_REQUEST['text_search']) ? sql_safe($_REQUEST['text_search']) : '';
$whole_words = isset($_POST['whole_words']) ? 1 : '';
$category_id = isset($_REQUEST['category_id']) ? (int) $_REQUEST['category_id'] : '';
if ($text_search && $whole_words) {
    $query = " AND (text REGEXP '([[:space:]]|[[:<:]]){$text_search}([[:>:]]|[[:space:]])' OR title REGEXP '([[:space:]]|[[:<:]]){$text_search}([[:>:]]|[[:space:]])') ";
    $param = 'text_search=' . $text_search . '&amp;';
} else {
    if ($text_search) {
        $query = " AND (text LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%') ";
        $param = 'text_search=' . $text_search . '&amp;';
    } else {
        $query = '';
        $param = '';
    }
}
#
if ($category_id) {
    $query .= " AND (category={$category_id}) ";
    $param .= 'category_id=' . $category_id . '&amp;';
    $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['TO_DO']['CATEGORY']} WHERE ID={$category_id}");
    $title = $data[1]->title;
    $category_name = '(Category ' . $title . ')';
} else {
    $category_name = '';

コード例 #12

0

ファイルを表示

ファイル: chat-advanced-actions.php プロジェクト: vijo/Blue-Smiley-Organizer

    }
    $rows = mysql_num_rows($res);
    for ($index = 1; $index <= $rows; $index++) {
        $data[$index] = mysql_fetch_object($res);
    }
    mysql_free_result($res);
    if (isset($data)) {
        return $data;
    } else {
        return;
    }
}
$message = isset($_REQUEST['message']) ? sql_safe($_REQUEST['message']) : '';
$token = isset($_REQUEST['token']) ? sql_safe($_REQUEST['token']) : '';
$usertoken = isset($_REQUEST['usertoken']) ? sql_safe($_REQUEST['usertoken']) : '';
$name = isset($_REQUEST['name']) ? sql_safe($_REQUEST['name']) : '';
$typing = isset($_REQUEST['typing']) ? (int) $_REQUEST['typing'] : '';
$leave = isset($_REQUEST['leave']) ? 1 : '';
$new_messages = isset($_REQUEST['new_messages']) ? 1 : '';
$timestamp = time();
# post a new message
if ($message != '' && $name != '' && $token != '') {
    $datetime = date('Y-m-d H:i:s');
    $res = mysql_query("INSERT INTO organizer_chat (datetime,token,username,message) VALUES ('{$datetime}','{$token}','{$name}','{$message}')");
}
# I'm still here
if ($usertoken != '') {
    $res = mysql_query("UPDATE organizer_chat_user SET last_active='{$timestamp}',typing='{$typing}' WHERE user_token='{$usertoken}'");
}
# get messages
$msg = '<?xml version="1.0"?><messages>';

コード例 #13

0

ファイルを表示

ファイル: auth.php プロジェクト: vijo/Blue-Smiley-Organizer

    $data = $base_instance->get_data('SELECT * FROM ' . $base_instance->entity['USER']['MAIN'] . ' WHERE ID=' . _GUEST_USERID);
    $username = $data[1]->username;
    $pw = $data[1]->user_password;
} else {
    if (isset($_REQUEST['username'])) {
        $username = sql_safe($_REQUEST['username']);
    } else {
        $username = '';
    }
    if (isset($_REQUEST['pw'])) {
        $pw = sql_safe($_REQUEST['pw']);
    } else {
        $pw = '';
    }
    if (isset($_GET['secure_pw'])) {
        $secure_pw = sql_safe($_GET['secure_pw']);
    } else {
        $secure_pw = '';
    }
}
if (empty($username) && empty($pw)) {
    header('Location: sign-up.php');
    exit;
}
if ($username && ($pw or $secure_pw)) {
    if (isset($_GET['guest'])) {
        $pw_sha1 = $pw;
    } else {
        if (isset($_GET['secure_pw'])) {
            $pw_sha1 = $_GET['secure_pw'];
        } else {

コード例 #14

0

ファイルを表示

ファイル: spam.php プロジェクト: carriercomm/shell-2

function spam_remove_old($type, $time_str)
{
    if ($type == "comment") {
        $created = "added";
    } else {
        if ($type == "feedback") {
            $created = "created";
        } else {
            if ($type == "FAQ") {
                $created = "created";
            }
        }
    }
    $sql = "DELETE FROM " . PREFIX . sql_safe($type) . " \n\tWHERE is_spam>0 \n\tAND {$created}<'" . date("YmdHis", strtotime("- " . $time_str)) . "';";
    // echo "<br />DEBUG2258 ".$sql;
    mysql_query($sql);
}

コード例 #15

0

ファイルを表示

ファイル: add-forum-message.php プロジェクト: vijo/Blue-Smiley-Organizer

    } else {
        if (!$followup) {
            $error .= '<li> Title cannot be left blank';
        }
    }
    if ($text) {
        $text = trim($text);
        if (strlen($text) > 65535) {
            $error .= '<li> Text is too long (Max. 65535 Characters)';
        }
    } else {
        $error .= '<li> Message cannot be left blank';
    }
    if (!$error) {
        $datetime = $_POST['datetime'];
        $base_instance->query('INSERT INTO ' . $base_instance->entity['FORUM']['MAIN'] . ' (datetime,updated,text,title,followup,user) VALUES ("' . sql_safe($datetime) . '","' . sql_safe($datetime) . '","' . sql_safe($text) . '","' . sql_safe($title) . '",' . $followup . ',' . $userid . ')');
        if (_FORUM_NOTIFY == 1 && $userid != _ADMIN_USERID) {
            $msg = "New Forum Message:\n\n" . $title . "\n\n" . $text;
            $base_instance->send_email_from_admin('New Forum Message Notification', $msg, _ADMIN_EMAIL);
        }
        header('Location: show-forum.php');
        exit;
    } else {
        $html_instance->error_message = $error;
        $text = stripslashes($text);
        $title = stripslashes($title);
    }
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'New Forum Message', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.title.focus()"', 'BUTTON_TEXT' => 'Post new Message'));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'followup', 'VALUE' => "{$followup}"));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title', 'VALUE' => "{$title}", 'SIZE' => 50, 'TEXT' => 'Title'));

コード例 #16

0

ファイルを表示

ファイル: ban_list.php プロジェクト: GoeGaming/bans.sevenelevenclan.org

            if (file_exists("include/files/" . $result->demo_file . "_thumb")) {
                unlink("include/files/" . $result->demo_file . "_thumb");
            }
            if (unlink("include/files/" . $result->demo_file)) {
                //if file deleted, remove db entry
                $query2 = mysql_query("DELETE FROM `" . $config->db_prefix . "_files` WHERE `id`=" . $result->id . " LIMIT 1") or die(mysql_error());
            }
        }
    }
    //delete all comments for the ban
    $query = mysql_query("DELETE FROM `" . $config->db_prefix . "_comments` WHERE `bid`=" . $bid) or die(mysql_error());
    //get ban details
    $ban_row = sql_get_ban_details($bid);
    //delete the ban
    $query = mysql_query("DELETE FROM `" . $config->db_prefix . "_bans` WHERE `bid`=" . $bid . " LIMIT 1") or die(mysql_error());
    log_to_db("Ban edit", "Deleted ban: ID " . $bid . " (<" . sql_safe($ban_row["player_nick"]) . "> <" . sql_safe($ban_row["player_id"]) . ">)");
    //redirect to start page
    if ($query) {
        header("Location:index.php");
        exit;
    }
}
$smarty->assign("meta", "");
$smarty->assign("title", $title);
$smarty->assign("title2", $title2);
$smarty->assign("version_web", $config->v_web);
// amxbans.css included in the design? if not use it from default
if (file_exists("templates/" . $config->design . "/amxbans.css")) {
    $smarty->assign("design", $config->design);
}
$smarty->assign("dir", $config->document_root);

コード例 #17

0

ファイルを表示

ファイル: edit-blog-category.php プロジェクト: vijo/Blue-Smiley-Organizer

$userid = $base_instance->get_userid();
$category_id = isset($_REQUEST['category_id']) ? (int) $_REQUEST['category_id'] : exit;
if (isset($_POST['save'])) {
    $error = '';
    $title = $_POST['title'];
    if (!$title) {
        $error .= '<li> Title cannot be left blank';
    } else {
        $title = trim($title);
        if (strlen($title) > 50) {
            $error .= '<li> Title is too long (Max. 50 Characters)';
        }
        $title = str_replace('"', '&quot;', $title);
    }
    if (!$error) {
        $base_instance->query('UPDATE ' . $base_instance->entity['BLOG']['CATEGORY'] . ' SET title="' . sql_safe($title) . '" WHERE user='******' AND ID=' . $category_id);
        $base_instance->show_message('Blog Category updated', '<a href="add-blog.php?category_id=' . $category_id . '">[Add Blog Post]</a> &nbsp;&nbsp; <a href="add-blog-category.php">[Add Category]</a> &nbsp;&nbsp; <a href="edit-blog-category.php?category_id=' . $category_id . '">[Edit]</a> &nbsp;&nbsp; <a href="javascript:void(window.open(\'delete-blog-category.php?category_id=' . $category_id . '\',\'\',\'width=450,height=200,top=100,left=100\'))">[Delete]</a><p><a href="show-blog-categories.php">[Show Blog Categories]</a>');
    } else {
        $html_instance->error_message = $error;
    }
} else {
    $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['BLOG']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'");
    if (!$data) {
        $base_instance->show_message('Blog Category not found');
        exit;
    }
    $title = $data[1]->title;
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Edit Blog Category', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.title.focus()"', 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '20%', 'BUTTON_TEXT' => 'Update Category'));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'category_id', 'VALUE' => $category_id));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title', 'VALUE' => $title, 'SIZE' => 35, 'TEXT' => 'Title'));

コード例 #18

0

ファイルを表示

ファイル: func.php プロジェクト: carriercomm/shell-2

function feedback_get_main_parent($id)
{
    $sql = "SELECT merged_with FROM " . PREFIX . "feedback WHERE id=" . sql_safe($id) . ";";
    if ($ff = mysql_query($sql)) {
        if ($f = mysql_fetch_assoc($ff)) {
            if ($f['merged_with'] !== NULL) {
                return feedback_get_main_parent($f['merged_with']);
            }
        }
    }
    return $id;
}

コード例 #19

0

ファイルを表示

ファイル: add-database-data.php プロジェクト: vijo/Blue-Smiley-Organizer

                $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['SELECT_VALUES']} (date, user, value, data_id,select_field_id,category_id) VALUES ('{$date}',{$userid},{$value},{$insert_id},{$ID},{$category_id})");
            }
        }
        unset($data);
        # insert number values
        $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['NUMBER_FIELDS']} WHERE user='******' AND category_id='{$category_id}'");
        for ($index = 1; $index <= sizeof($data); $index++) {
            $ID = $data[$index]->ID;
            $value = sql_safe($_POST['number' . $ID]);
            $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['NUMBER_VALUES']} (date,user,value,data_id,number_field_id,category_id) VALUES ('{$date}',{$userid},'{$value}',{$insert_id},{$ID},{$category_id})");
        }
        # insert text values
        $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['TEXT_FIELDS']} WHERE user='******' AND category_id='{$category_id}'");
        for ($index = 1; $index <= sizeof($data); $index++) {
            $ID = $data[$index]->ID;
            $value = sql_safe($_POST['text' . $ID]);
            $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['TEXT_VALUES']} (date,user,value,data_id,text_field_id,category_id) VALUES ('{$date}',{$userid},'{$value}',{$insert_id},{$ID},{$category_id})");
        }
        $base_instance->show_message('Data saved', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelData(item){if(confirm("Delete Data?")){http.open(\'get\',\'delete-database-data.php?item=\'+item); http.send(null);}}</script>

<a href="add-database-data.php?category_id=' . $category_id . '">[Add more]</a> &nbsp;&nbsp; <a href="edit-database-data.php?data_id=' . $insert_id . '">[Edit]</a> &nbsp;&nbsp; <a href="javascript:DelData(\'' . $insert_id . '\')">[Delete]</a> &nbsp;&nbsp; <a href="show-database-data.php?category_id=' . $category_id . '">[Show all Data]</a><p>');
    } else {
        $html_instance->error_message = $error;
        $title = stripslashes($title);
    }
}
$day = date('j');
$month = date('n');
$year = date('Y');
$title = isset($_POST['title']) ? $_POST['title'] : '';
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Data', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BUTTON_TEXT' => 'Save Data'));

コード例 #20

0

ファイルを表示

ファイル: add-diary.php プロジェクト: vijo/Blue-Smiley-Organizer

        $error .= '<li> Text cannot be left blank';
    } else {
        $diary_text = trim($diary_text);
        if (strlen($diary_text) > 65535) {
            $error .= '<li> Text is too long (Max. 65535 Characters)';
        }
    }
    if (!$error) {
        $date = $year . '-' . $month . '-' . $day;
        $data = $base_instance->get_data("SELECT ID FROM {$base_instance->entity['DIARY']['MAIN']} WHERE date='{$date}' AND user='******'");
        if (isset($data)) {
            $diary_id = $data[1]->ID;
            $base_instance->query('UPDATE ' . $base_instance->entity['DIARY']['MAIN'] . ' SET text="' . sql_safe($diary_text) . '",title="' . sql_safe($title) . '" WHERE user='******' AND ID=' . $diary_id);
        } else {
            $today = date('Y-m-d');
            $base_instance->query('INSERT INTO ' . $base_instance->entity['DIARY']['MAIN'] . ' (date,text,title,user,last_shown) VALUES ("' . sql_safe($date) . '","' . sql_safe($diary_text) . '","' . sql_safe($title) . '",' . $userid . ',"' . $today . '")');
            $diary_id = mysqli_insert_id($base_instance->db_link);
        }
        $base_instance->show_message('Diary saved', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelDiary(item){if(confirm("Delete Diary?")){http.open(\'get\',\'delete-diary.php?item=\'+item); http.send(null);}}</script>

<a href="add-diary.php?day=' . $day . '&month=' . $month . '&year=' . $year . '">[Edit]</a> &nbsp;&nbsp; <a href="javascript:DelDiary(\'' . $diary_id . '\')">[Delete]</a> &nbsp;&nbsp; <a href="send-content.php?diary_id=' . $diary_id . '">[Send]</a> &nbsp;&nbsp; <a href="show-diary.php">[Show all]</a><p>');
    } else {
        $all_text = '<blockquote><font color="#ff0000"><ul>' . $error . '</ul></font></blockquote>';
        $diary_text = stripslashes($diary_text);
        $title = stripslashes($title);
    }
} elseif (isset($diary_id)) {
    $data = $base_instance->get_data("SELECT ID,date,text,title FROM {$base_instance->entity['DIARY']['MAIN']} WHERE ID='{$diary_id}' AND user='******'");
    if (!$data) {
        $base_instance->show_message('Diary entry not found', '', 1);
    }

コード例 #21

0

ファイルを表示

ファイル: edit-database-checkbox-field.php プロジェクト: vijo/Blue-Smiley-Organizer

         $title_field = str_replace('"', '&quot;', $title_field);
         if (strlen($title_field) > 100) {
             $error .= '<li> Title too long';
         }
     }
     if (!$error) {
         $base_instance->query('UPDATE ' . $base_instance->entity['DATABASE']['CHECKBOX_FIELDS'] . ' SET title="' . sql_safe($title_field) . '" WHERE user='******' AND ID=' . $checkbox_field_id);
         #
         for ($index = 1; $index <= $number_of_fields; $index++) {
             $title_var = $_POST['name_checkbox_field_item_' . $index];
             $id_var = (int) $_POST['id_checkbox_field_item_' . $index];
             if ($title_var) {
                 if ($id_var) {
                     $base_instance->query('UPDATE ' . $base_instance->entity['DATABASE']['CHECKBOX_ITEMS'] . ' SET title="' . sql_safe($title_var) . '" WHERE user='******' AND ID=' . $id_var);
                 } else {
                     $base_instance->query('INSERT INTO ' . $base_instance->entity['DATABASE']['CHECKBOX_ITEMS'] . ' (title,user,checkbox_field_id) VALUES ("' . sql_safe($title_var) . '",' . $userid . ',' . $checkbox_field_id . ')');
                 }
             }
         }
         $base_instance->show_message('Field upated', '<a href="edit-database-checkbox-field.php?checkbox_field_id=' . $checkbox_field_id . '">[Edit Field]</a> &nbsp;&nbsp; <a href="javascript:void(window.open(\'delete-database-checkbox-field.php?checkbox_field_id=' . $checkbox_field_id . '\',\'\',\'width=450,height=200,top=100,left=100\'))">[Delete Field]</a>');
     } else {
         $html_instance->error_message = $error;
     }
 } else {
     $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['CHECKBOX_FIELDS']} WHERE user='******' AND ID='{$checkbox_field_id}'");
     if (!$data) {
         $base_instance->show_message('Database field not found');
         exit;
     }
     $title_field = $data[1]->title;
     $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['CHECKBOX_ITEMS']} WHERE user='******' AND checkbox_field_id='{$checkbox_field_id}' ORDER BY ID ASC");

コード例 #22

0

ファイルを表示

ファイル: edit-about-me.php プロジェクト: vijo/Blue-Smiley-Organizer

$html_instance = new html();
$userid = $base_instance->get_userid();
if (isset($_POST['save'])) {
    $error = '';
    $about_me = $_POST['about_me'];
    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];
    $country = (int) $_POST['country'];
    if (!empty($about_me)) {
        $about_me = trim($about_me);
        if (strlen($about_me) > 65535) {
            $error .= '<li> Text is too long (Max. 65535 Characters)';
        }
    }
    if (!$error) {
        $base_instance->query('UPDATE ' . $base_instance->entity['USER']['MAIN'] . ' SET about_me="' . sql_safe($about_me) . '",firstname="' . sql_safe($firstname) . '",lastname="' . sql_safe($lastname) . '",country=' . $country . ' WHERE ID=' . $userid);
        $base_instance->show_message('About Me page updated', '<a href="show-user.php?userid=' . $userid . '">[View Profile Page]</a>');
    } else {
        $html_instance->error_message = $error;
    }
} else {
    $data = $base_instance->get_data("SELECT about_me,firstname,lastname,country FROM {$base_instance->entity['USER']['MAIN']} WHERE ID='{$userid}'");
    $about_me = $data[1]->about_me;
    $firstname = $data[1]->firstname;
    $lastname = $data[1]->lastname;
    $country = $data[1]->country;
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'About Me', 'TEXT_CENTER' => 'The About Me text is a public text which appears in your profile.<br>Firstname and lastname is not public, it will only be used for sending emails within the Organizer.<p>', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.about_me.focus()"', 'BUTTON_TEXT' => 'Update'));
$html_instance->add_form_field(array('TYPE' => 'textarea', 'NAME' => 'about_me', 'VALUE' => "{$about_me}", 'TEXT' => 'About me', 'COLS' => 80, 'ROWS' => 4));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'firstname', 'VALUE' => "{$firstname}", 'SIZE' => 35, 'TEXT' => 'Firstname'));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'lastname', 'VALUE' => "{$lastname}", 'SIZE' => 35, 'TEXT' => 'Lastname'));

コード例 #23

0

ファイルを表示

ファイル: operation.php プロジェクト: carriercomm/shell-2

                                         $sql = "UPDATE " . PREFIX . "feedback SET size=3 WHERE id=" . sql_safe($_GET['id']) . ";";
                                         mysql_query($sql);
                                         feedback_display_size_buttons($_GET['id'], $_GET['div_id']);
                                     } else {
                                         if ($_GET['operation'] == "big_change") {
                                             $sql = "UPDATE " . PREFIX . "feedback SET size=4 WHERE id=" . sql_safe($_GET['id']) . ";";
                                             mysql_query($sql);
                                             feedback_display_size_buttons($_GET['id'], $_GET['div_id']);
                                         } else {
                                             if ($_GET['operation'] == "merge" && isset($_GET['extra'])) {
                                                 $sql = "UPDATE " . PREFIX . "feedback SET merged_with=" . sql_safe($_GET['extra']) . " WHERE id=" . sql_safe($_GET['id']) . ";";
                                                 mysql_query($sql);
                                                 feedback_display_merge_form($_GET['id'], $_GET['div_id']);
                                             } else {
                                                 if ($_GET['operation'] == "unmerge") {
                                                     $sql = "UPDATE " . PREFIX . "feedback SET merged_with=NULL WHERE id=" . sql_safe($_GET['id']) . ";";
                                                     mysql_query($sql);
                                                     feedback_display_merge_form($_GET['id'], $_GET['div_id']);
                                                 }
                                             }
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }

コード例 #24

0

ファイルを表示

ファイル: func.php プロジェクト: carriercomm/shell-2

function comment_display_author_text($comment_id)
{
    $sql = "SELECT user, nick, email, url, added FROM " . PREFIX . "comment WHERE id=" . sql_safe($comment_id) . ";";
    if ($cc = mysql_query($sql)) {
        if ($c = mysql_fetch_assoc($cc)) {
            $comment_time = date("Y-m-d H:i", strtotime($c['added']));
            $comment_link = comment_get_link($comment_id);
            $user_link = NULL;
            if ($c['user'] !== NULL) {
                $user_name = user_get_name($c['user']);
                $user_link = user_get_link($c['user']);
            } else {
                if ($c['nick'] !== NULL) {
                    $user_name = $c['nick'];
                    $user_link = "<a href=\"" . $c['url'] . "\">" . $user_name . "</a>";
                }
            }
            //Kolla om författaren är admin
            if (user_get_admin($c['user']) > 1) {
                $admin = " " . _("(Admin)");
            } else {
                $admin = "";
            }
            if (!isset($user_name)) {
                echo sprintf(_("Posted at <a href=\"%s\">%s</a>"), $comment_link, $comment_time);
            } else {
                if ($user_link == NULL) {
                    echo sprintf(_("Posted by %s%s at <a href=\"%s\">%s</a>"), $user_name, $admin, $comment_link, $comment_time);
                } else {
                    echo sprintf(_("Posted by %s%s at <a href=\"%s\">%s</a>"), $user_link, $admin, $comment_link, $comment_time);
                }
            }
        }
    }
}

コード例 #25

0

ファイルを表示

ファイル: add-note-category.php プロジェクト: vijo/Blue-Smiley-Organizer

require 'class.base.php';
require 'class.html.php';
$base_instance = new base();
$html_instance = new html();
$userid = $base_instance->get_userid();
if (isset($_POST['save'])) {
    $error = '';
    $title = $_POST['title'];
    if (!$title) {
        $error .= '<li> Title cannot be left blank';
    } else {
        $title = trim($title);
        if (strlen($title) > 50) {
            $error .= '<li> Title is too long (Max. 50 Characters)';
        }
        $title = str_replace('"', '&quot;', $title);
    }
    if (!$error) {
        $title = sql_safe($title);
        $html_instance->check_for_duplicates_by_title('NOTE', 'CATEGORY', $title, $userid);
        $base_instance->query('INSERT INTO ' . $base_instance->entity['NOTE']['CATEGORY'] . ' (title,user) VALUES ("' . $title . '",' . $userid . ')');
        $cat_id = mysqli_insert_id($base_instance->db_link);
        $base_instance->show_message('Notes Category saved', '<a href="add-note.php?category_id=' . $cat_id . '">[Add Note]</a> &nbsp;&nbsp; <a href="add-note-category.php">[Add Category]</a> &nbsp;&nbsp; <a href="edit-note-category.php?category_id=' . $cat_id . '">[Edit]</a> &nbsp;&nbsp; <a href="javascript:void(window.open(\'delete-note-category.php?category_id=' . $cat_id . '\',\'\',\'width=450,height=200,top=100,left=100\'))">[Delete]</a><p><a href="show-note-categories.php">[Show Notes Categories]</a>');
    } else {
        $html_instance->error_message = $error;
        $title = stripslashes($title);
    }
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Notes Category', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.title.focus()"', 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '20%', 'BUTTON_TEXT' => 'Save Category'));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title', 'VALUE' => '', 'SIZE' => 35, 'TEXT' => 'Title'));
$html_instance->process();

コード例 #26

0

ファイルを表示

ファイル: add-rss-feeds.php プロジェクト: vijo/Blue-Smiley-Organizer

        }
        if (!empty($feed) && !$title) {
            $error .= '<li> Feed Title ' . $index . ' cannot be left empty';
        }
        $data = $base_instance->get_data('SELECT ID FROM ' . $base_instance->entity['RSS']['MAIN'] . ' WHERE feed="' . sql_safe($feed) . '" AND user='******'<li> RSS Feed ' . $index . ' already saved';
        }
    }
    if (!$error) {
        for ($index = 1; $index <= $number_of_fields; $index++) {
            if (!empty($_POST['title' . $index])) {
                $title = $_POST['title' . $index];
                $feed = $_POST['feed' . $index];
                $max_items = $_POST['max_items' . $index];
                $base_instance->query('INSERT INTO ' . $base_instance->entity['RSS']['MAIN'] . ' (user,feed,title,max_items) VALUES (' . $userid . ',"' . sql_safe($feed) . '","' . sql_safe($title) . '","' . sql_safe($max_items) . '")');
            }
        }
        $base_instance->show_message('RSS Feeds saved', '<a href="add-rss-feeds.php">[Add RSS Feeds]</a> &nbsp;&nbsp; <a href="show-rss-feeds.php">[Show RSS Feeds]</a><p><a href="show-home.php">[Edit Homepages]</a>');
    } else {
        $html_instance->error_message = $error;
    }
}
if (isset($_POST['more_fields'])) {
    $number_of_fields += 3;
    $text = '<table>';
    for ($index = 1; $index <= $number_of_fields; $index++) {
        if (isset($_POST['title' . $index])) {
            $title = stripslashes($_POST['title' . $index]);
        } else {
            $title = '';

コード例 #27

0

ファイルを表示

ファイル: add-database-text-field.php プロジェクト: vijo/Blue-Smiley-Organizer

<?php

require 'class.base.php';
require 'class.html.php';
$base_instance = new base();
$html_instance = new html();
$userid = $base_instance->get_userid();
$category_id = isset($_REQUEST['category_id']) ? (int) $_REQUEST['category_id'] : exit;
if (isset($_POST['save_it'])) {
    $title_text_field = sql_safe($_POST['title_text_field']);
    $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['TEXT_FIELDS']} (user,title,category_id) VALUES ({$userid},'{$title_text_field}',{$category_id})");
    $field_id = mysqli_insert_id($base_instance->db_link);
    $base_instance->show_message('Field saved', '<a href="add-database-number-field.php?category_id=' . $category_id . '">[Add Number Field]</a>&nbsp;&nbsp; <a href="add-database-text-field.php?category_id=' . $category_id . '">[Add Text Field]</a><p>
<a href="add-database-select-field.php?category_id=' . $category_id . '">[Add Select Field]</a> &nbsp;&nbsp; <a href="add-database-checkbox-field.php?category_id=' . $category_id . '">[Add Checkbox Field]</a><p><a href="add-database-data.php?category_id=' . $category_id . '">[Add Data]</a> &nbsp;&nbsp; <a href="edit-database-text-field.php?text_field_id=' . $field_id . '">[Edit Field]</a> &nbsp;&nbsp; <a href="show-database-data.php?category_id=' . $category_id . '">[Show all Data]</a>');
}
$html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Text Field', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '30%', 'BUTTON_TEXT' => 'Save Field'));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'save_it', 'VALUE' => 1));
$html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'category_id', 'VALUE' => "{$category_id}"));
$html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title_text_field', 'VALUE' => '', 'SIZE' => 35, 'TEXT' => 'Name of Field'));
$html_instance->process();

コード例 #28

0

ファイルを表示

ファイル: task.php プロジェクト: Viddeliten/shared_tasks

function task_get_name($task_id)
{
    $sql = "SELECT \n\t\tname\n\tFROM task \n\tWHERE id=" . sql_safe($task_id) . ";";
    if ($cc = mysql_query($sql)) {
        if ($c = mysql_fetch_assoc($cc)) {
            return $c['name'];
        }
    }
    return NULL;
}

コード例 #29

0

ファイルを表示

ファイル: add-contact.php プロジェクト: vijo/Blue-Smiley-Organizer

        if (strlen($new_category) > 50) {
            $error .= '<li> Category title is too long (Max. 50 Characters)';
        }
    }
    if (!$error) {
        if ($new_category) {
            $base_instance->query('INSERT INTO ' . $base_instance->entity['CONTACT']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')');
            $category_id = mysqli_insert_id($base_instance->db_link);
        }
        $datetime = $_POST['datetime'];
        $html_instance->check_for_duplicates('CONTACT', 'MAIN', $datetime, $userid);
        $firstname = str_replace('"', '&quot;', $firstname);
        $lastname = str_replace('"', '&quot;', $lastname);
        $address = str_replace('"', '&quot;', $address);
        $company = str_replace('"', '&quot;', $company);
        $base_instance->query('INSERT INTO ' . $base_instance->entity['CONTACT']['MAIN'] . ' (datetime,user,firstname,lastname,email,telephone,fax,mobile,address,notes,company,url,category,public) VALUES ("' . sql_safe($datetime) . '",' . $userid . ',"' . sql_safe($firstname) . '","' . sql_safe($lastname) . '","' . sql_safe($email) . '","' . sql_safe($telephone) . '","' . sql_safe($fax) . '","' . sql_safe($mobile) . '","' . sql_safe($address) . '","' . sql_safe($notes) . '","' . sql_safe($company) . '","' . sql_safe($url) . '",' . $category_id . ',' . $public . ')');
        $contact_id = mysqli_insert_id($base_instance->db_link);
        $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['CONTACT']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'");
        $cat_title = $data[1]->title;
        $base_instance->show_message('Contact saved', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelContact(item){if(confirm("Delete Contact?")){http.open(\'get\',\'delete-contact.php?item=\'+item); http.send(null);}}</script>

<a href="add-contact.php?category_id=' . $category_id . '">[Add more]</a> &nbsp;&nbsp; <a href="edit-contact.php?contact_id=' . $contact_id . '">[Edit]</a> &nbsp;&nbsp; <a href="javascript:DelContact(\'' . $contact_id . '\')">[Delete]</a> &nbsp;&nbsp; <a href="send-content.php?contact_id=' . $contact_id . '">[Send]</a><p><a href="show-contact-categories.php">[Show all Categories]</a> &nbsp; <a href="show-contact.php">[Show all Contacts]</a><p><b>Internal Link:</b> [c' . $contact_id . '] &nbsp;&nbsp; <b>Category:</b> ' . $cat_title . ' <a href="show-contact.php?category_id=' . $category_id . '">[Show]</a>');
    } else {
        $html_instance->error_message = $error;
        $company = stripslashes($company);
        $address = stripslashes($address);
        $notes = stripslashes($notes);
    }
}
# default category
if (!$category_id) {

コード例 #30

0

ファイルを表示

ファイル: show-links.php プロジェクト: vijo/Blue-Smiley-Organizer

$cat_header = '';
$minus = '';
if (empty($_GET['order_type'])) {
    $order_type = 'DESC';
} else {
    $order_type = sql_safe($_GET['order_type']);
    $sort .= 'order_type=' . $order_type . '&amp;';
}
if (empty($_GET['order_col'])) {
    $order_col = 'ttv';
} else {
    $order_col = sql_safe($_GET['order_col']);
    $sort .= 'order_col=' . $order_col . '&amp;';
}
if (isset($_REQUEST['text_search'])) {
    $text_search = sql_safe($_REQUEST['text_search']);
    $query .= " AND (subtitle LIKE '%{$text_search}%' OR url LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%' OR notes LIKE '%{$text_search}%' OR keywords LIKE '%{$text_search}%') ";
    $param .= 'text_search=' . $text_search . '&amp;';
} else {
    $text_search = '';
}
if (isset($_REQUEST['category_id'])) {
    $category_id = (int) $_REQUEST['category_id'];
    $cat_name = $misc_instance->get_link_category($category_id);
    $cat_header = ' &nbsp;&nbsp; (Category ' . $cat_name . ')';
    $query .= " AND (category={$category_id}) ";
    $param .= 'category_id=' . $category_id . '&amp;';
}
if (isset($_GET['bluebox'])) {
    $where = "WHERE ((DATE_ADD(last_visit, INTERVAL frequency SECOND)<'{$datetime}' AND frequency_mode=3) OR frequency_mode=1) AND user='******' {$query}";
    $header = 'Bluebox (Links Due) &nbsp;&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?' . $sort . $param . 'show_all=1">[Show all Links]</a>';

PHP sql_safeの例