function get_recipe($recipe) { global $doc, $xpath; $url = 'http://www.marmiton.org/recettes/recherche.aspx?aqt=' . urlencode($recipe); $pageList = file_get_contents($url); // get response list and match recipes titles if (preg_match_all('#m_titre_resultat[^\\<]*<a .*title="(.+)".* href="(.+)"#isU', $pageList, $matchesList)) { // echo"<xmp>";print_r($matchesList[1]);echo"</xmp>"; // for each recipes titles // foreach($matchesList[1] as $recipeTitle) { // } // take first recipe $n = 0; $url = 'http://www.marmiton.org' . $matchesList[2][$n]; $pageRecipe = file_get_contents($url); // get recipe (minimize/clean before dom load) if (preg_match('#<div class="m_content_recette_main">.*<div id="recipePrevNext2"></div>\\s*</div>#isU', $pageRecipe, $match)) { $recipe = $match[0]; $recipe = preg_replace('#<script .*</script>#isU', '', $recipe); $doc = loadDOC($pageRecipe); $xpath = new DOMXpath($doc); $recipeTitle = fetchOne('//h1[@class="m_title"]'); $recipeMain = fetchOne('//div[@class="m_content_recette_main"]'); return '<div class="recipe_root">' . $recipeTitle . $recipeMain . '</div>'; } } }
function login() { $username = $_POST['username']; //防sql注入语句 //第一种方法:addslashes():使用反斜线引用特殊字符 //$username=addslashes($username); //第二种方法:mysql_escape_string():转换一个字符串,用于mysql_query $username = mysql_escape_string($username); $password = md5($_POST['password']); $sql = "select * from imooc_user where username='******' and password='******'"; /*以下语句打印出的sql语句,看出恶意攻击的sql注入 //如有人在账户名中输入“ ' or 1=1 # ” //这段代码,那语句会变成select * from imooc_user where username='******' and password='******' //那等于用户名为空或者1=1的sql语句,这句永远为空,则返回ture,那根据下面语句,就会直接登录 //echo $sql;exit; */ //$resNum=getResultNum($sql); $row = fetchOne($sql); //echo $resNum; if ($row) { $_SESSION['loginFlag'] = $row['id']; $_SESSION['username'] = $row['username']; $mes = "登陆成功!<br/>3秒钟后跳转到首页<meta http-equiv='refresh' content='3;url=index.php'/>"; } else { $mes = "登陆失败!<a href='login.php'>重新登陆</a>"; } return $mes; }
function month_total_fee($month) { $year = explode('-', $month)[0]; $mon = explode('-', $month)[1]; //获取需要的月份相应交费记录并计算总费用 $sql = "select fee,date,dueDate from hh_fee"; $rows = fetchAll($sql); $total = 0; foreach ($rows as $row) { $day1 = $row['date']; $day2 = $row['dueDate']; $fee = $row['fee']; $T = ceil($fee / days_dis($day1, $day2)); //$T为 该笔学费每天的收入 $days = month_days($day1, $day2, $month); if ($days) { $total = $days * $T + $total; } } $arr = array('year' => $year, 'month' => $mon, 'total' => $total); //如果已存在相应日期记录,则进行更新操作,否则进行插入 $sql = "select count(total) from hh_totalFee where year={$year} and month={$mon}"; $result = fetchOne($sql)['count(total)']; if ($result >= 1) { update('hh_totalFee', $arr, "year={$year} and month={$mon}"); } else { insert('hh_totalFee', $arr); } }
function login() { $username = $_POST['username']; //addslashes():使用反斜线引用特殊字符 //$username=addslashes($username); //$username=mysql_escape_string($username); /*Deprecated: mysql_escape_string(): This function is deprecated; use mysql_real_escape_string() instead */ $username = mysql_real_escape_string($username); $password = md5($_POST['password']); $sql = "select * from user where username='******' and password='******'"; //$resNum=getResultNum($sql); //var_dump($sql);exit; $row = fetchOne($sql); //echo $resNum; if ($row) { $_SESSION['loginFlag'] = $row['id']; $_SESSION['username'] = $row['username']; $mes = "登陆成功!<br/>3秒钟后跳转到首页<meta http-equiv='refresh' content='3;url=index.php'/>"; } else { $mes = "登陆失败!<a href='login.php'>重新登陆</a>"; } return $mes; }
function notify_fee($type) { $rows_member = getAllActiveMid(); //循环出一个含有所有激活用户的mid和最新dueDate的$arrs_durDate[] foreach ($rows_member as $row_member) { $mid = $row_member['mid']; $sql = "select mid,dueDate,fee from hh_fee where mid={$mid} order by dueDate desc limit 1"; $row_dueDate = fetchOne($sql); if ($row_dueDate) { $arrs_dueDate[] = $row_dueDate; } } // return $arrs_dueDate; $i = 0; //格式化时间,运算后输出 费交期 与 今日 的差值(天) foreach ($arrs_dueDate as $arr_dueDate) { $due = strtotime($arr_dueDate['dueDate']); $now = time(); $day[$i]['mid'] = $arr_dueDate['mid']; $day[$i]['name'] = getMemberInfo($arr_dueDate['mid'])['name']; $day[$i]['day'] = ceil(($due - $now) / 86400); $day[$i]['fee'] = $arr_dueDate['fee']; $i++; } $n = 0; $output = array(); // return $day; foreach ($day as $day1) { if ($type == 1) { //5天之内该交费的 if ($day1['day'] <= 5 && $day1['day'] > 0) { $output[$n]['mid'] = $day1['mid']; $output[$n]['name'] = $day1['name']; $output[$n]['day'] = $day1['day']; $output[$n]['fee'] = $day1['fee']; } } elseif ($type == 2) { //今天该交费的 if ($day1['day'] == 0) { $output[$n]['mid'] = $day1['mid']; $output[$n]['name'] = $day1['name']; $output[$n]['day'] = $day1['day']; $output[$n]['fee'] = $day1['fee']; } } elseif ($type == 3) { //超过交费期的 if ($day1['day'] < 0) { $output[$n]['mid'] = $day1['mid']; $output[$n]['name'] = $day1['name']; $output[$n]['day'] = $day1['day']; $output[$n]['fee'] = $day1['fee']; } } $n++; } $output = sort_array($output, 'day'); return $output; }
function deleteAction() { $id = $_GET['id']; // 获取图像的相关信息 $sql = "SELECT proImage AS image FROM products WHERE id=" . $id; $row = fetchOne($sql); unlink('../proimages/' . $row['image']); // 删除记录 delete('products', 'id=' . $id); $message = '商品已经成功删除'; $redirect = '<a href="recyclePro.php">返回回收站</a>'; require_once 'thems/a.html'; }
function editAdmin($id) { $arr = $_POST; $row = fetchOne("select * from admin where id={$id}"); // 只有修改了密码,才使用md5加密 if ($row != null && $row["password"] != $arr["password"]) { $arr["password"] = md5($arr["password"]); } if (update("admin", $arr, "id={$id}")) { $msg = "更新成功!<br/> <a href='listAdmin.php'>查看管理员列表</a>"; } else { $msg = "更新失败!<br/> <a href='listAdmin.php'>查看管理员列表</a>"; } return $msg; }
function reader_excel($destination, $phonebook_id) { // Set output Encoding. $data = new Spreadsheet_Excel_Reader(); $data->setOutputEncoding('utf-8'); //”data.xls”是指要导入到mysql中的excel文件 $data->read($destination); echo $phonebook_id; echo '<br/>'; echo "<table style='border-collapse:collapse;border-spacing:0;border:1px solid #000'>"; for ($i = 2; $i <= $data->sheets[0]['numRows']; $i++) { //以下注释的for循环打印excel表数据 $array = array(); $contacts_arr = array(); echo "<tr style='border:1px solid #000'>"; for ($j = 1; $j <= 3; $j++) { if (empty($data->sheets[0]['cells'][$i][$j])) { $array[$j - 1] = null; echo "<td style='border:1px solid #000'></td>"; } else { $array[$j - 1] = $data->sheets[0]['cells'][$i][$j]; echo "<td style='border:1px solid #000'>" . $data->sheets[0]['cells'][$i][$j] . "</td>"; } } echo '</tr>'; var_dump($array); echo '<br/>'; $sql_fetchlongnum = "SELECT * FROM contacts where longnum ='{$array[1]}'"; $old_phonebook_id = fetchOne($sql_fetchlongnum)['phonebook_id']; if ($old_phonebook_id) { $new_phonebook_id = $old_phonebook_id . '|' . $phonebook_id; $contacts_arr = array('phonebook_id' => $new_phonebook_id); update('contacts', $contacts_arr, "longnum=" . "'{$array['1']}'"); } else { $contacts_arr = array('phonebook_id' => $phonebook_id, 'name' => $array[0], 'longnum' => $array[1], 'shortnum' => $array[2]); echo insert('contacts', $contacts_arr); } } echo "</table>"; }
<?php require_once 'include.php'; require_once 'header.php'; @($sql = "select user_type from tg_user_login where user_id='{$_SESSION['user_id']}'"); @($row = fetchOne($sql)); @($type = $row['user_type']); ?> <!-- Page Content --> <div class="container"> <!-- Page Heading/Breadcrumbs --> <div class="row"> <div class="col-lg-12"> <h1 class="page-header">How it works <small>Guest</small> </h1> <ol class="breadcrumb"> <li><a href="index.php">Home</a> </li> <li class="active">How it works (guest)</li> </ol> </div> </div> <!-- /.row --> <div class="row"> <a href="host-how-it-works.php" class="btn btn-success fr">I am a Host</a> </div>
function articlePage($section, $filePath) { // -----[ CACHE LITE ]----- // Cache Lite is optional but recommended as it rolls and stores the page as HTML // and avoids having to rebuild the page everytime it is called. You will need to clear // the cache if you update the page. You could create a seperate "clearcache.php" page. // See: "/site/orgile/clearcache.php". require_once 'Cache/Lite/Output.php'; $options = array('cacheDir' => '/srv/www/' . SITEURL . '/www/site/ramcache/', 'lifeTime' => '604800'); // Define cache directory and cache lifetime (168 hours). $cache = new Cache_Lite_Output($options); // Begin cache lite. if (!$cache->start($filePath)) { if (is_file($filePath)) { $fileData = file_get_contents($filePath, NULL, NULL, 0, 1000); // This reads the first 1000 chars for speed. // Pulls details from .org file header. $regex = '/^#\\+\\w*:(.*)/m'; preg_match_all($regex, $fileData, $matches); $title = trim($matches[1][0]); $author = trim($matches[1][1]); $date = trim($matches[1][2]); $date = date('c', cleanDate($date)); $description = trim($matches[1][3]); $description = strip_tags($description); // Create HTML header. $htmlHeader = htmlHeader($date, $author, $description, $title, dropDash($section)); // Starts the object buffer. ob_start(); pageHeader(); print '<div id="columnX">'; fetchOne($filePath, 'orgile'); print '</div>'; print '<div id="columnY">'; print '<aside>'; print '<div class="content">'; print '<h2><a href="/' . spaceDash($section) . '/" title="' . spaceDash($section) . '">' . spaceDash($section) . '</a>:</h2>'; print '<ul class="side">'; fetchSome($section, 'list', '0', 'sort'); // See function below. print '</ul><br>'; print '</div>' . sideContent(); print '</aside>'; print '</div>'; pageFooter(); // End the object buffer. $content = ob_get_contents(); ob_end_clean(); $content = $htmlHeader . $content; } // End: is_file($filePath). print $content; // End cache. $cache->end(); } // End: cache lite. }
$numRows = getResultNum($sql1); $totalPage = ceil($numRows / $pageSize); } elseif ($type == 'sending') { $data = sending($id, $pageSize, ''); $goods = 3; $username1 = fetchOne("select username from tuhao_user where id={$id}"); $sql1 = "select * from tuhao_pro where username='******' and receiver is null order by reg_time desc "; $numRows = getResultNum($sql1); $totalPage = ceil($numRows / $pageSize); } $arr = array('status' => 1); update("tuhao_pro", $arr, "username='******' and is_send=1 and status =0"); $sql = "select user_id,college,head_photo,levell,score from tuhao_info where user_id={$id}"; $user = fetchOne($sql); $sql1 = "select username from tuhao_user where id={$user['user_id']}"; $username1 = fetchOne($sql1); $user['src'] = "uploads/" . $user['head_photo']; $user['username'] = $username1['username']; $smarty->assign('username', $username); $smarty->assign('study', $study); $smarty->assign('clothes', $clothes); $smarty->assign('digital', $digital); $smarty->assign('transportation', $transportation); $smarty->assign('entertainment', $entertainment); $smarty->assign('others', $others); $smarty->assign('activity', $activity); $smarty->assign('loginFlag', $loginFlag); $smarty->assign('data', $data); $smarty->assign('sentNum', $sentNum); $smarty->assign('mesNum', $mesNum); $smarty->assign('goods', $goods);
} function truncate($table) { $sql = 'TRUNCATE TABLE' . $table; mysql_query($sql); } function fetchAll($sql, $result_type = MYSQL_ASSOC) { $result = mysql_query($sql); $rowCount = mysql_num_rows($result); if ($rowCount) { while ($row = mysql_fetch_array($result, $result_type)) { $rows[] = $row; } return $rows; } return FALSE; } function fetchOne($sql, $result_type = MYSQL_ASSOC) { $result = mysql_query($sql); $rowCount = mysql_num_rows($result); if ($rowCount) { return mysql_fetch_array($result, $result_type); } return FALSE; } connection('localhost', 'root', 'root', 'test'); $sql = 'SELECT * FROM users'; $rowset = fetchOne($sql); print_r($rowset);
function getPostBypid($pid) { $sql = "select * from zhx_post where pid={$pid}"; $row = fetchOne($sql); return $row; }
$clothes = catePro('衣服配饰'); $digital = catePro('数码产品'); $transportation = catePro('交通工具'); $entertainment = catePro('生活娱乐'); $others = catePro('其他'); $activity = catePro('11.11'); if (isset($_SESSION['id']) && isset($_SESSION['username'])) { $id = $_SESSION['id']; $username = $_SESSION['username']; $loginFlag = $_SESSION['id']; $sql = "select head_photo from tuhao_info where user_id={$_SESSION['id']}"; $src = fetchOne($sql); $headPhoto = "uploads/" . $src['head_photo']; } elseif (autoLogin()) { $sql = "select * from tuhao_user where auto_token='{$_COOKIE['autoToken']}'"; $data = fetchOne($sql); $username = $data['username']; $loginFlag = $data['id']; $id = $data['id']; } else { $username = ''; $loginFlag = 0; $id = 0; } $sql2 = "select * from tuhao_pro where username='******' and is_send=1 and status =0"; $sentNum = getResultNum($sql2); $sql3 = "select * from tuhao_comm where receiver_id={$id} and status = 0"; $mesNum = getResultNum($sql3); $smarty->assign('username', $username); //$smarty->assign('headPhoto',$headPhoto); $smarty->assign('study', $study);
/** * 根据ID得到指定分类信息 * @param int $id * @return array */ function getCateById($id) { $sql = "select id,cName from imooc_cate where id={$id}"; return fetchOne($sql); }
function getProImgsById($id) { $sql = "select albumPath from imooc_album where pid={$id} limit 1"; $row = fetchOne($sql); return $row; }
<?php require_once 'include.php'; $sql="select * from web_config"; $web_config=fetchOne($sql); print_r($web_config); //foreach($web_configs as $web_config): ?>
window.location.href="YS_about.php"; </script> <?php } ?> <?php //创业工厂---入驻通知 if ($table == 'CY_news') { ////改变文件操作权限并删除 $sql = "select path from CY_news where id = '{$id}'"; $file = fetchOne($sql); if (file_exists($file['path'])) { chmod($file['path'], 0777); unlink($file['path']); } //删除数据库内容 $sql = "delete from CY_news where id='{$id}' limit 1"; $result = @mysql_query($sql); ?> <script type="text/javascript" language="javascript"> window.location.href="CY_news.php"; </script> <?php }
$id = $data['id']; } else { $username = ''; $loginFlag = 0; $id = 0; } $pro_id = isset($_GET['pro_id']) ? $_GET['pro_id'] : ''; $pro_name = isset($_GET['pro_name']) ? $_GET['pro_name'] : ''; if ($pro_id != '') { $goods = getProById($pro_id); $src = getImgByProId($pro_id); //print_r($src); $sql = "select id from tuhao_user where username='******'receiver']}'"; $sql1 = "select id from tuhao_user where username='******'username']}'"; $receiver = fetchOne($sql); $user = fetchOne($sql1); $receiver_id = $receiver['id']; $user_id = $user['id']; $goods['reg_time'] = date('Y.m.d', $goods['reg_time']); $goods['src'] = $src; $goods['receiver_id'] = $receiver_id; if ($goods['receiver_id'] == '') { $goods['receiver_id'] = 0; } $goods['user_id'] = $user_id; } $pageSize = 8; $sql = "select * from tuhao_comm where pro_id={$pro_id} and parent_id=0 order by reg_time desc"; $numRows = getResultNum($sql); $totalPage = ceil($numRows / $pageSize); $sql2 = "select * from tuhao_pro where username='******' and is_send=1 and status =0";
$loginFlag = 0; $id = 0; } $pageSize = 8; $data = sending($id, $pageSize, ''); $goods = 3; $username1 = fetchOne("select username from tuhao_user where id={$id}"); $sql1 = "select * from tuhao_pro where username='******'username']}' and receiver is null order by reg_time desc "; $numRows = getResultNum($sql1); $totalPage = ceil($numRows / $pageSize); $sql2 = "select * from tuhao_pro where username='******' and is_send=1 and status =0"; $sentNum = getResultNum($sql2); $sql3 = "select * from tuhao_comm where receiver_id={$id} and status = 0"; $mesNum = getResultNum($sql3); $sql = "select user_id,college,head_photo,levell,score from tuhao_info where user_id={$id}"; $user = fetchOne($sql); $sql4 = "select * from tuhao_pro where id={$user['user_id']} and status=1"; $user['sendNum'] = getResultNum($sql4); $user['src'] = "uploads/" . $user['head_photo']; $user['username'] = $username1['username']; $smarty->assign('username', $username); $smarty->assign('study', $study); $smarty->assign('clothes', $clothes); $smarty->assign('digital', $digital); $smarty->assign('transportation', $transportation); $smarty->assign('entertainment', $entertainment); $smarty->assign('others', $others); $smarty->assign('activity', $activity); $smarty->assign('loginFlag', $loginFlag); $smarty->assign('sentNum', $sentNum); $smarty->assign('mesNum', $mesNum);
function checkAdmin($sql) { return fetchOne($sql); }
<?php require_once 'lib/mysql.func.php'; require_once 'lib/alertMes.php'; $isLink = connect(); if (!$isLink) { exit("数据库转接失败!"); } $id = $_REQUEST['id']; //接受传来的书单id $adminId = $_REQUEST['adminId']; //接收管理员用户ID $sql = "select booklistname from booklistname"; $booklistname = fetchOne($sql); //$sql = "select * from booklistname where listcode={$id}"; $sql = "select * from booklistname"; $totalRow = getResultRow($sql); if ($totalRow) { $sql = "select bookname,bookprice,discount,id from booklist where listcode={$id}"; $rows = fetchAll($sql); } else { $rows = array(); alertMes("没有书单信息!!请添加!!", "addBookList.php"); } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>星购书</title>
<div class="sidebar_box_bottom"></div> </div> </div> <div class="right_content"> <h2>院士简介</h2> <hr/> <br/> <?php $ids = $_GET['id']; $table = $_GET['table']; if ($ids != NULL && $table != NULL) { $sql = "SELECT * FROM " . "{$table}" . " WHERE id = " . $ids; $res = fetchOne($sql); ?> <form action="doAction.php?table=YS_about&act=mod&ids=<?php echo $ids; ?> " method="POST" enctype="multipart/form-data"> <p>标题:<input type="text" name="name" class="add_bar" value="<?php echo $res[title]; ?> "></p> <p>作者:<input type="text" name="author" class="add_bar" value="<?php echo $res[author]; ?> "></p> <p>内容:<br /><br /> <textarea id="editor_id" name="content" class="add_textarea" style="width:500px;height:500px;" ><?php
/** * 根据ID得到指定分类信息 * @param int $id * @return array */ function getCateById($id) { $sql = "select type_id,type from tigris_user_type where type_id={$id}"; return fetchOne($sql); }
<?php require_once '../include.php'; checkLogined(); $id = $_REQUEST['id']; $sql = "select * from tg_host_info where host_id='{$id}'"; $row = fetchOne($sql); ?> <!doctype html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <h3>Edit User</h3> <form action="doAdminAction.php?act=editHostInfo&id=<?php echo $id; ?> " method="post"> <table width="70%" border="1" cellpadding="5" cellspacing="0" bgcolor="#cccccc"> <tr> <td align="right">First Name</td> <td><input type="text" name="first_name" value="<?php echo $row['first_name']; ?> " /></td> </tr> <tr>
function checkUser($sql) { return fetchOne($sql); }
<p> </p> <hr /> <p> </p> <h2>内容查看 </h2> <table width="100%" border="1" style="text-align:center"> <tr> <th>标题</th><th>发布时间</th> </tr> <?php // --id-- content-- times -- $sql = "SELECT * FROM `contact`"; $result = fetchOne($sql); $times = $result['times']; if ($result != 0) { ?> <tr> <td><a href="../contact.php" target="_blank">联系我们</a></td> <td><?php echo $times; ?> </td> </tr> <?php } ?> </table>
/** * 根据id得到商品的详细信息 * @param int $id * @return array */ function getProById($id) { $sql = "select p.id,p.pName,p.pSn,p.pNum,p.mPrice,p.iPrice,p.pDesc,p.pubTime,p.isShow,p.isHot,c.cName,p.cId from imooc_pro as p join imooc_cate c on p.cId=c.id where p.id={$id}"; $row = fetchOne($sql); return $row; }
<?php require_once '../include.php'; if (!empty($_POST['longnum'])) { $usernum = $_POST['longnum']; $numberArray = array(); $phonebook_one = array(); $phonebook_all = array(); $jsonArray = array(); $sql_contacts = "SELECT * FROM contacts where longnum ='{$usernum}'"; $user_arr = fetchOne($sql_contacts); if ($user_arr != null) { $user_pb = $user_arr['phonebook_id']; $sql_phonebook = "SELECT * FROM phonebook where phonebook_id REGEXP '{$user_pb}'"; $phonebook_arr = fetchAll($sql_phonebook); foreach ($phonebook_arr as $key => $value) { $sql_contacts = "SELECT * FROM contacts where phonebook_id REGEXP '{$value['phonebook_id']}'"; $contacts_arr = fetchAll($sql_contacts); $contacts_print = array(); foreach ($contacts_arr as $key_contacts => $value_contacts) { $temp_arr = array(); $temp_arr['name'] = $value_contacts['name']; $temp_arr['longnum'] = $value_contacts['longnum']; $temp_arr['shortnum'] = $value_contacts['shortnum']; array_push($contacts_print, $temp_arr); } $phonebook_one['book_id'] = $value['phonebook_id']; $phonebook_one['book_version'] = $value['phonebook_version']; $phonebook_one['book_name'] = $value['name']; $phonebook_one['book_intr'] = $value['intr']; $phonebook_one['book_logo'] = $value['logo'];
function more($pageSize) { $sql = "select * from tuhao_pro where is_send=0 order by hot desc limit 12,100"; $numRows = getResultNum($sql); //总页码数 $totalPage = ceil($numRows / $pageSize); $page = isset($_GET['curPage']) ? (int) $_GET['curPage'] : 1; if ($page < 1 || $page == null || !is_numeric($page)) { $page = 1; } elseif ($page >= $totalPage) { $page = $totalPage; } //偏移量 $offset = ($page - 1) * $pageSize + 12; $sql1 = "select * from tuhao_pro where is_send=0 order by hot desc limit {$offset},{$pageSize}"; $rows = fetchAll($sql1); $goods = array(); foreach ($rows as $row) { $sql2 = "select album_path from tuhao_album where pid={$row['id']}"; $sql3 = "select id from tuhao_user where username='******'username']}'"; $src = fetchOne($sql2); $user_id = fetchOne($sql3); $sql4 = "select college from tuhao_info where user_id={$user_id['id']}"; $college = fetchOne($sql4); $row['src'] = "uploads/" . $src['album_path']; $row['reg_time'] = $row['reg_time']; $row['college'] = $college['college']; $goods[] = $row; } $arr = array('mes' => '获取帖子成功', 'code' => 1, 'curPage' => $page, 'maxPage' => $totalPage, 'data' => $goods); return json_encode($arr); }