public function index() { if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); $keyword = $this->db->escape($_POST['keyword']); $meta_keyword = $this->db->escape($_POST['meta_keyword']); $meta_description = $this->db->escape($_POST['meta_description']); $tags = $this->db->escape($_POST['tags']); $language_id = $this->db->escape($_POST['lang']); if (strpos('x' . $id, 'Product') != false) { $id = str_replace('Product', '', $id); $id = (int) $id; $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'product_id={$id}';"); if ($keyword != '') { $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('product_id={$id}','{$keyword}');"); } $query = $this->db->query("update " . DB_PREFIX . "product_description set meta_keyword = '{$meta_keyword}' where product_id = {$id} and language_id = {$language_id};"); $query = $this->db->query("update " . DB_PREFIX . "product_description set meta_description = '{$meta_description}' where product_id = {$id} and language_id = {$language_id};"); $query = $this->db->query("update " . DB_PREFIX . "product_description set tag = '{$tags}' where product_id = {$id} and language_id = {$language_id};"); } if (strpos('x' . $id, 'Category') != false) { $id = str_replace('Category', '', $id); $id = (int) $id; $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'category_id={$id}';"); if ($keyword != '') { $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('category_id={$id}','{$keyword}');"); } $query = $this->db->query("update " . DB_PREFIX . "category_description set meta_keyword = '{$meta_keyword}' where category_id = {$id} and language_id = {$language_id};"); $query = $this->db->query("update " . DB_PREFIX . "category_description set meta_description = '{$meta_description}' where category_id = {$id} and language_id = {$language_id};"); } if (strpos('x' . $id, 'Information') != false) { $id = str_replace('Information', '', $id); $id = (int) $id; $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'information_id={$id}';"); if ($keyword != '') { $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('information_id={$id}','{$keyword}');"); } } if (strpos('x' . $id, 'Manufacturer') != false) { $id = str_replace('Manufacturer', '', $id); $id = (int) $id; $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'manufacturer_id={$id}';"); if ($keyword != '') { $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('manufacturer_id={$id}','{$keyword}');"); } } } }
<?php include "config.php"; $ip = 'none'; if (isset($_GET['ip'])) { $ip = $_GET['ip']; } elseif (isset($_SERVER['REMOTE_ADDR']) and $_SERVER['REMOTE_ADDR'] != '') { $ip = $_SERVER['REMOTE_ADDR']; } if ($_POST['id'] or $_GET['id']) { if (isset($_POST['id'])) { $id = $_POST['id']; } elseif (isset($_GET['id'])) { $id = $_GET['id']; } $id = mysql_escape_String($id); $ip_sql = mysql_query("select ip_add from al_editors_voting_ip where mes_id_fk='{$id}' and ip_add='{$ip}'"); $count = mysql_num_rows($ip_sql); if ($count == 0) { $sql = "update al_editors_votes set up=up+1 where image_id='{$id}'"; mysql_query($sql); $sql_in = "insert into al_editors_voting_ip (mes_id_fk,ip_add) values ('{$id}','{$ip}')"; mysql_query($sql_in); } $result = mysql_query("select up from al_editors_votes where image_id='{$id}'"); $row = mysql_fetch_array($result); $up_value = $row['up']; //fw("\n\r up_value=".$up_value); if ($up_value == $limit_plus) { // approve it to the main collection $sql = "update wp_product_list set approved=1 where id='{$id}'";
if ($choix == '5') { if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); $sql = "delete from transformation where Nt='{$id}'"; mysql_query($sql); } } //****update line after modifs****************************************************** if ($choix == '6') { if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); $name = mysql_escape_String($_POST['name']); $category = mysql_escape_String($_POST['category']); $price = mysql_escape_String($_POST['price']); $discount = mysql_escape_String($_POST['discount']); $add = mysql_escape_String($_POST['add']); $sql = "update transformation set ts='{$name}',td='{$category}',Nom_op='{$price}',Nom_par='{$discount}',Add_par='{$add}' where Nt='{$id}'"; mysql_query($sql); } } //*************load grid********************************************* if ($choix == '7') { if ($_POST['page']) { $page = $_POST['page']; $cur_page = $page; $page -= 1; $per_page = 1000; // Per page $previous_btn = true; $next_btn = true; $first_btn = true;
$_SITEURL = get_option('siteurl'); $Current_ID = $current_user->id; // get comment $comment = ''; if (isset($_POST['comment'])) { $comment = mysql_escape_String($_POST['comment']); } if ($comment != '') { if (isset($_POST['cartoon_id'])) { $cartoon_id = mysql_escape_String($_POST['cartoon_id']); } if (isset($_POST['author_id'])) { $author_id = mysql_escape_String($_POST['author_id']); } if (isset($_POST['comment_author'])) { $cartoon_id = mysql_escape_String($_POST['comment_author']); } // save comment: $sql_insert = "insert into wp_comments (comment_post_ID, comment_content, comment_date, comment_author) values('{$cartoon_id}', '{$comment}', '" . date("Y-m-d H:i:s") . "','{$author_id}')"; $result = mysql_query($sql_insert); //read comments: $result = mysql_query("select C.comment_id, C.comment_content, C.comment_date, U.display_name as author from wp_comments as C, wp_users as U where U.id = C.comment_author order by C.comment_date DESC LIMIT 50"); $result = mysql_query("select C.comment_id, C.comment_content, C.comment_date, U.display_name as author from wp_comments as C, wp_users as U where U.id = C.comment_author order by C.comment_date DESC LIMIT 50"); $comments_output = ""; while ($r = mysql_fetch_array($result)) { $_date = $r['comment_date']; $_comment = nl2br(stripslashes($r['comment_content'])); $_author = $r['author']; $_id = $r['comment_id']; $comments_output .= "<div style='margin-top:4px;'><span class='gr' title='" . $_date . "'>" . $_author . ": </span><span class='c_body'>" . $_comment . "</span> [<a title='стереть комментарий' href='#' onclick='deletecomment(" . $_id . ");'>x</a>]</div>"; }
<?php include "db.php"; if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); $titulo = mysql_escape_String($_POST['titulo']); $link = mysql_escape_String($_POST['link']); $comment = mysql_escape_String($_POST['comment']); $sql = "update enlaces set titulo='{$titulo}',link='{$link}',comment='{$comment}' where id='{$id}'"; mysql_query($sql); }
function database_touch($sql_obj, $table, $columns, $row_id, $id_col = false) { $now = time(); $table = str_replace('`', '', $table); if (!is_array($columns)) { $columns = array($columns); } foreach ($columns as $index => $value) { $columns[$index] = '`' . mysql_escape_String($value) . '`=' . $now; } $id_col = empty($id_col) ? '`' . mysql_real_escape_string($table, $sql_obj->resource()) . '_id`' : '`' . mysql_real_escape_string($id_col, $sql_obj->resource()) . '`'; // Make sure table name is `table` $table = '`' . mysql_real_escape_string($table, $sql_obj->resource()) . '`'; $sql_obj->query('UPDATE ' . $table . ' SET ' . implode(',', $columns) . ' WHERE ' . $id_col . '=' . (int) $row_id, ERROR_DATABASE_UPDATE); }
<?php include "connect_database.php"; if ($_POST['id']) { $id = mysql_escape_String($_POST['user_id']); $firstname = mysql_escape_String($_POST['firstname']); $lastname = mysql_escape_String($_POST['lastname']); $sql = "update user_details set fname='{$firstname}',lname='{$lastname}' where user_id='{$id}'"; mysql_query($sql); }
function post_to_lj($id) { $id = mysql_escape_String($id); // get text for posting /* $result=mysql_query("select l.name, l.description, l.additional_description, l.image, b.name as artist from wp_product_list as l, wp_product_brands as b where l.id='$id' and l.brand = b.id"); $row=mysql_fetch_array($result); $_artist=$row['artist']; $_title=$row['name']; $_description=$row['description']; $_additional_description=$row['additional_description']; $_image=$row['image']; $subj = $_title; $text = $_artist.': «'.$_title.'» '.' http://cartoonbank.ru/?page_id=29&cartoonid='.$id.' '.$_description."<br />Тэги: ".$_additional_description; */ /* ваш ник в ЖЖ */ $name = "cartunbank"; /* ваш пароль в ЖЖ */ $password = "******"; /* текст который вы хотите опубликовать */ $text = "test"; /* заголовок для текста */ $subj = "test"; /* комьюнити */ $usejournal = "cartunbank"; /* включаем библиотеку XML-RPC */ include "lib/xmlrpc.inc"; /* (!!!) Все данные в ЖЖ хранятся в кодировке Unicode, используем и в нашем случае такую же кодировку */ $xmlrpc_internalencoding = 'UTF-8'; /* Получаем текущее время */ $date = time(); $year = date("Y", $date); $mon = date("m", $date); $day = date("d", $date); $hour = date("G", $date); $min = date("i", $date); /* (!!!) Конвертируем текст из одной кодировки в UTF-8 в данном случае файл хранится в кодировке CP1251 */ $text = iconv("CP1251", "UTF-8", html_entity_decode($text)); $subj = iconv("CP1251", "UTF-8", html_entity_decode($subj)); /* заполняем массив с необходимыми переменными */ $post = array("username" => new xmlrpcval($name, "string"), "usejournal" => new xmlrpcval($usejournal, "string"), "password" => new xmlrpcval($password, "string"), "event" => new xmlrpcval($text, "string"), "subject" => new xmlrpcval($subj, "string"), "lineendings" => new xmlrpcval("unix", "string"), "year" => new xmlrpcval($year, "int"), "mon" => new xmlrpcval($mon, "int"), "day" => new xmlrpcval($day, "int"), "hour" => new xmlrpcval($hour, "int"), "min" => new xmlrpcval($min, "int"), "ver" => new xmlrpcval(2, "int")); /* на основе массива создаем структуру */ $post2 = array(new xmlrpcval($post, "struct")); /* создаем XML сообщение для сервера */ $f = new xmlrpcmsg('LJ.XMLRPC.postevent', $post2); /* описываем сервер */ $c = new xmlrpc_client("/interface/xmlrpc", "www.livejournal.com", 80); $c->request_charset_encoding = "UTF-8"; /* по желанию смотрим на XML-код того что отправится на сервер */ echo nl2br(htmlentities($f->serialize())); /* отправляем XML сообщение на сервер */ $r = $c->send($f); /* анализируем результат */ if (!$r->faultCode()) { /* сообщение принято успешно и вернулся XML-результат */ $v = php_xmlrpc_decode($r->value()); print_r($v); } else { /* сервер вернул ошибку */ print "An error occurred: "; print "Code: " . htmlspecialchars($r->faultCode()); print "Reason: '" . htmlspecialchars($r->faultString()) . "'\n"; } }
<?php include "db.php"; if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); $qty_sold = mysql_escape_String($_POST['qty_sold']); $price = mysql_escape_String($_POST['price']); $da = date("Y-m-d"); $sql = mysql_query("select * from inventory where id='{$id}'"); while ($row = mysql_fetch_array($sql)) { $qtyleft = $row['qtyleft']; $price = $row['price']; } $ssss = $qtyleft - $qty_sold; $sale = $qty_sold * $price; $sales_sql = mysql_query("select * from sales where date='{$da}' and product_id='{$id}'"); $count = mysql_num_rows($sales_sql); if ($count == 0) { mysql_query("INSERT INTO sales (product_id, qty, date, sales) VALUES ('{$id}','{$qty_sold}','{$da}','{$sale}')"); } if ($count != 0) { mysql_query("UPDATE sales set qty=qty+'{$qty_sold}',sales='{$sale}' where date='{$da}' and product_id='{$id}'"); } $sql = "update inventory set qtyleft='{$ssss}',price='{$price}',sales=sales+'{$sale}',qty_sold=qty_sold+'{$qty_sold}' where id='{$id}'"; mysql_query($sql); } ?>
$courseKey = $course['cid'] . $course['faculty_acronym'] . $course['course_number']; //ugly, but c'est la vie $courses[$courseKey] = $course; } } // We need to forcefully destruct this object to avoid memory growing forever. $html->__destruct(); unset($html); } $courseKey = ""; // Prune dead courses. $results = $db->query('SELECT * FROM courses;'); while ($row = mysql_fetch_assoc($results)) { $courseKey = $row['cid'] . $row['faculty_acronym'] . $row['course_number']; if (!isset($courses[$courseKey])) { $db->query('DELETE FROM courses WHERE cid = "' . mysql_escape_string($row['cid']) . ' AND faculty_acronym = \'' . mysql_escape_String($row['faculty_acronym']) . ' AND course_number = \'' . mysql_escape_string($row['course_number']) . '";'); } } // And update existing ones/insert new ones. foreach ($courses as $cid => $course) { //echo $course['faculty_acronym'] . ": " . $course['course_number'] . "\n"; if (isset($course['extra_fields'])) { print_r($course['extra_fields']); unset($course['extra_fields']); } $escaped_values = array(); foreach (array_values($course) as $value) { $escaped_values[] = '"' . mysql_escape_string($value) . '"'; } $update_query_arr = array(); foreach ($course as $key => $value) {
<?php /**include("db.php");*/ require_once '../../includes/mysql.php'; $db = new MySQL(); if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); $titulo = mysql_escape_String($_POST['titulo']); $revision_num = mysql_escape_String($_POST['revision_num']); $modificacion = mysql_escape_String($_POST['modificacion']); $capapart = mysql_escape_String($_POST['capapart']); $fechamodificacion = mysql_escape_String($_POST['fechamodificacion']); $sql = "update modifdoc set titulo='{$titulo}', revision_num='{$revision_num}', modificacion='{$modificacion}', capapart='{$capapart}', fechamodificacion='{$fechamodificacion}' where id='{$id}'"; mysql_query($sql); mysql_query("SET NAMES 'utf8'"); }
<?php include "dbcon.php"; if (isset($_POST['profile_id'])) { $id = $_POST['profile_id']; $sql_in = mysql_query("SELECT profile_name FROM profile where profile_id='{$id}'"); $r = mysql_fetch_array($sql_in); $profile_delete_name = $r['profile_name']; $time1 = time(); $sql1 = "INSERT INTO latest_delete\t(profile_delete_id,profile_delete_name,profile_delete_date) VALUES ('{$id}','{$profile_delete_name}','{$time1}')"; mysql_query($sql1); $profile_id = mysql_escape_String($_POST['profile_id']); echo $sql_img = mysql_query("select * from profile where profile_id='" . $profile_id . "'"); while ($row_img = mysql_fetch_array($sql_img)) { $img = $row_img['profile_logo']; $img2 = $row_img['profile_screenshots']; //echo $img; $files = glob('../img/uploads/' . $img . ''); foreach ($files as $file) { unlink($file); } $files2 = glob('../img/uploads/' . $img2 . ''); foreach ($files2 as $file2) { unlink($file2); } } $sql = "delete from profile where profile_id='{$profile_id}'"; mysql_query($sql); $sql_pp = "delete from profile_people where profile_id='{$profile_id}'"; mysql_query($sql_pp); $sql_pcc = "delete from profile_competitors where profile_id='{$profile_id}'";
<?php session_start(); include "includes/db.php"; $uid = $_SESSION["id"]; if ($_POST['user_id']) { $user_id = $_POST['user_id']; $user_id = mysql_escape_String($user_id); $sql_in = mysql_query("DELETE from follow_user Where uid_fk='{$uid}' and following_uid='{$user_id}'"); }
<?php require_once "../../../wp-config.php"; include "config.php"; if (isset($_REQUEST['ip'])) { $ip = $_REQUEST['ip']; } else { $ip = $_SERVER['REMOTE_ADDR']; } if ($_REQUEST['id'] and isset($_REQUEST['vote'])) { $id = $_REQUEST['id']; $vote = $_REQUEST['vote']; $id = mysql_escape_String($id); $vote = mysql_escape_String($vote); // проверить не голосовал ли ещё $ip_sql = mysql_query("select ip_add from al_editors_voting_ip where mes_id_fk='{$id}' and ip_add='{$ip}'"); $count = mysql_num_rows($ip_sql); if ($count == 0) { // добавить новый голос в рейтинг $temp_rand = rand(); $sql = "INSERT ignore INTO `wp_fsr_user` (`user`, `post`, `points`, `ip`) VALUES ({$temp_rand}, {$id}, {$vote}, '{$ip}');"; $result = mysql_query($sql) or die(mysql_error()); // посчитать количество голосов и средний балл $sql = "select count(post) as votescount, sum(points) as avgpoints from `wp_fsr_user` where post='{$id}'"; $result = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result); $votescount = $row['votescount']; $avgpoints = $row['avgpoints']; // обновить средний балл и количество голосов $sql = "INSERT IGNORE INTO `wp_fsr_post` (`id`, `votes` ,`points`) VALUES ({$id}, {$votescount}, {$avgpoints})"; mysql_query($sql);
<?php /*connect to database */ $user_name = "root"; $pass_word = "csc309"; $database = "startit"; $server = "104.236.231.174:3306"; $db_handle = mysql_connect($server, $user_name, $pass_word); $db_found = mysql_select_db($database, $db_handle); if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); // Vote update mysql_query("update projects set dislikes=dislikes+1 where pID='{$id}'"); }
<?php /**include("db.php");*/ require_once '../../includes/mysql.php'; $db = new MySQL(); if ($_POST['id']) { $id = mysql_escape_String($_POST['id']); $titulo = mysql_escape_String($_POST['titulo']); $link = mysql_escape_String($_POST['link']); $comment = mysql_escape_String($_POST['comment']); $clave1 = mysql_escape_String($_POST['clave1']); $sql = "update enlaces set titulo='{$titulo}',link='{$link}',comment='{$comment}',clave1='{$clave1}' where id='{$id}'"; mysql_query($sql); mysql_query("SET NAMES 'utf8'"); }
<?php include "dbcon.php"; if (isset($_POST['id'])) { $id = $_POST['id']; $sql_in = mysql_query("SELECT profile_person_name FROM profile_person where profile_person_id='{$id}'"); $r = mysql_fetch_array($sql_in); $profile_person_delete_name = $r['profile_person_name']; $time1 = time(); $sql1 = "INSERT INTO latest_delete_person\t(profile_person_delete_id,profile_person_delete_name,profile_person_delete_date) VALUES ('{$id}','{$profile_person_delete_name}','{$time1}')"; mysql_query($sql1); $profile_person_id = mysql_escape_String($_POST['id']); $sql_img = mysql_query("select * from profile_person where profile_person_id='{$profile_person_id}'"); while ($row_img = mysql_fetch_array($sql_img)) { $img = $row_img['profile_person_image']; //echo $img; $files = glob('../img/uploads/' . $img . ''); foreach ($files as $file) { unlink($file); } } $sql = "delete from profile_person where profile_person_id='{$profile_person_id}'"; mysql_query($sql); $sql_pc = "delete from profile_person_companies where profile_person_id='{$profile_person_id}'"; mysql_query($sql_pc); $sql_pfo = "delete from profile_person_fo where profile_person_id='{$profile_person_id}'"; mysql_query($sql_pfo); }
</style> <?php require 'core/init.php'; $user = $users->teamdata($_SESSION['id']); $admin_id = $_SESSION['id']; if ($_SESSION['id'] == 0) { header('Location: hpage.php'); } $username = $user['Team']; if (isset($_POST['buttonsave'])) { $membername = mysql_escape_String($_POST['member_name']); $dept = mysql_escape_String($_POST['department']); $age = mysql_escape_String($_POST['age']); $rollno = mysql_escape_String($_POST['rollno']); $postion = mysql_escape_String($_POST['position']); $aboutme = mysql_escape_string($_POST['aboutme']); $data = $users->addmember($admin_id, $membername, $age, $rollno, $dept, $postion, $aboutme); exit; } if (isset($_POST['editvalue'])) { $ide1 = $_POST['id']; $data = $users->memberedit($admin_id, $ide1); header("Content-type: text/x-json"); echo json_encode($data); exit; } //code update if (isset($_POST['Update'])) { $name = $_POST['upname']; $rollno = $_POST['uprollno'];