sqlsafe PHP 코드 예제들

예제 #1

0

파일 보기

파일: project.php 프로젝트: CMP-Studio/EmuObjectMover

function createProject()
{
    $account = getAccount();
    $projdue = tryRetrieve($_POST, 'projDue');
    $projtime = strtotime($projdue);
    $duedate = sqlsafe(date("Y-m-d H:i:s", $projtime));
    $title = sqlSafe(tryRetrieve($_POST, 'projName'));
    //$notes = sqlSafe(tryRetrieve($_POST, 'projNotes'));
    $query = "INSERT INTO projects (account_id, duedate, title) VALUES ({$account}, {$duedate}, {$title})";
    if (writeQuery($query)) {
        $id = getInsertID();
        //Now give the project a hash
        $hash = sqlSafe(hash('adler32', $id));
        $query = "UPDATE projects SET hash={$hash} where id='{$id}'";
        if (writeQuery($query)) {
            $_SESSION['project'] = $id;
            return getProjectInfo();
        }
    }
    return null;
}

예제 #2

0

파일 보기

파일: x-activetimesheets.php 프로젝트: braddoro/braddoro

 $sql = "usp_Insert_NewService " . $_POST["ChooseClientID"] . ", " . $_POST["ChooseJobSiteID"] . ", " . $_POST["ChooseProposalID"] . ", ";
 if (isset($_POST["InvoiceDate"]) and isset($_POST["TimeIn"])) {
     $sql .= "'" . $_POST["InvoiceDate"] . " " . $_POST["TimeIn"] . "', ";
 }
 $sql .= $_POST["LaborTime"] . ", " . $_POST["TravelTime"] . ", ";
 if (isset($_POST["Contractual"])) {
     $sql .= "'Y', ";
 } else {
     $sql .= "'N', ";
 }
 if (isset($_POST["Complete"])) {
     $sql .= "'Y', ";
 } else {
     $sql .= "'N', ";
 }
 $sql .= "'" . sqlsafe($_POST["Description"]) . "'";
 $foo = $sql;
 $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
 $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
 $zax = "A";
 while (odbc_fetch_row($rs)) {
     $zax = "B";
     $ServiceID = odbc_result($rs, "ServiceID");
     $ServiceDetailID = odbc_result($rs, "ServiceDetailID");
 }
 /*
 while($row=odbc_fetch_array($rs)){
 	$zax="B";
 	$ServiceID = $row["ServiceID"];
 	$ServiceDetailID = $row["ServiceDetailID"];
 }

예제 #3

0

파일 보기

파일: datetypes.php 프로젝트: braddoro/braddoro

$FieldString = "DateType";
$ViewString = "Date Type";
$ini_array = parse_ini_file("incl/edl.ini");
include "header.php";
header("Cache: private");
$CurrentID = 0;
if (isset($_POST[$SelectedID])) {
    $CurrentID = $_POST[$SelectedID];
}
if (isset($_POST["Submit"])) {
    if (isset($_POST["Active"])) {
        $Active = "Y";
    } else {
        $Active = "N";
    }
    $sql = $UpdateSP . " '" . sqlsafe($_POST["TheString"]) . "', '" . $Active . "'";
    $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
    $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql);
    while ($row = odbc_fetch_array($rs)) {
        $CurrentID = $row["NewID"];
    }
    odbc_free_result($rs);
    odbc_close($conn);
}
echo $HEAD;
echo "<div class='main' id='main'>";
echo "<span class='title2'>" . $ViewString . "</span><br><br>";
echo "<form action='" . $PageName . "' method='post' name='List' id='List'>";
$sql = $ListSP;
$conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
$rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql);

예제 #4

0

파일 보기

파일: proposaldetail.php 프로젝트: braddoro/braddoro

    while ($row = odbc_fetch_array($rs)) {
        $ProposalID = $row['NewID'];
        $JobSiteID = $row['JobSiteID'];
    }
    odbc_close($conn);
}
if (isset($_REQUEST["PID"])) {
    $ProposalID = $_REQUEST["PID"];
}
if (isset($_POST["ProposalID"])) {
    $ProposalID = $_POST["ProposalID"];
}
if (isset($_POST['Submit'])) {
    if ($_POST['Submit'] == "Save") {
        $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
        $sql = "usp_Insert_ProposalInformation " . $_POST["ProposalID"] . ", " . $_POST["JobSiteID"] . ", " . $_POST["PlantMarkup"] . ", " . $_POST["LaborCostPerHour"] . ", '" . sqlsafe($_POST["ProposalName"]) . "', '" . $_POST["DueDate"] . "', '" . $_POST["ShowDetail"] . "'";
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
        odbc_close($conn);
    }
    if ($_POST['Submit'] == "Add") {
        $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
        $sql = "usp_Insert_ProposalDetail " . $_POST["ProposalID"] . ", " . $_POST["WorkItemID"] . ", " . $_POST["Units"] . ", " . $_POST["Cost"] . ", '" . SQLSafe($_POST["Detail"]) . "'";
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
        odbc_close($conn);
    }
    //if ($_POST['Submit'] == "Note") {
    //	$conn=odbc_connect($ini_array["DSN"],$ini_array["UN"],$ini_array["PWD"]);
    //	$sql = "usp_Insert_ProposalText ".$_POST["ProposalID"].", '".SQLSafe($_POST["Description"])."'";
    //	$rs=odbc_exec($conn,$sql) or die_well(__FILE__, __LINE__,odbc_errormsg());
    //	odbc_close($conn);
    //}

예제 #5

0

파일 보기

파일: clients.php 프로젝트: braddoro/braddoro

    if ($_POST["Submit"] == "Edit") {
        $ClientID = $_POST["ClientID"];
        $sql = "usp_Update_Client " . $_POST["ClientID"] . ", " . $_POST["SexID"] . ", '" . $_POST["CompanyName"] . "', '" . $_POST["FirstName"] . "', '" . $_POST["MiddleName"] . "', '" . $_POST["LastName"] . "', '" . $_POST["Title"] . "', '" . $_POST["Active"] . "'";
        $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
        odbc_close($conn);
    }
    if ($_POST["Submit"] == "Add Address") {
        $sql = "usp_Insert_ClientAddresses " . $_POST["ClientID"] . ", " . $_POST["AddressTypeID"] . ", " . $_POST["StreetTypeID"] . ", " . $_POST["UnitTypeID"] . ", '" . sqlsafe($_POST["House"]) . "', '" . $_POST["Direction"] . "', '" . sqlsafe($_POST["Street"]) . "', '" . sqlsafe($_POST["Unit"]) . "', '" . sqlsafe($_POST["City"]) . "', '" . $_POST["State"] . "', '" . sqlsafe($_POST["Zip"]) . "'";
        $foo = $sql;
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
        odbc_close($conn);
    }
    if ($_POST["Submit"] == "Add Number") {
        if ($_POST["NumberTypeID"] > 0 and strlen($_POST["Number"]) > 0) {
            $sql = "usp_Insert_ClientNumber " . $ClientID . ", " . $_POST["NumberTypeID"] . ", '" . sqlsafe($_POST["Number"]) . "'";
            $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
            $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
            odbc_close($conn);
        }
    }
}
?>
<div class='main' id='main'>
<span class='title2'>Clients</span>
<?php 
/*
echo "<br>";
echo print_r($_POST);
echo "<br>";
echo print_r($_REQUEST);

예제 #6

0

파일 보기

파일: jobdescriptions.php 프로젝트: braddoro/braddoro

        $DisplayOrder = 0;
    }
    if (isset($_POST["JobDescription"])) {
        $JobDescription = sqlsafe($_POST["JobDescription"]);
    } else {
        $JobDescription = "";
    }
    if ($_POST["Submit"] == "Edit") {
        $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
        $sql = "usp_Update_JobDescription " . $_POST["DescriptionList"] . ", " . $DisplayOrder . ", '" . $_POST["JobTitle"] . "', '" . $JobDescription . "', '" . $FieldWork . "', '" . $Active . "'";
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql);
        odbc_free_result($rs);
    }
    if ($_POST["Submit"] == "Add") {
        $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
        $sql = "usp_Insert_JobDescription " . $DisplayOrder . ", '" . sqlsafe($_POST["JobTitle"]) . "', '" . $JobDescription . "', '" . $FieldWork . "', '" . $Active . "'";
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql);
        while ($row = odbc_fetch_array($rs)) {
            $JobDescriptionID = $row["NewID"];
        }
        odbc_free_result($rs);
    }
}
if (isset($_POST["DescriptionList"])) {
    $JobDescriptionID = $_POST["DescriptionList"];
}
?>
<div class='main' id='main'>
<span class='title2'>Job Descriptions</span><br><br>
<?php 
echo "<form action='JobDescriptions.php' method='post' name='ListChoice' id='ListChoice'>";

예제 #7

0

파일 보기

파일: jobsites.php 프로젝트: braddoro/braddoro

        $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
        odbc_close($conn);
    }
    if ($_POST["Submit"] == "Add Number") {
        if ($_POST["NumberTypeID"] > 0 and strlen($_POST["Number"]) > 0) {
            $sql = "usp_Insert_JobsiteNumber " . $JobSiteID . ", " . $_POST["NumberTypeID"] . ", '" . sqlsafe($_POST["Number"]) . "'";
            $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
            $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
            odbc_close($conn);
        }
    }
    if ($_POST["Submit"] == "Add Note") {
        if (strlen($_POST["Note"]) > 0) {
            //debug add the employee number here.
            $sql = "usp_Insert_JobsiteNote " . $JobSiteID . ", 0, '" . sqlsafe($_POST["Note"]) . "'";
            $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
            $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
            odbc_close($conn);
        }
    }
}
?>
<div class='main' id='main'>
<span class='title2'>Job Sites</span><br><br>
<?php 
//if (isset($foo)) {echo "|".$foo."|<br>";}
//echo print_r($_POST);
echo "<form action='jobsites.php' method='post' name='List' id='List'>";
$sql = "usp_Select_ClientList_All";
$conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);

예제 #8

0

파일 보기

파일: employees.php 프로젝트: braddoro/braddoro

        $sql = "usp_Insert_EmployeeAddresses " . $EmployeeID . ", " . $_POST["AddressTypeID"] . ", " . $_POST["StreetTypeID"] . ", " . $_POST["UnitTypeID"] . ", '" . sqlsafe($_POST["House"]) . "', '" . $_POST["Direction"] . "', '" . sqlsafe($_POST["Street"]) . "', '" . sqlsafe($_POST["Unit"]) . "', '" . sqlsafe($_POST["City"]) . "', '" . $_POST["State"] . "', '" . sqlsafe($_POST["Zip"]) . "'";
        $foo = $sql;
        $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
        odbc_close($conn);
    }
    if ($_POST["Submit"] == "Add Number") {
        if ($_POST["NumberTypeID"] > 0 and strlen($_POST["Number"]) > 0) {
            $sql = "usp_Insert_EmployeeNumber " . $EmployeeID . ", " . $_POST["NumberTypeID"] . ", '" . sqlsafe($_POST["Number"]) . "'";
            $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
            $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
            odbc_close($conn);
        }
    }
    if ($_POST["Submit"] == "Add Date") {
        if ($_POST["DateTypeID"] > 0) {
            $sql = "usp_Insert_EmployeeDate " . $EmployeeID . ", " . $_POST["DateTypeID"] . ", '" . sqlsafe($_POST["Date"]) . "'";
            $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
            $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());
            odbc_close($conn);
        }
    }
}
echo $HEAD;
?>
<div class='main' id='main'>
<span class='title2'>Employees</span><br><br>
<?php 
//echo print_r($_POST);
echo "<form action='employees.php' method='post' name='ListChoice' id='ListChoice'>";
$sql = "usp_select_EmployeeList_all";
$rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());

PHP sqlsafe 예제들