/** * return var escaped to prevent database injection attacks. * * @param $par string string variable to clean */ public function clean($par) { // temporal // remove any & character //$par = str_replace( '&', '', $par ); //Stripslashes if (get_magic_quotes_gpc()) { $par = stripslashes($par); } //Quote $conex = Fishbones::getDB()->conex; $val = mysql_real_escape_string($par, $conex); return $val; }
///////////////////////////////////////////////////////////////////////////// Fishbones::getDB()->startTransaction(); ///////////////////////////////////////////////////////////////////////////// // db query $sql = "\r\n\tSELECT \r\n\t*\r\n\tFROM items_{$groupId}\r\n\tWHERE\r\n\titem_id = {$itemId}\r\n"; $result = Fishbones::getDB()->queryAsArray($sql); if ($result === false) { Fishbones::getDB()->rollback(); Fishbones::getPump()->outXmlErrorString("database error 80"); } // check if item has been deleted if (count($result) == 0) { Fishbones::getDB()->rollback(); Fishbones::getPump()->outXmlValue("del"); } $some_data = $result['0']['some_data']; Fishbones::getLog()->writeDebug('itemCreatorId: ' . $some_data); $new_data = strrev($some_data); /////////////////////////////////////////////////////////////////////////// // update $sql = "\r\n\tUPDATE items_{$groupId} SET\r\n\r\n\tsome_data = '\${$new_data}'\r\n\t\r\n\tWHERE vote_user_id = '{$userId}'\r\n\titem_id = '{$itemId}'\r\n"; $check = Fishbones::getDB()->query($sql); if ($check === false) { Fishbones::getDB()->rollback(); Fishbones::getPump()->outXmlErrorString("Error 92"); } /////////////////////////////////////////////////////////////////////////// Fishbones::getDB()->commit(); /////////////////////////////////////////////////////////////////////////// // output Fishbones::getPump()->outXmlValue('ok');
<?php // fishbones sample webservice: // // simple load data as xml. // The xml data can be used to feed a model in the client // point this to start.php $pathToStart = '../../start.php'; include $pathToStart; /////////////////////////////////////////////////////////////////////////// // read data and send as xml $sql = "\r\nSELECT some_data\r\nFROM some_table st\r\n"; // get query result as xml dom $xmlResul = Fishbones::getDB()->queryAsXmlDom($sql); // output Fishbones::getPump()->outXml($xmlResul);