PHP fur\bright\utils BrightUtils::escapeSingle 예제들

예제 #1

파일: Calendar.php 프로젝트: rsids/bright_api

 /**
  * Gets an event by it's label
  * @param $label
  * @throws \Exception
  * @internal param \label $string The label of the event
  * @return event The event
  */
 public function getEventByLabel($label)
 {
     if (!is_string($label)) {
         throw $this->throwException(ParameterException::STRING_EXCEPTION);
     }
     $label = BrightUtils::escapeSingle($label);
     $sql = "SELECT cn.*, cd.allday, cd.dateId, ce.eventId, cd.noend,\n\t\t\t\tUNIX_TIMESTAMP(cd.starttime) as `starttime`,\n\t\t\t\tUNIX_TIMESTAMP(cd.endtime) as `endtime`,\n\t\t\t\tUNIX_TIMESTAMP(cn.until) as `until`,\n\t\t\t\tUNIX_TIMESTAMP(ce.starttime) as `rawstarttime`,\n\t\t\t\tUNIX_TIMESTAMP(ce.endtime) as `rawendtime`,\n\t\t\t\tce.allday as `rawallday`,\n\t\t\t\tce.noend as `rawnoend`,\n\t\t\t\tUNIX_TIMESTAMP(cn.creationdate) as `creationdate`,\n\t\t\t\tUNIX_TIMESTAMP(cn.modificationdate) as `modificationdate`,\n\t\t\t\tit.lifetime as `lifetime`,\n\t\t\t\tit.label as `itemLabel`,\n\t\t\t\tcd.allday\n\t\t\t\tFROM `calendarnew` cn\n\t\t\t\tINNER JOIN itemtypes it ON cn.itemType = it.itemId\n\t\t\t\tLEFT JOIN `calendardates` cd ON cn.calendarId = cd.calendarId\n\t\t\t\tLEFT JOIN `calendareventsnew` ce ON cn.calendarId = ce.calendarId\n\t\t\t\tWHERE cn.label='{$label}'";
     return $this->_getEvent($sql);
 }

예제 #2

파일: Content.php 프로젝트: rsids/bright_api

 /**
  * Inserts content into the database
  * @param OPage $page
  * @param string $table
  * @return int
  * @throws ParameterException
  */
 protected function setContent($page, $table = 'content')
 {
     $pid = 'pageId';
     switch ($table) {
         case 'content':
             $pid = 'pageId';
             break;
         case 'userfields':
             $pid = 'userId';
             break;
         case 'calendarcontent':
             $pid = 'calendarId';
             break;
     }
     $id = (int) $page->{$pid};
     $table = Connection::getInstance()->escape_string($table);
     $b = new Backup();
     $b->setBackup($page, $table);
     if (!isset($page->content) || $page->content == null) {
         throw new ParameterException(ParameterException::OBJECT_EXCEPTION);
     }
     $sql = "UPDATE `{$table}` SET `deleted`=1 WHERE `{$pid}`={$id}";
     $this->conn->updateRow($sql);
     $it = new Template();
     $def = $it->getTemplateDefinition($page->itemType, true);
     $def->title = new \stdClass();
     $def->title->contenttype = 'string';
     $def->title->searchable = 1;
     $sql = "INSERT INTO `{$table}` (`{$pid}`, `lang`, `field`, `value`,`index`,`searchable`) VALUES ";
     $sqla = array();
     foreach ($page->content as $field => $langs) {
         $searchable = 0;
         if ($field == 'title') {
             $searchable = 1;
             if ($table == 'content' && $this->_titleChanged($langs, $page->{$pid})) {
                 $cache = new Cache();
                 $cache->flushCache();
             }
         } else {
             $searchable = isset($def->{$field}) && $def->{$field}->searchable ? 1 : 0;
         }
         foreach ($langs as $lang => $val) {
             // 20130725 Fix for unknown fields
             $contenttype = isset($def->{$field}) && isset($def->{$field}->contenttype) ? $def->{$field}->contenttype : 'string';
             switch ($contenttype) {
                 case 'array':
                     $index = 0;
                     if (!is_array($val)) {
                         $val = array($val);
                     }
                     foreach ($val as $listval) {
                         $lang = BrightUtils::escapeSingle($lang);
                         $field = BrightUtils::escapeSingle($field);
                         if (!is_string($listval)) {
                             //throw $this -> throwException(Exceptions::INCORRECT_PARAM_STRING, '$listval: ' . print_r($listval, true));
                             $listval = json_encode($listval);
                         }
                         $listval = BrightUtils::escapeHtml($listval);
                         $sqlid = $page->{$pid};
                         $sqla[] = "({$sqlid},\n\t\t\t\t\t\t\t\t\t\t'{$lang}',\n\t\t\t\t\t\t\t\t\t\t'{$field}',\n\t\t\t\t\t\t\t\t\t\t'{$listval}', {$index}, {$searchable}) ";
                         $index++;
                     }
                     break;
                 default:
                     $lang = BrightUtils::escapeSingle($lang);
                     $field = BrightUtils::escapeSingle($field);
                     if ($val !== null && $val !== false && !is_scalar($val)) {
                         $val = json_encode($val);
                         if ($val == '{}') {
                             $val = '';
                         }
                         //throw $this -> throwException(Exceptions::INCORRECT_PARAM_STRING, 'val: ' . print_r($val, true));
                     }
                     $val = BrightUtils::escapeHtml($val);
                     if ($val != '') {
                         $sqlid = $page->{$pid};
                         $sqla[] = "({$sqlid},\n\t\t\t\t\t\t\t\t\t\t'{$lang}',\n\t\t\t\t\t\t\t\t\t\t'{$field}',\n\t\t\t\t\t\t\t\t\t\t'{$val}', 0, {$searchable}) ";
                     }
             }
         }
     }
     if (count($sqla) > 0) {
         $sql .= implode(", \r\n", $sqla);
         $sql .= " ON DUPLICATE KEY UPDATE `value`=VALUES(`value`), `deleted`=0";
         $result = $this->conn->insertRow($sql);
     } else {
         // Delete old content? uncomment line
         // $result = 1;
     }
     if ($result !== false && $result > 0) {
         // All is well, clean up old data
         $sql = "DELETE FROM `{$table}` WHERE `deleted`= 1 AND  `{$pid}`={$id}";
         $this->conn->deleteRow($sql);
     }
     return $result;
 }