function escape_str($str, $id_connect = false)
{
if (is_array($str)) {
foreach ($str as $key => $val) {
$str[$key] = escape_str($val);
}
return $str;
}
if (is_numeric($str)) {
return $str;
}
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
if (function_exists('mysql_real_escape_string') and is_resource($id_connect)) {
return "'" . mysql_real_escape_string($str, $id_connect) . "'";
} elseif (function_exists('mysql_escape_string')) {
return "'" . mysql_escape_string($str) . "'";
} else {
return "'" . addslashes($str) . "'";
}
}
function Ebak_ReSqlFtext($str,$bakdatatype,$i,$tbstrf){
if($bakdatatype==1&&!empty($str)&&strstr($tbstrf,','.$i.','))
{
$restr='0x'.bin2hex($str);
}
else
{
$restr='\''.escape_str($str).'\'';
}
return $restr;
}
} else {
$table_sql .= ";\r\n";
}
}
$result = $db->query("SELECT * FROM " . $table);
$field_num = $db->num_fields($result);
$row_count = $db->getfirst("SELECT COUNT(*) FROM " . $table);
$j = 0;
while ($row = $db->fetch_array($result, MYSQL_NUM)) {
if ($j < $pos) {
$j++;
continue;
}
$table_sql .= "INSERT INTO `" . $table . "` VALUES (";
for ($m = 0; $m < $field_num; $m++) {
$table_sql .= "'" . escape_str($row[$m]) . "',";
}
$table_sql = substr($table_sql, 0, -1) . ");\r\n";
if (strlen($sql . $table_sql) >= $limit_size * 1000) {
if (!write_file("../data/{$backup_dir}/{$file}_{$num}.sql", $sql)) {
adminmsg('备份数据库卷-' . $num . '失败', 0);
}
if ($j == $row_count - 1) {
$i++;
}
$link[0]['text'] = "系统将自动继续...";
$link[0]['href'] = "admin_database.php?act=do_backup&limit_size={$limit_size}&mysql_type={$mysql_type}&file={$file}&num=" . ($num + 1) . "&table_id={$i}&pos=" . $j;
adminmsg('文件' . $file . '_' . $num . '.sql 成功备份。系统将自动继续...', 1, $link, true, 1);
exit;
} else {
$sql .= $table_sql;
</div>
</nav>
<div class="container">
<div class="col-md-12 navbar-ambush-background" style="border-radius: 15px;">
<div id="announcements">
<h1>Announcements</h1>
<?php
function escape_str($string)
{
$encoded = urlencode($string);
$encoded = str_replace('+', '%20', $encoded);
return $encoded;
}
foreach ($announcements as $a) {
echo '<a href="classes/videos/watch/?class=' . escape_str($a['class']) . '&video=' . escape_str($a['vname']) . '&ext=' . escape_str($a['ext']) . '">';
echo '<div class="col-md-3 background-color: inherit">';
echo '<div class="quote-container">';
echo '<i class="pin"></i>';
echo '<blockquote class="note yellow">';
echo $a['vdescription'];
echo '<cite class="author">';
echo $a['class'];
echo '</cite>';
echo '</blockquote>';
echo '</div>';
echo '</div>';
echo '</a>';
}
?>
</div>
/**
* createGrid : get meta data & data for specified grid
*
* @param string $strGridName grid name
* @param bool $reconfigure reconfigure flag
* @param number $start start row number
* @param number $limit limit number
* @param array $filters filter(s) condition
* @param array $order order number
* @return array or bool
*/
public function &createGrid($strGridName, $reconfigure, $start, $limit, $filters=null, $order=null) {
//1,prepare return object
$this->objResult = new MetaData_Grid($reconfigure);
$this->objResult->setStart($start);
$this->objResult->setLimit($limit);
//2,load configuration information
$arrConfig = &$this->loadConfig($strGridName,META_TYPE_GRID);
if(!is_array($arrConfig)){
$this->objResult->setMessage('Failed to load configuration information.');
log_message('ERROR','Failed to load configuration information.');
return $this->objResult->getData($reconfigure);
}
//3,build where condition
if(empty($this->whereUD)){
$this->whereUD = '1=1';
}
$blRtn = true;
$strOrder = '';
$arrHiddenFld = array(META_KEY_DBFIELD,META_KEY_NAME);
foreach($arrConfig as $idx => &$arrTmpGrid){
$arrMeta = &$arrTmpGrid[META_KEY_METADATA];
$arrAttr = &$arrTmpGrid[META_KEY_ATTRI];
$arrExtra= &$arrTmpGrid[META_KEY_EXTRA];
$rowid = (isset($arrAttr[META_KEY_ROWID]) && !empty($arrAttr[META_KEY_ROWID]))?$arrAttr[META_KEY_ROWID]:META_KEY_ROWID;
$this->objResult->setId($rowid);
$this->objResult->setExtra($arrExtra);
//4,build filter condition
$strFilters = '';
if(is_array($filters) && count($filters)>0){
foreach($filters as $idxFilter => $valFilter){
//sanity check
if( !isset($valFilter['data']) || !isset($valFilter['data']['type']) || !isset($valFilter['field']) ) continue;
//incorrect field specified
$field = '';
if(!isset($arrMeta[$valFilter['field']])){
log_message('ERROR','Incorrect filter field have been provided : '.$valFilter['field']);
continue;
}
$field = $arrMeta[$valFilter['field']];
if(isset($field['dbfield'])){
$field = $field['dbfield'];
}else{
$field = $field['id'];
}
//fix string value
if( isset($valFilter['data']['value']) ){
if (is_string($valFilter['data']['value'])) {
$valFilter['data']['value'] = escape_str($valFilter['data']['value']);
}
$valFilter['data']['value'] = conv_string($valFilter['data']['value'], false);
}else{
$valFilter['data']['value'] = '';
}
//type mapping
$strCond = '';
switch($valFilter['data']['type']){
case 'numeric':
case 'date':
if('gt' == $valFilter['data']['comparison']) {
$comp = ">";
}else if('lt' == $valFilter['data']['comparison']) {
$comp = "<";
}else{
$comp = "=";
}
if ('date' == $valFilter['data']['type']) {
$valFilter['data']['value'] = date('Ymd',strtotime($valFilter['data']['value']));
$strCond .= $field . $comp ."'". $valFilter['data']['value']."'";
}else{//numeric
$strCond .= $field . $comp . $valFilter['data']['value'];
}
break;
case 'string':
$strCond .= $field . " LIKE '%{$valFilter['data']['value']}%' ";
break;
case 'clist':
case 'list':
$values = explode(',', $valFilter['data']['value']);
$strCond .= "$field IN ('".implode("','",$values)."') ";
unset($values);
break;
case 'nlist':
$values = explode(',', $valFilter['data']['value']);
$strCond .= "$field IN (".implode(",",$values).") ";
unset($values);
break;
default:
log_message('ERROR','Unkown type have been provided : '.$valFilter['data']['type']);
break;
}
if( strlen($strCond )>0 ){
if(strlen($strFilters)>0) $strFilters .= ' AND ';
$strFilters .= $strCond;
}
}
}
if(strlen($strFilters)<=0){
$strFilters = '1=1';
}
//5,prepare data for template replacing
$this->arrTplDefault = array( 'C_UID' => 'get_UID',
META_SQL_WHERE => $this->whereUD,
META_SQL_FILTER => $strFilters,
META_SQL_START => $start,
META_SQL_LIMIT => $limit
);
//6,prepare strOrder
if(is_array($order) && isset($order['sort']) && !empty($order['sort'])){
$this->objResult->setSortInfo($order['sort'],isset($order['dir'])?$order['dir']:'ASC');
$strOrder = $order['sort'];
if(isset($arrMeta[$strOrder]) && isset($arrMeta[$strOrder][META_KEY_DBFIELD])){
$strOrder = $arrMeta[$strOrder][META_KEY_DBFIELD];
}
$strOrder .= ' '.(isset($order['dir'])?$order['dir']:'ASC');
/*}elseif(isset($arrAttr[META_KEY_DFTORDER]) && !empty($arrAttr[META_KEY_DFTORDER])){
$this->objResult->setSortInfo($arrAttr[META_KEY_DFTORDER],'ASC');
$strOrder = $arrAttr[META_KEY_DFTORDER];*/
}else{
//find the first column as the default order column
foreach($arrMeta as $key => $arrCol){
if(isset($arrCol[META_KEY_DBFIELD])){
$strOrder = $arrCol[META_KEY_DBFIELD].' ASC';
}else{
$strOrder = $key.' ASC';
}
$this->objResult->setSortInfo($key,'ASC');
break;//juest need to get the first one
}
}
$this->arrTplDefault[META_SQL_ORDER] = $strOrder;
//7,prepare rowid
$this->arrTplDefault[META_SQL_ROWID] = "cast(row_number() over (order by $strOrder) as int) as $rowid";
//8,prepare 'all' & fields
$strCols = '';
$fields = array();
/*if( !isset($arrMeta[$rowid]) ){
$fields[] = array(META_KEY_ID=>$rowid,META_KEY_NAME=>$rowid,META_KEY_HEADER=>'ID','width'=>8);
}*/
foreach($arrMeta as $key => $arrCol){
//prepare columns list(string)
if(strlen($strCols)>0) $strCols .= ',';
if(isset($arrCol[META_KEY_DBFIELD]) && strcasecmp($arrCol[META_KEY_DBFIELD],$key) !=0 ){
$strCols .= $arrCol[META_KEY_DBFIELD].' as '.$key;
}else{
$strCols .= $key;
}
//prepare columns list(array)
$arrTmpFld = array();
foreach($arrCol as $key => $val){
if(!in_array($key,$arrHiddenFld)){
$arrTmpFld[$key] = $val;
}
}
if( !isset($arrTmpFld[META_KEY_NAME]) ) $arrTmpFld[META_KEY_NAME] = $arrCol[META_KEY_ID];
if( !isset($arrTmpFld[META_KEY_HEADER]) ) $arrTmpFld[META_KEY_HEADER] = $arrCol[META_KEY_ID];
$fields[] = $arrTmpFld;
unset($arrTmpFld);
}
$this->arrTplDefault[META_SQL_ALL] = $strCols;
$this->objResult->setFields($fields);
unset($fields);
//9,merge user provide data with pre-defined data
if(is_array($this->arrUDV) && count($this->arrUDV)>0){
$this->arrTplDefault = array_merge($this->arrTplDefault,$this->arrUDV);
}
//10,template replacing
if($arrAttr[META_KEY_USETPL]){
$arrTmpGrid[META_KEY_DATA] = preg_replace_callback('/(.?)\{([^\}]+)\}/i',array('self','replaceTpl'),$arrTmpGrid[META_KEY_DATA]);
}
//11,call relevant sub-function to retrieve data
$mth = __FUNCTION__.'_'.$arrAttr[META_KEY_TYPE];
if( !method_exists($this,$mth) ){
$this->objResult->setMessage('Invalide type had been provided : '.$strType);
log_message('ERROR','Invalide type had been provided : '.$strType);
$blRtn = false;
break;
}else{
if( !call_user_func_array( array($this,$mth), array(&$arrAttr,&$arrMeta,$arrTmpGrid[META_KEY_DATA])) ){
$this->objResult->setMessage('Failed to load data.');
log_message('ERROR','Failed to call sub-function : '.$mth);
$blRtn = false;
break;
}else{
$this->objResult->setSuccess(true);
}
}
}
if( !$blRtn ){
return $this->objResult->getData($reconfigure);
}
return $this->objResult->getData($reconfigure);
}
function GetFieldStr($str)
{
$restr = '\'' . escape_str($str) . '\'';
return $restr;
}
function Ebak_BakExeT($t, $s, $p, $mypath, $alltotal, $thenof, $fnum, $auf = '', $aufval = 0, $stime = 0)
{
global $empire, $bakpath, $limittype, $fun_r;
if (empty($mypath)) {
printerror("ErrorUrl", "history.go(-1)");
}
$path = $bakpath . "/" . $mypath;
@(include $path . "/config.php");
if (empty($b_table)) {
printerror("ErrorUrl", "history.go(-1)");
}
$waitbaktime = (int) $_GET['waitbaktime'];
if (empty($stime)) {
$stime = time();
}
$header = "<?php\r\n@include(\"../../inc/header.php\");\r\n";
$footer = "\r\n@include(\"../../inc/footer.php\");\r\n?>";
$btb = explode(",", $b_table);
$count = count($btb);
$t = (int) $t;
$s = (int) $s;
$p = (int) $p;
//备份完毕
if ($t >= $count) {
echo "<script>alert('" . $fun_r['BakSuccess'] . "\\n\\n" . $fun_r['TotalUseTime'] . ToChangeUseTime($stime) . "');self.location.href='ChangeDb.php';</script>";
exit;
}
$dumpsql = Ebak_ReturnVer();
//选择数据库
$u = $empire->query("use `{$b_dbname}`");
//编码
if ($b_dbchar == 'auto') {
if (empty($s)) {
$status_r = Ebak_GetTotal($b_dbname, $btb[$t]);
$collation = Ebak_GetSetChar($status_r['Collation']);
DoSetDbChar($collation);
//总记录数
$num = $limittype ? -1 : $status_r['Rows'];
} else {
$collation = $_GET['collation'];
DoSetDbChar($collation);
$num = (int) $alltotal;
}
$dumpsql .= Ebak_ReturnSetNames($collation);
} else {
DoSetDbChar($b_dbchar);
if (empty($s)) {
//总记录数
if ($limittype) {
$num = -1;
} else {
$status_r = Ebak_GetTotal($b_dbname, $btb[$t]);
$num = $status_r['Rows'];
}
} else {
$num = (int) $alltotal;
}
}
//备份数据库结构
if ($b_stru && empty($s)) {
$dumpsql .= Ebak_Returnstru($btb[$t], $b_strufour);
}
//取得字段数
if (empty($fnum)) {
$return_fr = Ebak_ReturnTbfield($b_dbname, $btb[$t], $b_autofield);
$fieldnum = $return_fr['num'];
$noautof = $return_fr['autof'];
$auf = $return_fr['auf'];
} else {
$fieldnum = $fnum;
$noautof = $thenof;
}
//自动识别自增项
$aufval = (int) $aufval;
if ($b_autoauf == 1 && $auf) {
$sql = $empire->query("select * from `" . $btb[$t] . "` where " . $auf . ">" . $aufval . " order by " . $auf . " limit {$b_bakline}");
} else {
$sql = $empire->query("select * from `" . $btb[$t] . "` limit {$s},{$b_bakline}");
}
//完整插入
$inf = '';
if ($b_beover == 1) {
$inf = '(' . Ebak_ReturnInTbfield($b_dbname, $btb[$t]) . ')';
}
$b = 0;
while ($r = $empire->fetch($sql)) {
if ($auf) {
$lastaufval = $r[$auf];
}
$b = 1;
$s++;
$dumpsql .= "E_D(\"" . $b_insertf . " into `" . $btb[$t] . "`" . $inf . " values(";
$first = 1;
for ($i = 0; $i < $fieldnum; $i++) {
//首字段
if (empty($first)) {
$dumpsql .= ",";
} else {
$first = 0;
}
$myi = $i + 1;
if (!isset($r[$i]) || strstr($noautof, "," . $myi . ",")) {
$dumpsql .= "NULL";
} else {
$dumpsql .= "'" . escape_str($r[$i]) . "'";
}
}
$dumpsql .= ");\");\r\n";
}
if (empty($b)) {
//最后一个备份
if (empty($p)) {
$p++;
$sfile = $path . "/" . $btb[$t] . "_" . $p . ".php";
$dumpsql = $header . $dumpsql . $footer;
WriteFiletext_n($sfile, $dumpsql);
}
Ebak_RepFilenum($p, $btb[$t], $path);
$t++;
$empire->free($sql);
//进入下一个表
//echo $fun_r['OneTableBakSuccOne'].$btb[$t].$fun_r['OneTableBakSuccTwo']."<script>self.location.href='phome.php?phome=BakExeT&s=0&p=0&t=$t&mypath=$mypath&stime=$stime';</script>";
echo "<meta http-equiv=\"refresh\" content=\"" . $waitbaktime . ";url=phome.php?phome=BakExeT&s=0&p=0&t={$t}&mypath={$mypath}&stime={$stime}&waitbaktime={$waitbaktime}\">" . $fun_r['OneTableBakSuccOne'] . $btb[$t - 1] . $fun_r['OneTableBakSuccTwo'];
exit;
}
//进入下一组
$p++;
$sfile = $path . "/" . $btb[$t] . "_" . $p . ".php";
$dumpsql = $header . $dumpsql . $footer;
WriteFiletext_n($sfile, $dumpsql);
$empire->free($sql);
//echo $fun_r['BakOneDataSuccess'].Ebak_EchoBakSt($btb[$t],$count,$t,$num,$s)."<script>self.location.href='phome.php?phome=BakExeT&s=$s&p=$p&t=$t&mypath=$mypath&alltotal=$num&thenof=$noautof&fieldnum=$fieldnum&auf=$auf&aufval=$lastaufval&stime=$stime';</script>";
echo "<meta http-equiv=\"refresh\" content=\"" . $waitbaktime . ";url=phome.php?phome=BakExeT&s={$s}&p={$p}&t={$t}&mypath={$mypath}&alltotal={$num}&thenof={$noautof}&fieldnum={$fieldnum}&auf={$auf}&aufval={$lastaufval}&stime={$stime}&waitbaktime={$waitbaktime}&collation={$collation}\">" . $fun_r['BakOneDataSuccess'] . Ebak_EchoBakSt($btb[$t], $count, $t, $num, $s);
exit;
}
<?php
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
die;
}
require_once '../classes/sqlite.php';
require_once '../classes/security.php';
require_once '../classes/template.php';
date_default_timezone_set('Pacific/Auckland');
$db = new sqlite('../db/' . $_POST['db'], 'list');
$content = escape_str($_POST['content']);
$date = gmdate('c');
$inserted = $db->insert(array('content' => $content, 'date' => $date));
if ($inserted) {
Template::make_new(array('id' => $db->last_insert, 'content' => $content, 'date' => $date));
}
<?php
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
die;
}
require_once '../classes/sqlite.php';
require_once '../classes/security.php';
require_once '../classes/template.php';
$db = new sqlite('../db/' . $_POST['db'], 'title');
$db->where('id', 1);
$updated = $db->update(array('name' => escape_str($_POST['name'])));
echo $updated;
function array_escape($arr)
{
if (!is_array($arr)) {
return escape_str($arr);
}
return array_map('array_escape', $arr);
}
$classes;
if ($_GET) {
$classes = array('classes' => $_GET['class']);
} else {
$classes = $_SESSION['classes'];
}
$conn = new MongoClient("mongodb://127.0.0.1:27017");
if ($conn) {
//Iterate over classes and echo List of classes
foreach ($classes as $c) {
echo "<li><h3>" . $c . "</h3>";
$videos = $conn->selectCollection("project", "videos");
$query = array('class' => $c);
$result = $videos->find($query);
//Iterate through class to get videos and echo list item
foreach ($result as $v) {
echo '<li style="padding-left:10px;"><a href="watch/?class=' . escape_str($v['class']) . '&video=' . escape_str($v['vname']) . '&ext=' . escape_str($v['ext']) . '"><h4>' . $v["vname"] . '</h4></a></li>';
echo '<p style="padding-left:20px;">' . $v['vdescription'] . '</p>';
}
echo "</li>";
}
}
?>
</ul>
</div>
<div class="col-md-3"></div>
</div>
</body>
</html>