Пример #1
0
 /**
  * Escapes a string for use in an SQL query.
  *
  * @param  string $value
  * @param  boolean $like If true, escapes % and _ for LIKE clauses
  * @return string
  */
 public function escape($value, $like = false)
 {
     if ($like) {
         $value = str_replace(array('%', '_'), array('\\%', '\\_'), $value);
     }
     return $this->_mysqli->real_escape_string($value);
 }
Пример #2
0
 /**
  * Escapes the input with real_escape_string
  * Taken from FuelPHP and edited
  * @param  string $value  The string to escape
  * @return  string  The escaped string
  * @throws  Miaox_SphinxQl_Connection_Exception  If there was an error during the escaping
  */
 public function escape($value)
 {
     $this->connect();
     if (($value = $this->_driver->real_escape_string((string) $value)) === false) {
         throw new Miaox_SphinxQl_Connection_Exception($this->_driver->error, $this->_driver->errno);
     }
     return "'" . $value . "'";
 }
Пример #3
0
 public function escape($txt)
 {
     if (is_array($txt)) {
         throw new Error('Invalid parameter: escape cannot handle arrays.');
     }
     $this->connect();
     return $this->connection->real_escape_string($txt);
 }
Пример #4
0
 /**
  * @param Array $data
  * @return Array
  */
 private function valquote(array $data)
 {
     foreach ($data as &$value) {
         if (!is_numeric($value)) {
             $value = $this->MySQLi->real_escape_string($value);
             $value = "'{$value}'";
         }
     }
     return $data;
 }
Пример #5
0
 /**
  * Given a string, escapes it for use in a query
  *
  * @param String $value The string to escape. If an array is given, all the
  *      values in it will be escaped
  * @return String Returns the escaped string
  */
 public function escape($value)
 {
     if (is_array($value)) {
         return array_map(array($this, "escape"), $value);
     }
     $value = (string) $value;
     if (!isset($this->link)) {
         $this->connect();
     }
     return $this->link->real_escape_string($value);
 }
 public function SQLPrep($value)
 {
     if ($value == '') {
         $value = 'NULL';
     } else {
         if (!TeraWurflDatabase::isNumericSafe($value) || $value[0] == '0') {
             $value = "'" . $this->dbcon->real_escape_string($value) . "'";
         }
     }
     //Quote if not integer
     return $value;
 }
Пример #7
0
 public function toSQL(\MySQLi $con)
 {
     if (is_array($this->values) || $this->values instanceof ArrayIterator) {
         $val = "";
         $index = 0;
         foreach ($this->values as $v) {
             if ($index++ > 0) {
                 $val .= ',';
             }
             if ($v instanceof DBObject) {
                 $v = $v->id;
             }
             $val .= '"' . $con->real_escape_string($v) . '"';
         }
     } else {
         $val = $this->values->toSQL();
     }
     $field = $this->field;
     if ($field instanceof DBField) {
         $field = $field->getName();
     }
     return "({$field} {$this->operator} ({$val}))";
 }
Пример #8
0
    fclose($fr_hn);
}
//	end of prepare the multi-lingual json files for database injection
//	now we need to insert or update the database with the files
$mysqli = new MySQLi(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: ({$mysqli->connect_errno}) {$mysqli->connect_error}";
}
$json_file = scandir($OUT_DIR);
foreach ($json_file as $file) {
    if ($file == 'BCBF_en.json') {
        $content = file_get_contents($OUT_DIR . '/BCBF_en.json');
        $insert_format = " ( '%d' , '%s' )";
        $update_format = "   '%s'  ";
        $query = " INSERT INTO `" . $table_prefix . "postmeta` ( `meta_id` , `meta_value` ) VALUES ";
        $query .= sprintf($insert_format, $mysqli->real_escape_string('1457'), $mysqli->real_escape_string($content));
        $query .= ' ON DUPLICATE KEY UPDATE meta_value = ';
        $query .= sprintf($update_format, $mysqli->real_escape_string($content));
        $result = $mysqli->query($query);
        $errors = $mysqli->error;
        if (!$errors) {
            echo 'BCBF_en was updated successfully <br>';
            // If update is successful, update the post date to reflect current date.
            $update_date = $mysqli->real_escape_string(date("Y-m-d H:i:s"));
            $get_post_id = $mysqli->real_escape_string('137');
            $query_date = " UPDATE `" . $table_prefix . "posts` SET post_date='" . $update_date . "', post_date_gmt='" . $update_date . "' WHERE `ID`='" . $get_post_id . "'";
            $result_date = $mysqli->query($query_date);
            $errors_date = $mysqli->error;
            if (!$errors_date) {
                echo 'BCBF_en date was updated successfully <br>';
            } else {
Пример #9
0
 public function write2db($prices)
 {
     $mysqli = new MySQLi(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
     if ($mysqli->connect_errno) {
         echo "Failed to connect to MySQL: ({$mysqli->connect_errno}) {$mysqli->connect_error}";
     }
     $format = " ('%s', '%s', '%s', '%s', '%s', %f, %f)";
     $format_update_nav = "  '%f' ,  ";
     $format_update_nav_change = "  '%f'  ; ";
     // Go over each array item and append it to the SQL query
     foreach ($prices as $manager) {
         foreach ($manager as $class) {
             foreach ($class as $arrays) {
                 foreach ($arrays as $data) {
                     // change fund managers into english ID
                     if ($data['Manager'] == 'Brandes') {
                         $manager = 956;
                     } elseif ($data['Manager'] == 'Sionna') {
                         $manager = 960;
                     } elseif ($data['Manager'] == 'Lazard') {
                         $manager = 958;
                     } elseif ($data['Manager'] == 'Greystone') {
                         $manager = 14630;
                     }
                     // change currency into ID
                     if ($data['Currency'] == 'CAD') {
                         $currency = 0;
                     } elseif ($data['Currency'] == 'USD') {
                         $currency = 1;
                     }
                     // change Excel date into MySQL date
                     $x = $data['PriceDate'];
                     // check if the value is an array
                     if (is_array($x)) {
                         // set $x to the previous $x value
                         $x = $temp;
                     }
                     $utc = ($x - 25569) * 86400;
                     $dt = gmdate("Y-m-d", $utc);
                     $temp = $x;
                     //change "U" classes to proper Classnames
                     if ($data['Fund'] == 'BCFU') {
                         $fundcode = 'BCFB';
                     } elseif ($data['Fund'] == 'BEMU') {
                         $fundcode = 'BEMF';
                     } elseif ($data['Fund'] == 'BGBU') {
                         $fundcode = 'BGBF';
                     } elseif ($data['Fund'] == 'BGEU') {
                         $fundcode = 'BGEF';
                     } elseif ($data['Fund'] == 'BGOU') {
                         $fundcode = 'BGOF';
                     } elseif ($data['Fund'] == 'BGSU') {
                         $fundcode = 'BGSF';
                     } elseif ($data['Fund'] == 'BIEU') {
                         $fundcode = 'BIEF';
                     } elseif ($data['Fund'] == 'BUEU') {
                         $fundcode = 'BUEF';
                     } elseif ($data['Fund'] == 'BUSU') {
                         $fundcode = 'BUSF';
                     } elseif ($data['Fund'] == 'LEMU') {
                         $fundcode = 'LEMS';
                     } elseif ($data['Fund'] == 'LGEU') {
                         $fundcode = 'LGEI';
                     } elseif ($data['Fund'] == 'LGBU') {
                         $fundcode = 'LGBI';
                         /*private funds added SEP 2015*/
                     } elseif ($data['Fund'] == 'LGLU') {
                         $fundcode = 'LGLV';
                     } elseif ($data['Fund'] == 'BGCU') {
                         $fundcode = 'BGCC';
                     } else {
                         $fundcode = $data['Fund'];
                     }
                     // State Street now sends the Fund Class data that no longer requires a change
                     $datacode = $data['Class'];
                     // insert 10.00 for Brandes Canadian Money Market Fund (BMMF) Class A and F
                     if ($fundcode == 'BMMF' && $manager == 956 && $datacode == 'A') {
                         $data['NAV'] = 10;
                     }
                     if ($fundcode == 'BMMF' && $manager == 956 && $datacode == 'F') {
                         $data['NAV'] = 10;
                     }
                     $query = "INSERT INTO `bh_bh_price_data` (`price_date`, `fund_id`, `manager_id` , `currency_id`, `class_id`, `nav`, `nav_change`) VALUES ";
                     $query .= sprintf($format, $mysqli->real_escape_string($dt), $mysqli->real_escape_string($fundcode), $mysqli->real_escape_string($manager), $mysqli->real_escape_string($currency), $mysqli->real_escape_string($datacode), $mysqli->real_escape_string($data['NAV']), $mysqli->real_escape_string($data['NavChange']));
                     $query .= ' ON DUPLICATE KEY UPDATE nav = ';
                     $query .= sprintf($format_update_nav, $mysqli->real_escape_string($data['NAV']));
                     $query .= 'nav_change = ';
                     $query .= sprintf($format_update_nav_change, $mysqli->real_escape_string($data['NavChange']));
                     $result = $mysqli->query($query);
                     $errors = $mysqli->error;
                 }
             }
         }
     }
     if (!$errors) {
         echo "The database has been updated with the latest information.";
     } else {
         echo "Something went wrong. The query did not work: " . $mysqli->error;
     }
 }
Пример #10
0
 public function insertRegisters(\MySQLi &$sqli, $tableName, array $columns, array $registers)
 {
     $sql = "INSERT INTO {$tableName} SET ";
     $result = @array_combine($columns, $registers);
     if (!$result) {
         //FIX ME
         $registers = array_pad($registers, sizeof($columns), '-');
         $result = array_combine($columns, $registers);
         $this->log("WARNING! INSERTING PADDED VALUES, THIS DATA IS NOT ACCURATE!", 1, "red");
     }
     foreach ($result as $colName => $colVal) {
         $sql .= "{$colName}='" . $sqli->real_escape_string($colVal) . "',";
     }
     $sql = substr($sql, 0, -1);
     return $sqli->query($sql);
 }
Пример #11
0
 /**
  * Function used to escape parameters
  *
  * @param MySQLi $db Database connection.
  * @param array $args Arguments to escape.
  * @return array Escaped parameters.
  */
 public static function escapeParameters(MySQLi $db, $args)
 {
     $data = [];
     foreach ($args as $index => $value) {
         $data[$index] = $db->real_escape_string($value);
     }
     return $data;
 }
Пример #12
0
    exit;
}
$web_query = $mysqli->query("SELECT * from web_config WHERE web_version = '" . $web_version . "'");
$web_fetch = $web_query->fetch_assoc();
if ($web_fetch['web_version'] != $web_version) {
    echo "Website version is old, Please update.";
    exit;
}
if ($web_version == "Develop") {
    // nice setting, if you is not developer please don't change this setting
    $debug = true;
}
/*
 * Normal Connect DataBase Web Settings
 */
$servername = $mysqli->real_escape_string($web_fetch['servername']);
$pagetitle = $mysqli->real_escape_string($web_fetch['pagetitle']);
$game_version = $mysqli->real_escape_string($web_fetch['game_version']);
$web_description = $mysqli->real_escape_string($web_fetch['description']);
$web_keywords = $mysqli->real_escape_string($web_fetch['keywords']);
$client_text = $mysqli->real_escape_string($web_fetch['client_text']);
$other_text = $mysqli->real_escape_string($web_fetch['other_text']);
$tips_text = $mysqli->real_escape_string($web_fetch['tips_text']);
$home_text = $mysqli->real_escape_string($web_fetch['home_text']);
$youtu_link = $mysqli->real_escape_string($web_fetch['youtu_link']);
$reg_text = $mysqli->real_escape_string($web_fetch['reg_text']);
$reg_email_check = $mysqli->real_escape_string($web_fetch['reg_email_check']);
$admin_email = $mysqli->real_escape_string($web_fetch['admin_email']);
/*
 * Normal Web Settings
 */
Пример #13
0
/* okay - now we open a new connection and loop through the files and funds to update each fund */
$mysqli = new MySQLi(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: ({$mysqli->connect_errno}) {$mysqli->connect_error}";
}
//set up 2 counters $fn for $FUND data $fl for $json_files
//cause they might get out of sync if a json file is not generated for any fund
//but why would that be master?  cause the xml file is probably missing little butterfly.
$fn = 0;
$fl = 2;
while ($fn < count($FUNDS)) {
    if (strtoupper($FUNDS[$fn][0]) . '_' . $FUNDS[$fn][2] === substr($json_file[$fl], 0, -5)) {
        $content = file_get_contents($OUT_DIR . '/' . $json_file[$fl]);
        $sql = " INSERT INTO bh_postmeta ( meta_id , meta_value ) VALUES ( '";
        $sql .= $FUNDS[$fn][3] . "' , ";
        $sql .= "'" . sprintf('%s', $mysqli->real_escape_string($content)) . "' )";
        $sql .= " ON DUPLICATE KEY UPDATE meta_value = ";
        $sql .= "'" . sprintf('%s', $mysqli->real_escape_string($content)) . "'";
        $result = $mysqli->query($sql);
        //      echo $sql;
        $errors = $mysqli->error;
        if (!$errors) {
            echo strtoupper($FUNDS[$fn][0]) . '_' . $FUNDS[$fn][2] . ' was updated successfully <br>';
            //              If update is successful, update the post date to reflect current date.
            $update_date = $mysqli->real_escape_string(date("Y-m-d H:i:s"));
            $get_post_id = $mysqli->real_escape_string($FUNDS[$fn][1]);
            $query_date = " UPDATE bh_posts SET post_date='" . $update_date . "', post_date_gmt='" . $update_date . "' WHERE ID='" . $get_post_id . "'";
            $result_date = $mysqli->query($query_date);
            $errors_date = $mysqli->error;
            if (!$errors_date) {
                echo strtoupper($FUNDS[$fn][0]) . '_' . $FUNDS[$fn][2] . ' post date was updated successfully <br>';
 public function write2db($prices)
 {
     $mysqli = new MySQLi(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
     if ($mysqli->connect_errno) {
         echo "<br />Failed to connect to MySQL: ({$mysqli->connect_errno}) {$mysqli->connect_error}";
     }
     $format = " ('%s', '%s', '%s', '%s', '%s', %f, %f)";
     $format_update_total_factor_cad = "  '%f' , ";
     $format_update_total_factor_usd = "  '%f' ; ";
     // Go over each array item and append it to the SQL query
     foreach ($prices as $manager) {
         foreach ($manager as $class) {
             foreach ($class as $arrays) {
                 foreach ($arrays as $data) {
                     // change fund managers into ID
                     if ($data['Manager'] == 'Brandes') {
                         $manager = 956;
                     } elseif ($data['Manager'] == 'Sionna') {
                         $manager = 960;
                     } elseif ($data['Manager'] == 'Lazard') {
                         $manager = 958;
                     } elseif ($data['Manager'] == 'Greystone') {
                         $manager = 14630;
                     }
                     //change codenumber to our CodeID
                     if ($data['FundNumber'] == 'NXW7') {
                         $fund_code = 'BCEF';
                     } elseif ($data['FundNumber'] == 'NXW9') {
                         $fund_code = 'BMMF';
                     } elseif ($data['FundNumber'] == 'NXX4') {
                         $fund_code = 'BCFB';
                     } elseif ($data['FundNumber'] == 'NXW4') {
                         $fund_code = 'BEMF';
                     } elseif ($data['FundNumber'] == 'NXWK') {
                         $fund_code = 'BGBF';
                     } elseif ($data['FundNumber'] == 'NXW2') {
                         $fund_code = 'BGEF';
                     } elseif ($data['FundNumber'] == 'NXWD') {
                         $fund_code = 'BGOF';
                     } elseif ($data['FundNumber'] == 'NXW3') {
                         $fund_code = 'BGSF';
                     } elseif ($data['FundNumber'] == 'NXW1') {
                         $fund_code = 'BIEF';
                     } elseif ($data['FundNumber'] == 'NXWC') {
                         $fund_code = 'BCBF';
                     } elseif ($data['FundNumber'] == 'NXXC') {
                         $fund_code = 'BSCE';
                     } elseif ($data['FundNumber'] == 'NXX2') {
                         $fund_code = 'BSSC';
                     } elseif ($data['FundNumber'] == 'NXX3') {
                         $fund_code = 'BSDI';
                     } elseif ($data['FundNumber'] == 'NXW5') {
                         $fund_code = 'BUEF';
                     } elseif ($data['FundNumber'] == 'NXXK') {
                         $fund_code = 'BSMI';
                     } elseif ($data['FundNumber'] == 'NXW6') {
                         $fund_code = 'BUSF';
                     } elseif ($data['FundNumber'] == 'NXWE') {
                         $fund_code = 'LEMS';
                     } elseif ($data['FundNumber'] == 'NXWF') {
                         $fund_code = 'LGEI';
                     } elseif ($data['FundNumber'] == 'NXXE') {
                         $fund_code = 'LGBI';
                     } elseif ($data['FundNumber'] == 'NXXF') {
                         $fund_code = 'GCBF';
                     } elseif ($data['FundNumber'] == 'NXXO') {
                         $fund_code = 'GEIC';
                     } elseif ($data['FundNumber'] == 'NXXP') {
                         $fund_code = 'BGCC';
                     } elseif ($data['FundNumber'] == 'NXXQ') {
                         $fund_code = 'LGLV';
                     } elseif ($data['FundNumber'] == 'NXXR') {
                         $fund_code = 'SCEP';
                     }
                     $short_class = trim($data['Class'], "Class ");
                     $query = "INSERT INTO `bh_bh_monthly_distribs` (`record_date`, `payment_date`, `fund_id`, `manager_id` ,  `class_id`, `total_factor_cad` , `total_factor_usd` ) VALUES ";
                     $query .= sprintf($format, $mysqli->real_escape_string($data['RecordDate']), $mysqli->real_escape_string($data['PaymentDate']), $mysqli->real_escape_string($fund_code), $mysqli->real_escape_string($manager), $mysqli->real_escape_string($short_class), $mysqli->real_escape_string($data['TotalFactorCAD']), $mysqli->real_escape_string($data['TotalFactorUSD']));
                     $query .= ' ON DUPLICATE KEY UPDATE total_factor_cad = ';
                     $query .= sprintf($format_update_total_factor_cad, $mysqli->real_escape_string($data['TotalFactorCAD']));
                     $query .= 'total_factor_usd = ';
                     $query .= sprintf($format_update_total_factor_usd, $mysqli->real_escape_string($data['TotalFactorUSD']));
                     $result = $mysqli->query($query);
                     $errors = $mysqli->error;
                     //echo $query;
                 }
             }
         }
     }
     if (!$errors) {
         echo "<br />The database has been updated with the information from this file.";
     } else {
         echo "<br />Something went wrong, the query did not work: " . $mysqli->error;
     }
 }
Пример #15
0
 /**
  * Formats this object, escaping the values as needed.
  *
  * @param MySQLi $con the connection to use for escaping
  */
 public function toSQL(\MySQLi $con)
 {
     $oper = null;
     $val = "NULL";
     if ($this->value === null) {
         if ($this->operator == self::EQ) {
             $oper = " is ";
         } else {
             $oper = " is not ";
         }
     } else {
         $oper = $this->operator;
         if ($this->value instanceof DBObject) {
             $val = '"' . $con->real_escape_string($this->value->id) . '"';
         } elseif ($this->value instanceof \DateTime) {
             $val = '"' . $this->value->format('Y-m-d H:i:s') . '"';
         } elseif ($this->value instanceof DBField) {
             $val = $this->value->getName();
         } else {
             $val = '"' . $con->real_escape_string($this->value) . '"';
         }
     }
     $field = $this->field;
     if ($field instanceof DBField) {
         $field = $field->getName();
     }
     return '(' . $field . $oper . $val . ')';
 }
Пример #16
0
 public function escape_string($data)
 {
     return parent::real_escape_string($data);
 }
Пример #17
0
<?php

$output = NULL;
if (isset($_POST['Submit'])) {
    //Connect to the datatbase
    $mysqli = new MySQLi("localhost", "root", "", "babies");
    $year = $mysqli->real_escape_string($_POST['year']);
    $gender = $mysqli->real_escape_string($_POST['gender']);
    //Query the database
    $resultSet = $mysqli->query("SELECT * FROM babynames WHERE year='{$year}' AND gender='{$gender}'");
    if ($resultSet->num_rows > 0) {
        while ($rows = $resultSet->fetch_assoc()) {
            $name = $rows['name'];
            $output = "Most popular baby name: {$name}";
        }
    } else {
        $output = "Enter the correct details!";
    }
}
?>

<?php 
echo $output;
Пример #18
0
 /**
  * @param $string
  * @return string
  *
  * Escapes the given string and returns it
  */
 public function escape($string)
 {
     return $this->_db->real_escape_string($string);
 }
Пример #19
0
<?php

include_once 'includes/db_connect.php';
include_once 'includes/functions2.php';
sec_session_start();
if (login_check($mysqli) == true) {
    $message = '';
    $db = new MySQLi('localhost', 'user1', '', 'NewStarPS1');
    if ($db->connect_error) {
        $message = $db->connect_error;
    } else {
        $sql = 'SELECT * FROM products WHERE product_id=' . $db->real_escape_string($_GET['product_id']);
        $result = $db->query($sql);
        $message = $db->error;
        if ($db->error) {
            $message = $db->error;
        } else {
            if (mysqli_num_rows($result) < 1) {
                $message = "No Rows Found";
                printf("Result trig 0.");
            } else {
                $row = $result->fetch_assoc();
            }
        }
    }
    if (!isset($_SESSION["orderid"])) {
        $_SESSION["orderid"] = rand(1, 9999);
    }
    ?>
<!DOCTYPE html>
<html lang="en">
Пример #20
0
 public function escape($value)
 {
     return $this->link->real_escape_string($value);
 }
Пример #21
0
if (isset($_GET['slug'])) {
    $slug = $_GET['slug'];
    if ('@' == $slug) {
        $url = 'https://twitter.com/' . TWITTER_USERNAME;
    } else {
        if (' ' == $slug) {
            // +
            $url = 'https://plus.google.com/u/0/' . GOOGLE_PLUS_ID . '/posts';
        } else {
            $slug = preg_replace('/[^a-z0-9]/si', '', $slug);
            if (is_numeric($slug) && strlen($slug) > 8) {
                $url = 'https://twitter.com/' . TWITTER_USERNAME . '/status/' . $slug;
            } else {
                $db = new MySQLi(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE);
                $db->set_charset('utf8mb4');
                $escapedSlug = $db->real_escape_string($slug);
                $redirectResult = $db->query('SELECT url FROM redirect WHERE slug = "' . $escapedSlug . '"');
                if ($redirectResult && $redirectResult->num_rows > 0) {
                    $db->query('UPDATE redirect SET hits = hits + 1 WHERE slug = "' . $escapedSlug . '"');
                    $url = $redirectResult->fetch_object()->url;
                } else {
                    $url = DEFAULT_URL . $_SERVER['REQUEST_URI'];
                }
                $db->close();
            }
        }
    }
}
header('Location: ' . $url, null, 301);
$attributeValue = htmlspecialchars($url);
?>
Пример #22
0
    fclose($fr_hn);
}
//	end of prepare the multi-lingual json files for database injection
//	now we need to insert or update the database with the files
$mysqli = new MySQLi(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: ({$mysqli->connect_errno}) {$mysqli->connect_error}";
}
$json_file = scandir($OUT_DIR);
foreach ($json_file as $file) {
    if ($file == 'BCBF_en.json') {
        $content = file_get_contents($OUT_DIR . '/BCBF_en.json');
        $insert_format = " ( '%d' , '%s' )";
        $update_format = "   '%s'  ";
        $query = " INSERT INTO `" . $table_prefix . "postmeta` ( `meta_id` , `meta_value` ) VALUES ";
        $query .= sprintf($insert_format, $mysqli->real_escape_string('1457'), $mysqli->real_escape_string($content));
        $query .= ' ON DUPLICATE KEY UPDATE meta_value = ';
        $query .= sprintf($update_format, $mysqli->real_escape_string($content));
        $result = $mysqli->query($query);
        $errors = $mysqli->error;
        if (!$errors) {
            echo 'BCBF_en was updated successfully <br>';
        } else {
            echo '!BCBF_en had an error - ' . $errors . '<br>';
        }
    } elseif ($file == 'BCBF_fr.json') {
        $content = file_get_contents($OUT_DIR . '/BCBF_fr.json');
        $insert_format = " ( '%d' , '%s' )";
        $update_format = "   '%s'  ";
        $query = " INSERT INTO `" . $table_prefix . "postmeta` ( `meta_id` , `meta_value` ) VALUES ";
        $query .= sprintf($insert_format, $mysqli->real_escape_string('3006'), $mysqli->real_escape_string($content));
Пример #23
0
<?php

$message = '';
$db = new MySQLi('localhost', 'phpwebdes', 'Gco6ign!', 'hanselandpetal');
if ($db->connect_error) {
    /* if there is a connection error, */
    $message = $db->connect_error;
    // store it in the message var.
} else {
    $sql = 'SELECT * FROM arrangements WHERE id=' . $db->real_escape_string($_GET['id']);
    // build the query,
    $result = $db->query($sql);
    // execute the query, storing the results in a variable.
    if ($db->error) {
        //if there is a query error,
        $message = $db->error;
        /*store it in the message var.*/
    } else {
        $row = $result->fetch_assoc();
    }
    // if-else query error
}
// good connection else
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Mixed Arrangements - Hansel and Petal</title>
<link rel="shortcut icon" href="../images/favicon.ico" type="image/x-icon">
<link href="../styles/handp.css" rel="stylesheet" type="text/css">
Пример #24
0
 public function write2db($prices)
 {
     $mysqli = new MySQLi(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
     if ($mysqli->connect_errno) {
         echo "Failed to connect to MySQL: ({$mysqli->connect_errno}) {$mysqli->connect_error}";
     }
     $format = " ('%s', '%s', '%s', '%s', '%s', %f, %f)";
     $format_update_nav = "  '%f' ,  ";
     $format_update_nav_change = "  '%f'  ; ";
     // Go over each array item and append it to the SQL query
     foreach ($prices as $manager) {
         foreach ($manager as $class) {
             foreach ($class as $arrays) {
                 foreach ($arrays as $data) {
                     // change fund managers into ID
                     if ($data['Manager'] == 'Brandes') {
                         $manager = 956;
                     } elseif ($data['Manager'] == 'Sionna') {
                         $manager = 960;
                     } elseif ($data['Manager'] == 'Lazard') {
                         $manager = 958;
                     }
                     // change currency into ID
                     if ($data['Currency'] == 'CAD') {
                         $currency = 0;
                     } elseif ($data['Currency'] == 'USD') {
                         $currency = 1;
                     }
                     // change Excel date into MySQL date
                     $x = $data['PriceDate'];
                     $utc = ($x - 25569) * 86400;
                     $dt = gmdate("Y-m-d", $utc);
                     //change "U" classes to proper Classnames
                     if ($data['Fund'] == 'BCFU') {
                         $fundcode = 'BCFB';
                     } elseif ($data['Fund'] == 'BEMU') {
                         $fundcode = 'BEMF';
                     } elseif ($data['Fund'] == 'BGBU') {
                         $fundcode = 'BGBF';
                     } elseif ($data['Fund'] == 'BGEU') {
                         $fundcode = 'BGEF';
                     } elseif ($data['Fund'] == 'BGOU') {
                         $fundcode = 'BGOF';
                     } elseif ($data['Fund'] == 'BGSU') {
                         $fundcode = 'BGSF';
                     } elseif ($data['Fund'] == 'BIEU') {
                         $fundcode = 'BIEF';
                     } elseif ($data['Fund'] == 'BUEU') {
                         $fundcode = 'BUEF';
                     } elseif ($data['Fund'] == 'BUSU') {
                         $fundcode = 'BUSF';
                     } elseif ($data['Fund'] == 'LEMU') {
                         $fundcode = 'LEMS';
                     } elseif ($data['Fund'] == 'LGEU') {
                         $fundcode = 'LGEI';
                     } else {
                         $fundcode = $data['Fund'];
                     }
                     //change the classes to our classes
                     if ($data['Class'] == 'B') {
                         $datacode = 'F';
                     } elseif ($data['Class'] == 'C') {
                         $datacode = 'I';
                     } elseif ($data['Class'] == 'D') {
                         if ($data['Fund'] == 'BCFB' || $data['Fund'] == 'BCFU') {
                             $datacode = 'M';
                         } else {
                             $datacode = 'L';
                         }
                     } elseif ($data['Class'] == 'E') {
                         if ($data['Fund'] == 'BCFB') {
                             $datacode = 'AH';
                         } else {
                             $datacode = 'M';
                         }
                     } elseif ($data['Class'] == 'F') {
                         if ($data['Fund'] == 'BCFB') {
                             $datacode = 'FH';
                         } else {
                             $datacode = 'W';
                         }
                     } elseif ($data['Class'] == 'G') {
                         if ($data['Fund'] == 'BCFB') {
                             $datacode = 'IH';
                         } else {
                             $datacode = 'AN';
                         }
                     } elseif ($data['Class'] == 'H') {
                         if ($data['Fund'] == 'BCFB') {
                             $datacode = 'MH';
                         } else {
                             $datacode = 'FN';
                         }
                     } else {
                         $datacode = $data['Class'];
                     }
                     $query = "INSERT INTO `bh_bh_price_data` (`price_date`, `fund_id`, `manager_id` , `currency_id`, `class_id`, `nav`, `nav_change`) VALUES ";
                     $query .= sprintf($format, $mysqli->real_escape_string($dt), $mysqli->real_escape_string($fundcode), $mysqli->real_escape_string($manager), $mysqli->real_escape_string($currency), $mysqli->real_escape_string($datacode), $mysqli->real_escape_string($data['NAV']), $mysqli->real_escape_string($data['NavChange']));
                     $query .= ' ON DUPLICATE KEY UPDATE nav = ';
                     $query .= sprintf($format_update_nav, $mysqli->real_escape_string($data['NAV']));
                     $query .= 'nav_change = ';
                     $query .= sprintf($format_update_nav_change, $mysqli->real_escape_string($data['NavChange']));
                     $result = $mysqli->query($query);
                     $errors = $mysqli->error;
                     //echo $query;
                 }
             }
         }
     }
     if (!$errors) {
         echo "The database has been updated with the latest information.";
     } else {
         echo "Something went wrong. The query did not work: " . $mysqli->error;
     }
 }
 public function escapeString($value)
 {
     return $this->dbConn->real_escape_string($value);
 }
Пример #26
0
 /**
  * Convert a string value for database usage
  *
  * @param string $value
  * @return string
  */
 public function toDbString($value)
 {
     return $this->mysqli->real_escape_string($value);
 }