Пример #1
0
 public function updatePlayer(IPlayer $player, $lastIP = null, $loginDate = null)
 {
     $name = trim(strtolower($player->getName()));
     if ($lastIP !== null) {
         $this->database->query("UPDATE simpleauth_players SET lastip = '" . $this->database->escape_string($lastIP) . "' WHERE name = '" . $this->database->escape_string($name) . "'");
     }
     if ($loginDate !== null) {
         $this->database->query("UPDATE simpleauth_players SET logindate = " . intval($loginDate) . " WHERE name = '" . $this->database->escape_string($name) . "'");
     }
 }
Пример #2
0
 public function getStats($playerName)
 {
     $playerName = $this->db->escape_string(trim(strtolower($playerName)));
     $result = $this->db->query("SELECT * FROM tntstats WHERE name = '" . $playerName . "'");
     if ($result instanceof \mysqli_result) {
         $assoc = $result->fetch_assoc();
         $result->free();
         if (isset($assoc["name"]) and $assoc["name"] === $playerName) {
             return $assoc;
         }
     }
     return null;
 }
Пример #3
0
 /**
  * Экранирует значение
  * @param  string|array $value
  * @param  null         $type
  * @return string
  */
 public function quote($value, $type = null)
 {
     if (is_array($value)) {
         foreach ($value as $key => $val) {
             $q = $this->getQuoteIdentifierSymbol();
             $value[$key] = $q . $this->db->escape_string($value) . $q;
         }
         $quoted_value = implode(', ', $value);
     } else {
         $q = $this->getQuoteIdentifierSymbol();
         $quoted_value = $q . $this->db->escape_string($value) . $q;
     }
     return $quoted_value;
 }
Пример #4
0
 public function escStr($str)
 {
     if (is_bool($str)) {
         return $str ? "1" : "0";
     }
     return is_string($str) ? "'{$this->mysqli->escape_string($str)}'" : "{$str}";
 }
Пример #5
0
 /**
  * escaping a string
  * 
  * @param string $str
  * @return string
  */
 public function escape($str)
 {
     if (!$this->ready()) {
         return false;
     }
     return $this->_MySQLi->escape_string($str);
 }
Пример #6
0
 /**
  * @param PlayerQuitEvent $e
  */
 public function onPlayerQuit(PlayerQuitEvent $e)
 {
     if ($this->getPlayer($e->getPlayer()) == null) {
         $this->AddPlayer($e->getPlayer());
     } else {
         $this->db->query("UPDATE player_stats SET quits = quits +1 WHERE name = '" . $this->db->escape_string($e->getPlayer()->getName()) . "'") or die($this->bd->mysqli_error());
     }
     //$this->db->query("UPDATE player_stats SET quits = quits +1 WHERE name = '".$this->db->escape_string($e->getPlayer()->getName())."'") or die($this->bd->mysqli_error());
 }
Пример #7
0
 /**
  * Escape a string to be used in a SQL query.
  *
  * @param String $string The string to escape
  *
  * @return Mixed $return The escaped string on success, FALSE on error
  */
 public function escape_string($string)
 {
     $this->connect();
     if ($this->connected === TRUE) {
         return $this->mysqli->escape_string($string);
     } else {
         return FALSE;
     }
 }
Пример #8
0
 /**
  * Escaped einen String, der durch Nutzereingabe herkommt
  * 
  * @param type $string
  * @return type $string
  * @author Halldor Rolandsson
  */
 public function escapeMethod($string)
 {
     $database = new mysqli($this->dbHost, $this->dbUser, $this->dbPass, $this->dbDatabase);
     if (mysqli_connect_errno()) {
         printf("Connect failed: %s\n", mysqli_connect_error());
         exit;
     }
     $string = $database->escape_string($string);
     $database->close();
     return $string;
 }
Пример #9
0
 protected function _process_values($values)
 {
     $data = array();
     foreach ($values as $v) {
         if (is_string($v)) {
             $v = $this->_connection->escape_string($v);
         }
         $data[] = $v;
     }
     return $data;
 }
 public function touchIP($ip)
 {
     //		$ip = $this->db->escape_string(implode("", array_map(function($token){
     //			return chr(intval($token));
     //		}, explode(".", $ip))));
     $ip = $this->db->escape_string($ip);
     $result = $this->db->query("SELECT ip FROM {$this->itn} WHERE ip = '{$ip}';");
     $exists = is_array($result->fetch_assoc());
     $result->close();
     if (!$exists) {
         $this->db->query("INSERT INTO {$this->itn} VALUES ('{$ip}');");
     }
     return $exists;
 }
Пример #11
0
 /**
  * Creates a new SQL-part for this field.
  * (Only adds ' around string typed fields)
  */
 private final function getDataPart($data, $type)
 {
     $ret = "";
     switch ($type) {
         case 'number':
             $ret = $data;
             break;
         case 'string':
             $ret = "'" . $this->db->escape_string($data) . "'";
             break;
         default:
             $ret = "'" . $this->db->escape_string($data) . "'";
     }
     return $ret;
 }
Пример #12
0
/**
 * Checks a MySQL database for invalid foreign keys, i.e., a keys pointing to missing rows.
 *
 * @author     David Grudl (http://davidgrudl.com)
 * @copyright  Copyright (c) 2008 David Grudl
 * @license    New BSD License
 * @version    1.0
 */
function checkForeignKeys(mysqli $db, $database = NULL)
{
    $keys = $db->query('
		SELECT TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME, REFERENCED_TABLE_NAME, REFERENCED_COLUMN_NAME
		FROM information_schema.KEY_COLUMN_USAGE
		WHERE REFERENCED_TABLE_SCHEMA IS NOT NULL' . ($database ? " AND TABLE_SCHEMA='{$db->escape_string($database)}'" : ''));
    foreach ($keys as $key) {
        echo "{$key['TABLE_SCHEMA']} {$key['TABLE_NAME']}.{$key['COLUMN_NAME']}: ";
        foreach ($key as &$identifier) {
            $identifier = '`' . str_replace('`', '``', $identifier) . '`';
        }
        $row = $db->query("\n\t\t\tSELECT COUNT({$key['COLUMN_NAME']})\n\t\t\tFROM {$key['TABLE_SCHEMA']}.{$key['TABLE_NAME']}\n\t\t\tWHERE {$key['COLUMN_NAME']} NOT IN (SELECT {$key['REFERENCED_COLUMN_NAME']} FROM {$key['TABLE_SCHEMA']}.{$key['REFERENCED_TABLE_NAME']})\n\t\t")->fetch_array();
        echo $row[0] ? "found {$row['0']} invalid foreign keys!\n" : "OK\n";
    }
}
 private function cleanCriteria($criteria)
 {
     if (is_numeric($criteria)) {
         if (false !== strpos($criteria, '.')) {
             $criteria = floatval($criteria);
         } else {
             $criteria = intval($criteria);
         }
     } elseif (is_array($criteria)) {
         $criteria = json_encode($criteria);
     } elseif (is_string($criteria)) {
         $criteria = $this->db->escape_string($criteria);
     }
     return $criteria;
 }
Пример #14
0
             $stmt->execute() or die($stmt->error);
             $tabAdresseId[$rep->idadresse] = array('rue', $mysqliNew->insert_id);
         } else {
             echo '<p>aucun quartier correspondant à ' . $nomQuartier . '</p>';
             $tabAdresseId[$rep->idadresse] = array('erreur', $mysqliNew->insert_id);
         }
     } else {
         if (!empty($rep->nomville)) {
             $nomVille = nettoyeChaine($rep->nomville);
             $stmtTrouveIdVille->execute() or die($stmt->error);
             $stmtTrouveIdVille->bind_result($idVille);
             if ($stmtTrouveIdVille->fetch()) {
                 $stmtTrouveIdVille->free_result();
                 $result = $mysqliNew->query('SELECT idSousQuartier FROM sousQuartier sq WHERE idQuartier=(SELECT idQuartier FROM quartier sq WHERE idVille=' . $idVille . ' AND nom="autre") AND nom="autre"');
                 $reponse = $result->fetch_object();
                 $nom = $mysqliNew->escape_string($nom);
                 $prefixe = $mysqliNew->escape_string($prefixe);
                 // ajout laurent : pour separation prefixe (complement) du nom de la rue
                 $idSousQuartier = $reponse->idSousQuartier;
                 $stmt->execute() or die($stmt->error);
                 $tabAdresseId[$rep->idadresse] = array('rue', $mysqliNew->insert_id);
             } else {
                 echo '<p>aucun quartier correspondant à ' . $nomQuartier . '</p>';
                 $tabAdresseId[$rep->idadresse] = array('erreur', $mysqliNew->insert_id);
             }
         } else {
             echo '<p>PERTE : idadresse = ' . $rep->idadresse . '</p>';
             $tabAdresseId[$rep->idadresse] = array('erreur', $mysqliNew->insert_id);
         }
     }
 }
Пример #15
0
<?php

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    // Prepare data for insertion
    $id = $db->escape_string($_POST["id"]);
    $soort = $db->escape_string($_POST["soort"]);
    // Prepare query and execute
    $query = "insert into species (id, soort) values ('{$id}','{$soort}')";
    $result = $db->query($query);
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
}
Пример #16
0
<?php

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    // Prepare data for insertion
    $client = $db->escape_string($_POST["name"]);
    // Prepare query and execute
    $query = "INSERT INTO client (name) VALUES ('{$client}')";
    $result = $db->query($query);
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
}
            th, td {
                padding: 5px;
                text-align:center;
            }
            p
            {
                text-align:center;
            }
        </style>
        <?php 
global $mysqlusername, $mysqlpassword, $mysqldatabase, $mysqllocation;
$db = new mysqli($mysqllocation, $mysqlusername, $mysqlpassword, $mysqldatabase);
if (!isset($_GET["curr"])) {
    die("<script>window.close()</script>");
}
$curr = $db->escape_string($_GET["curr"]);
$query = "SELECT currency.shortname, valuechanges.newbuyvalue, valuechanges.newsellvalue, currency.name FROM valuechanges INNER JOIN currency ON currency.currencyid=valuechanges.currencyid WHERE valuechanges.changegroup={$curr} ORDER BY currency.name ASC";
$result = $db->query($query) or die($db->error);
?>
    </head>

    <body>
        <table style="width:100%">
            <tr>
                <th>Currency</th>
                <th>New Buying Value</th>
                <th>New Selling Value</th>
            </tr>
            <?php 
while ($row = $result->fetch_assoc()) {
    echo "<tr>";
Пример #18
0
<?php

if ($_SERVER["REQUEST_METHOD"] == "GET") {
    $client = NULL;
    if (isset($_GET['id'])) {
        // Get species for id
        $db = new mysqli('localhost', 'root', '', 'hospital');
        $id = $db->query($query);
        $species = $result->fetch_assoc();
    }
    if ($species == NULL) {
        // No species found
        http_response_code(404);
        include "../common/not_found.php";
        exit;
    }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (isset($_POST['confirmed'])) {
        $db = new mysqli('localhost', 'root', '', 'hospital');
        // Prepare data for delete
        $id = $db->escape_string($_POST["id"]);
        // Prepare query and execute
        $query = "delete from species where id={$id}";
        $result = $db->query($query);
    }
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
}
Пример #19
0
global $mysqlusername, $mysqlpassword, $mysqldatabase, $mysqllocation;
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Forex Trading Simulator - Add Users</title>
        <?php 
if (isset($_POST["name"]) && isset($_POST["userid"]) && isset($_POST["password"]) && isset($_POST["usertype"])) {
    $db = new mysqli($mysqllocation, $mysqlusername, $mysqlpassword, $mysqldatabase);
    $name = $db->real_escape_string($_POST["name"]);
    $userid = $db->real_escape_string($_POST["userid"]);
    $password = $db->real_escape_string($_POST["password"]);
    $usertype = $db->real_escape_string($_POST["usertype"]);
    $password = password_hash($password, PASSWORD_DEFAULT);
    $salt = $db->escape_string($salt);
    $query = "INSERT INTO users (name, userid, password, usertype) VALUES ('{$name}', '{$userid}', '{$password}', {$usertype});";
    if ($db->query($query) === TRUE) {
        $query = "SELECT userkey FROM users WHERE userid='{$userid}'";
        $result = $db->query($query);
        $row = $result->fetch_assoc();
        $userkey = $row["userkey"];
        $query = "INSERT INTO wallet (userkey, currencyid, amount) VALUES ({$userkey}, 1, 10000000)";
        $db->query($query);
        //$query = "INSERT INTO wallet (userkey, currencyid, amount) VALUES ($userkey, 2, 1300000000)";
        //$db->query($query);
        $query = "SELECT currencyid FROM currency WHERE currencyid != 1";
        $result = $db->query($query);
        while ($row = $result->fetch_assoc()) {
            //if($row["currencyid"] == 1)
            //    continue;
Пример #20
0
                     $allowed = true;
                     if (!$register && isset($groupPermissions["SESSION_DURATION"])) {
                         $sessionTime = $groupPermissions["SESSION_DURATION"];
                     }
                     if (isset($groupPermissions["ALLOW_NO_PROXY"]) && $groupPermissions["ALLOW_NO_PROXY"]) {
                         $proxyEnforced = false;
                     }
                     break;
                 }
             }
         }
     }
     if ($allowed) {
         $noProxy = $proxyEnforced ? 'N' : 'Y';
         if ($register) {
             $sql = "insert into user_devices (mac_address, username, auth_time_utc, no_proxy) values ('{$mac}', '" . $conn->escape_string($un) . "', UTC_TIMESTAMP(), '{$noProxy}')";
         } else {
             $sql = "insert into auth_sessions (username, mac_address, ip_address, auth_time_utc, expiry_time_utc, no_proxy) values ('" . $conn->escape_string($un) . "', '{$mac}', '{$srcIP}', UTC_TIMESTAMP(), ADDTIME(UTC_TIMESTAMP(), '{$sessionTime}'), '{$noProxy}')";
         }
         // create a session record
         if ($conn->query($sql) === false) {
             $errors[] = "Unable to create " . ($register ? "device" : "session") . " record in database.";
         } else {
             $loggedIn = true;
             iptablesAddUserDevice($mac, $proxyEnforced);
         }
     } else {
         $errors[] = "Your username and password are correct, but you're not authorised to " . ($register ? "register devices" : "log in") . " using this service. <a href='" . SQUID_SUPPORT_URL . "'>Click here to request help with this issue.</a>";
     }
 } else {
     $errors[] = "Invalid username or password.";
 /**
  * @see Yun_Db_Adapter_Interface::quote()
  */
 public function quote($string)
 {
     return $this->mysqli->escape_string($string);
 }
Пример #22
0
<?php

if ($_SERVER["REQUEST_METHOD"] == "GET") {
    $species = NULL;
    if (isset($_GET['id'])) {
        //Get Species for id
        require '../common/connect.php';
        $id = $db->escape_string($_GET["id"]);
        $query = "select * from species where id={$id}";
        $result = $db->query($query);
        $species = $result->fetch_assoc();
    }
    if ($species == NULL) {
        // No species found
        http_response_code(404);
        include "../common/not_found.php";
        exit;
    }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    // Prepare data for update
    $id = $db->escape_string($_POST["id"]);
    $species = $db->escape_string($_POST["species"]);
    // Prepare query and execute
    $query = "update species set name='{$species}' where id={$id}";
    $result = $db->query($query);
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
}
Пример #23
0
<?php

if ($_SERVER["REQUEST_METHOD"] == "GET") {
    $species = NULL;
    if (isset($_GET['id'])) {
        // Get Species for id
        $db = new mysqli('localhost', 'root', '', 'hospital');
        $id = $db->escape_string($_GET["id"]);
        $query = "select * from species where id={$id}";
        $result = $db->query($query);
        $species = $result->fetch_assoc();
    }
    if ($species == NULL) {
        // No species found
        http_response_code(404);
        include "../common/not_found.php";
        exit;
    }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    // Prepare data for update
    $id = $db->escape_string($_POST["id"]);
    $name = $db->escape_string($_POST["name"]);
    // Prepare query and execute
    $query = "update species set species='{$name}' where id={$id}";
    $result = $db->query($query);
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
}
Пример #24
0
<?php

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    // Prepare data for insertion
    $name = $db->escape_string($_POST["name"]);
    $species = $db->escape_string($_POST["species_id"]);
    $status = $db->escape_string($_POST["status"]);
    $client_id = $db->escape_string($_POST["client_id"]);
    // Prepare query and execute
    $query = "insert into patient (name, species_id, status, client_id) values ('{$name}','{$species}','{$status}','{$client_id}')";
    $result = $db->query($query);
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
} else {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    $query = "\tSELECT * FROM clients;";
    //client id uit CLIENT = verbonden met id uit client
    $result = $db->query($query);
    $clients = $result->fetch_all(MYSQLI_ASSOC);
    //------------------------
    $query = "\tSELECT * FROM species;";
    $result = $db->query($query);
    $species = $result->fetch_all(MYSQLI_ASSOC);
}
Пример #25
0
            }
        }
        echo $ln . "/" . $count . "\r";
        $form['regno'] = $reg_no;
        $form['submit'] = "Submit";
        $snoopy->submit("http://192.168.216.1/resultstatus.php", $form);
        if (strpos($snoopy->results, 'is invalid') !== false) {
            echo "Invalid.";
            continue;
        } else {
            $result = trim(strip_tags(cut_str($snoopy->results, '<p><br />', '<p class="content">')));
            if (strpos($snoopy->results, "NOT Qualified") !== false) {
                //Did not qualify
                continue;
            } else {
                //Maybe qualified
                //save
                $res = $db->escape_string($result);
                $db->query("INSERT INTO results_2011_raw VALUES ('{$reg_no}','{$res}')");
            }
        }
    }
}
function cut_str($str, $left, $right)
{
    $str = substr(stristr($str, $left), strlen($left));
    $leftLen = strlen(stristr($str, $right));
    $leftLen = $leftLen ? -$leftLen : strlen($str);
    $str = substr($str, 0, $leftLen);
    return $str;
}
Пример #26
0
if ($_SERVER["REQUEST_METHOD"] == "GET") {
    $client = NULL;
    if (isset($_GET['id'])) {
        // Get Patient for id
        $db = new mysqli('localhost', 'root', '', 'hospital');
        $id = $db->escape_string($_GET["id"]);
        $query = "select * from client where id={$id}";
        $result = $db->query($query);
        $client = $result->fetch_assoc();
    }
    if ($client == NULL) {
        // No client found
        http_response_code(404);
        include "../common/not_found.php";
        exit;
    }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    // Prepare data for update
    $id = $db->escape_string($_POST["id"]);
    $name = $db->escape_string($_POST["name"]);
    $phone = $db->escape_string($_POST["phone"]);
    $mail = $db->escape_string($_POST["mail"]);
    // Prepare query and execute
    $query = "update client set name='{$name}', phone='{$phone}', mail='{$mail}' where id={$id}";
    $result = $db->query($query);
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
}
Пример #27
0
 /**
  * {@inheritdoc}
  */
 public function quote($input, $type = \PDO::PARAM_STR)
 {
     return "'" . $this->_conn->escape_string($input) . "'";
 }
Пример #28
0
// Key set and no key given or key is wrong
if (!isset($_GET['key']) || !$helpers->keyToServerKeys($access_keys, $_GET['key'])) {
    $helpers->printXmlError("APP_AUTH_FAILURE", "CallAdmin_Takeover");
}
$dbi = new mysqli($host, $username, $password, $database, $dbport);
// Oh noes, we couldn't connect
if ($dbi->connect_errno != 0) {
    $helpers->printXmlError("DB_CONNECT_FAILURE", "CallAdmin_Takeover");
}
// Set utf-8 encodings
$dbi->set_charset("utf8");
// Escape server keys
foreach ($access_keys as $key => $value) {
    if (is_array($value)) {
        foreach ($value as $serverKey) {
            $access_keys[$key][$serverKey] = $dbi->escape_string($serverKey);
        }
    }
}
// Server Key clause
$server_key_clause = 'serverKey IN (' . $helpers->keyToServerKeys($access_keys, $_GET['key']) . ') OR LENGTH(serverKey) < 1';
// Safety
if (isset($_GET['callid']) && preg_match("/^[0-9]{1,11}+\$/", $_GET['callid'])) {
    $callID = $dbi->escape_string($_GET['callid']);
    $insertresult = $dbi->query("UPDATE\n\t\t\t\t\t\t\t\t\t`{$table}`\n\t\t\t\t\t\t\t\tSET callHandled = 1\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tcallID = {$callID} AND {$server_key_clause}");
    // Insert failed, we should check if the update was successfull somehow (affected_rows ist reliable here)
    if ($insertresult === FALSE) {
        $dbi->close();
        $helpers->printXmlError("DB_UPDATE_FAILURE", "CallAdmin_Takeover");
    }
} else {
Пример #29
0
if ($_SERVER["REQUEST_METHOD"] == "GET") {
    $species = NULL;
    if (isset($_GET['id'])) {
        //Get Species for id
        $db = new mysqli('localhost', 'root', '', 'hospital');
        $id = $db->escape_string($_GET["id"]);
        $query = "select * from species where id={$id}";
        $result = $db->query($query);
        $species = $result->fetch_assoc();
    }
    if ($species == NULL) {
        // No species found
        http_response_code(404);
        include "../common/not_found.php";
        exit;
    }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
    $db = new mysqli('localhost', 'root', '', 'hospital');
    // Prepare data for update
    $id = $db->escape_string($_POST["id"]);
    $name = $db->escape_string($_POST["name"]);
    $species = $db->escape_string($_POST["species"]);
    $status = $db->escape_string($_POST["status"]);
    // Prepare query and execute
    $query = "update species set {$name}='name', species='{$species}', status='{$status}' where id={$id}";
    $result = $db->query($query);
    // Tell the browser to go back to the index page.
    header("Location: ./");
    exit;
}
Пример #30
0
 /**
  * Экранирует символы
  */
 function EscapeString($text)
 {
     return $this->db->escape_string($text);
 }