PHP core Db::escape примеры использования

Пример #1

Файл: adoption.php Проект: allanjg89/Pet-Basket-Website

    public static function createAdoption($adoptionObj)
    {
        $user_id_adopter = \Core\Db::escape($adoptionObj->getUserIdAdopter());
        $user_id_poster = \Core\Db::escape($adoptionObj->getUserIdPoster());
        $pet_id = \Core\Db::escape($adoptionObj->getPetId());
        $created = $adoptionObj->getCreated();
        $updated = $adoptionObj->getUpdated();
        $visibility = $adoptionObj->getVisibility();
        $sql = <<<q
INSERT INTO `adoption`(
`id`,
`user_id_adopter`, 
`user_id_poster`,
`pet_id`,
`created`,
`updated`,
`visibility`) 
VALUES (
DEFAULT,
'{$user_id_adopter}',
'{$user_id_poster}',
'{$pet_id}',
{$created},
{$updated},
'{$visibility}');
q;
        $res = \Core\Db::execute($sql);
        return $res === false ? false : \Core\Db::insertId();
    }

Пример #2

Файл: Page.php Проект: phpsa/CoreCMS

 public function getPages($filter = array(), $orderby = 'name', $orderdir = 'asc', $page = 1, $limit = 0)
 {
     if ($limit > 0) {
         $query = "Select SQL_CALC_FOUND_ROWS * from #__ams_pages where namespace = '" . $this->_db->escape($this->_namespace) . "' ";
     } else {
         $query = "Select * from #__ams_pages where namespace = '" . $this->_db->escape($this->_namespace) . "' ";
     }
     $props = $this->_getProperties();
     $where = array();
     if (!empty($filter)) {
         foreach ($filter as $key => $value) {
             if ($key == 'id') {
                 $key = 'ams_page_id';
             }
             if ($key == 'date_added') {
                 $query .= " and DATE(from_unixtime(date_created)) = DATE('" . $this->_db->escape($value) . "') ";
             }
             if ($key == 'ams_page_id') {
                 $query .= " and ams_page_id = '" . (int) $value . "' ";
             } elseif ($key == 'name') {
                 $query .= " and `name` like '%" . $this->_db->escape($value) . "%' ";
             } elseif ($key == 'parent_id') {
                 $query .= " and parent_id = '" . (int) $value . "' ";
             } elseif ($key == 'status') {
                 $query .= " and `status` = '" . (int) $value . "' ";
             } elseif (isset($props[$key])) {
                 $query .= " and ams_page_id in (select distinct(ams_page_id) from #__ams_nodes " . "where node = '" . $this->_db->escape($key) . "' and content like '%" . $this->_db->escape($value) . "%') ";
             }
         }
     }
     $orderbys = array('ams_page_id', 'name', 'parent_id', 'status', 'date_created', 'date_modified');
     $order = in_array($orderby, $orderbys) ? $orderby : 'name';
     $dir = strtolower($orderdir) == 'desc' ? 'desc' : 'asc';
     $query .= " order by {$order} {$dir}";
     if ($limit > 0) {
         if ($page < 1) {
             $page = 1;
         }
         $start = ($page - 1) * $limit;
         $query .= " limit {$start}, {$limit}";
     }
     $res = $this->_db->query($query);
     $res->total = $res->num_rows;
     if ($limit > 0) {
         $totals = $this->_db->fetchRow("select FOUND_ROWS() as total");
         $res->total = $totals['total'];
     }
     return $res;
 }

Пример #3

Файл: pet.php Проект: allanjg89/Pet-Basket-Website

    public static function updatePet($petObj)
    {
        $id = \Core\Db::escape($petObj->getId());
        $name = \Core\Db::escape($petObj->getName());
        $description = \Core\Db::escape($petObj->getDescription());
        $specialNeeds = \Core\Db::escape($petObj->getSpecialNeeds());
        $weight = \Core\Db::escape($petObj->getWeight());
        $species = \Core\Db::escape($petObj->getSpecies());
        $breed = \Core\Db::escape($petObj->getBreed());
        $age = \Core\Db::escape($petObj->getAge());
        $sex = \Core\Db::escape($petObj->getSex());
        $userId = \Core\Db::escape($petObj->getUserId());
        $adoptionId = \Core\Db::escape($petObj->getAdoptionId());
        $created = $petObj->getCreated();
        $updated = time();
        $visibility = $petObj->getVisibility();
        $approved = $petObj->getApproved();
        $sql = <<<q
UPDATE `pet` SET
`name` = '{$name}',
`description` = '{$description}',
`special_needs` = '{$specialNeeds}',
`weight` = {$weight}, 
`species` = '{$species}',
`breed` = '{$breed}',
`age` = {$age},
`sex` = '{$sex}',                
`user_id` = '{$userId}',
`adoption_id` = '{$adoptionId}',
`created` = {$created},
`updated` = {$updated},
`visibility` = '{$visibility}',
`approved` = {$approved}
WHERE `id` = {$id};
q;
        //var_dump($sql);
        //exit;
        $res = \Core\Db::execute($sql);
        return $res === false ? false : true;
    }

Пример #4

Файл: user.php Проект: allanjg89/Pet-Basket-Website

 /**
  * Select a row from the user table by username
  * @param type $userName   email to select on
  * @return type  mixed      false on failure, array of results otherwise - see http://php.net/manual/en/mysqli.query.php
  * @throws Exception     
  */
 public static function getUserByUsername($userName)
 {
     $userName = \Core\Db::escape($userName);
     return \Core\Db::execute("SELECT * FROM `user` WHERE `username`='{$userName}';");
 }

Пример #5

Файл: message.php Проект: allanjg89/Pet-Basket-Website

    public static function updateMessage($messageObj)
    {
        $id = $messageObj->getId();
        $message = \Core\Db::escape($messageObj->getMessage());
        $updated = time();
        $senderVisibility = $messageObj->getSenderVisibility();
        $recipientVisibility = $messageObj->getRecipientVisibility();
        $sql = <<<q
UPDATE `message` SET
`message` = '{$message}',
`updated` = {$updated},
`sender_visibility` = {$senderVisibility},
`recipient_visibility` = {$recipientVisibility}
WHERE `id` = {$id};
q;
        //var_dump($sql);
        //exit;
        $res = \Core\Db::execute($sql);
        return $res === false ? false : true;
    }

Пример #6

Файл: basket.php Проект: allanjg89/Pet-Basket-Website

 /**
  * Remove a pet from a user's PetBasket
  * @param mixed $userId
  * @param mixed $petId
  * @return type
  */
 public static function remove($userId, $petId)
 {
     $userId = \Core\Db::escape($userId);
     $petId = \Core\Db::escape($petId);
     $sql = "DELETE FROM `basket` WHERE `user_id`='user:{$userId}' AND `pet_id`='pet:{$petId}';";
     return \Core\Db::execute($sql);
 }

Пример #7

Файл: image.php Проект: allanjg89/Pet-Basket-Website

 public static function getImageByFileName($imageFileName)
 {
     $cleanImageFileName = \Core\Db::escape($imageFileName);
     return \Core\Db::execute("SELECT `name` FROM image WHERE `file_name`='{$cleanImageFileName}';");
 }