public function testLists() { $list = ["a", "a\na", "a\ra", "a\ta", "a\\a", "a\\'a", "a\"a"]; $q = new SelectStatement(); $q->from('table1')->selectCount()->where(sqlstr('col1')->inList($list, SQLString::STRING_RENDERER())); $count = self::$currentDatabase->executeScalar($q . ''); $this->assertEquals(count($list), $count); }
public function testUpdate() { for ($a = 0; $a != 10; $a++) { self::$currentDatabase->insert('table2', ['field1' => 'f1' . $a, 'field2' => $a]); } $sr = new StatementResult(); self::$currentDatabase->update('table2', ['field2' => 1000], sqlstr('id')->equalsTo(':p1'), [':p1' => 2], $sr); $updateCounts = self::$currentDatabase->executeScalar('select count(*) from table2 where field2=1000'); $this->assertEquals(1, $updateCounts); $this->assertEquals(1, $sr->getAffectedRecords()); }
function sqlvalue($val, $quote) { if ($quote) { $tmp = sqlstr($val); } else { $tmp = $val; } if ($tmp == "") { $tmp = "NULL"; } elseif ($quote) { $tmp = "'" . $tmp . "'"; } return $tmp; }
public function testNulls() { $s = new SelectStatement(); $s->from('table1')->where(sqlstr('field1')->isNull())->andWhere(sqlstr('field2')->isNotNull())->selectAll(); $this->assertEquals('SELECT * FROM table1 WHERE field1 IS NULL AND field2 IS NOT NULL', $s . ''); }
<? if (isset($_REQUEST[username])) { $username = sqlstr($_REQUEST[username]); $password = sqlstr($_REQUEST[password]); $hash = md5($password); $userId = $conn->queryOne("SELECT user_id FROM users WHERE username = '******' AND password = '******'"); if ($userId > 0) { $_SESSION[userId] = $userId; header("location: /p/resource"); } } ?> <?include("pages/header.php")?> <div class='loginForm'> <form method='post'> <table> <tr> <td class='left'>Username:</td> <td class='right'><input type='text' name='username' value='<?php echo $username; ?> '/></td> </tr> <tr> <td class='left'>Password:</td>
function sql_getrecordcount() { global $conn; global $order; global $ordtype; global $filter; global $filterfield; global $wholeonly; $filterstr = sqlstr($filter); if (!$wholeonly && isset($wholeonly) && $filterstr != '') { $filterstr = "%" . $filterstr . "%"; } $sql = "SELECT COUNT(*) FROM `general_structure`"; if (isset($filterstr) && $filterstr != '' && isset($filterfield) && $filterfield != '') { $sql .= " where " . sqlstr($filterfield) . " like '" . $filterstr . "'"; } elseif (isset($filterstr) && $filterstr != '') { $sql .= " where (`index_struct` like '" . $filterstr . "') or (`tabla` like '" . $filterstr . "') or (`campo` like '" . $filterstr . "') or (`valor` like '" . $filterstr . "') or (`tipo` like '" . $filterstr . "') or (`longitud` like '" . $filterstr . "') or (`descripcion` like '" . $filterstr . "') or (`titulo` like '" . $filterstr . "') or (`control` like '" . $filterstr . "') or (`sql_select` like '" . $filterstr . "') or (`orientacion` like '" . $filterstr . "') or (`order_index` like '" . $filterstr . "') or (`script_field` like '" . $filterstr . "') or (`help_text` like '" . $filterstr . "')"; } $res = mysql_query($sql, $conn) or die(mysql_error()); $row = mysql_fetch_assoc($res); reset($row); return current($row); }
function sql_getrecordcount() { global $conn; global $order; global $ordtype; global $filter; global $filterfield; global $wholeonly; $filterstr = sqlstr($filter); if (!$wholeonly && isset($wholeonly) && $filterstr != '') { $filterstr = "%" . $filterstr . "%"; } $sql = "SELECT COUNT(*) FROM `tipocontato`"; if (isset($filterstr) && $filterstr != '' && isset($filterfield) && $filterfield != '') { $sql .= " where " . sqlstr($filterfield) . " like '" . $filterstr . "'"; } elseif (isset($filterstr) && $filterstr != '') { $sql .= " where (`codigoTipoContato` like '" . $filterstr . "') or (`descricao` like '" . $filterstr . "')"; } $res = mysql_query($sql, $conn) or die(mysql_error()); $row = mysql_fetch_assoc($res); reset($row); return current($row); }
function sql_getrecordcount() { global $conn; global $order; global $ordtype; global $filter; global $filterfield; global $wholeonly; $filterstr = sqlstr($filter); if (!$wholeonly && isset($wholeonly) && $filterstr != '') { $filterstr = "%" . $filterstr . "%"; } $sql = "SELECT COUNT(*) FROM (SELECT t1.`idcontrol`, t1.`tipo_operacion`, t1.`numero_de_documento`, t1.`cuenta_bancaria`, lp3.`descripcion_cuenta` AS `lp_cuenta_bancaria`, t1.`recibo_relacionado`, t1.`fecha_expedicion`, t1.`beneficiario`, t1.`monto_descontado`, t1.`monto_real`, t1.`estatus`, t1.`idusuario`, lp10.`nombreusuario` AS `lp_idusuario`, t1.`usuario_autorizo`, lp11.`nombreusuario` AS `lp_usuario_autorizo`, t1.`eacp`, t1.`sucursal` FROM `bancos_operaciones` AS t1 LEFT OUTER JOIN `bancos_cuentas` AS lp3 ON (t1.`cuenta_bancaria` = lp3.`idbancos_cuentas`) LEFT OUTER JOIN `usuarios` AS lp10 ON (t1.`idusuario` = lp10.`idusuarios`) LEFT OUTER JOIN `usuarios` AS lp11 ON (t1.`usuario_autorizo` = lp11.`idusuarios`)) subq"; if (isset($filterstr) && $filterstr != '' && isset($filterfield) && $filterfield != '') { $sql .= " where " . sqlstr($filterfield) . " like '" . $filterstr . "'"; } elseif (isset($filterstr) && $filterstr != '') { $sql .= " where (`tipo_operacion` like '" . $filterstr . "') or (`numero_de_documento` like '" . $filterstr . "') or (`lp_cuenta_bancaria` like '" . $filterstr . "') or (`recibo_relacionado` like '" . $filterstr . "') or (`fecha_expedicion` like '" . $filterstr . "') or (`beneficiario` like '" . $filterstr . "') or (`monto_descontado` like '" . $filterstr . "') or (`monto_real` like '" . $filterstr . "') or (`estatus` like '" . $filterstr . "') or (`lp_idusuario` like '" . $filterstr . "') or (`lp_usuario_autorizo` like '" . $filterstr . "')"; } $res = mysql_query($sql, $conn) or die(mysql_error()); $row = mysql_fetch_assoc($res); reset($row); return current($row); }
<? if (isset($_REQUEST[action])) { $username = sqlstr($_REQUEST[username]); $password = sqlstr($_REQUEST[password]); $password2 = sqlstr($_REQUEST[password2]); $email = sqlstr($_REQUEST[email]); $hash = md5($password); $userExists = $conn->queryOne("SELECT user_id FROM users WHERE username = '******'"); $userLengthValid = strlen($username) >= 3; $passwordLengthValid = strlen($password) >= 6; $passwordMatches = $password == $password2; $emailValid = validEmail($email); switch ($_REQUEST[action]) { case "checkusername": if ($userExists) echo "0|The username <b>$username</b> is already taken. Please choose another."; else if (!$userLengthValid) echo "0|Your chosen username is too short."; else echo "1|This username is valid!"; exit(); case "checkpassword": echo $passwordLengthValid ? "1" : "0"; echo "|";
function sqlvalue($val, $quote) { if ($quote) { $tmp = sqlstr($val); } else { $tmp = $val; } if ($tmp === "") { $tmp = "NULL"; } elseif ($quote) { $tmp = "'" . $tmp . "'"; //return str_replace("'", "\'", $tmp); } return $tmp; }
function sql_getrecordcount() { global $conn; global $order; global $ordtype; global $filter; global $filterfield; global $wholeonly; $filterstr = sqlstr($filter); if (!$wholeonly && isset($wholeonly) && $filterstr != '') { $filterstr = "%" . $filterstr . "%"; } $sql = "SELECT COUNT(*) FROM (SELECT t1.`ideacp_config_bases_de_integracion_miembros`, t1.`codigo_de_base`, lp1.`descripcion` AS `lp_codigo_de_base`, t1.`miembro`, lp2.`descripcion_operacion` AS `lp_miembro`, t1.`afectacion`, t1.`descripcion_de_la_relacion` FROM `eacp_config_bases_de_integracion_miembros` AS t1 LEFT OUTER JOIN `eacp_config_bases_de_integracion` AS lp1 ON (t1.`codigo_de_base` = lp1.`codigo_de_base`) LEFT OUTER JOIN `operaciones_tipos` AS lp2 ON (t1.`miembro` = lp2.`idoperaciones_tipos`)) subq"; if (isset($filterstr) && $filterstr != '' && isset($filterfield) && $filterfield != '') { $sql .= " where " . sqlstr($filterfield) . " like '" . $filterstr . "'"; } elseif (isset($filterstr) && $filterstr != '') { $sql .= " where (`ideacp_config_bases_de_integracion_miembros` like '" . $filterstr . "') or (`lp_codigo_de_base` like '" . $filterstr . "') or (`lp_miembro` like '" . $filterstr . "') or (`afectacion` like '" . $filterstr . "') or (`descripcion_de_la_relacion` like '" . $filterstr . "')"; } $res = mysql_query($sql, $conn) or die(mysql_error()); $row = mysql_fetch_assoc($res); reset($row); return current($row); }
public static function getAcceptTaskCountById($openid) { $openid_e = sqlstr($openid); $sql = "SELECT COUNT(1) FROM Task WHERE accepter_openid={$openid_e} and status=3"; return db_fetch_value($sql); }
/** * Creates an condition from an associative array * @param array $params * @return array */ protected function createAndCondition(array $params) { $condition = sqlstr(''); $conditionParameters = []; $first = true; foreach ($params as $field => $value) { if (!$first) { $condition->append(' AND '); } $condition->append($field); if (is_null($value)) { $condition->isNull(); } else { $param = ':cc_' . $field; $condition->equalsTo($param); $conditionParameters[$param] = $value; } $first = false; } return [$condition, $conditionParameters]; }
function sql_getrecordcount() { global $conn; global $order; global $ordtype; global $filter; global $filterfield; global $wholeonly; $filterstr = sqlstr($filter); if (!$wholeonly && isset($wholeonly) && $filterstr != '') { $filterstr = "%" . $filterstr . "%"; } $sql = "SELECT COUNT(*) FROM (SELECT t1.`codigoEmail`, t1.`codigoTipoEmail`, lp1.`descricao` AS `lp_codigoTipoEmail`, t1.`endereco` FROM `email` AS t1 LEFT OUTER JOIN `tipoemail` AS lp1 ON (t1.`codigoTipoEmail` = lp1.`codigoTipoEmail`)) subq"; if (isset($filterstr) && $filterstr != '' && isset($filterfield) && $filterfield != '') { $sql .= " where " . sqlstr($filterfield) . " like '" . $filterstr . "'"; } elseif (isset($filterstr) && $filterstr != '') { $sql .= " where (`codigoEmail` like '" . $filterstr . "') or (`lp_codigoTipoEmail` like '" . $filterstr . "') or (`endereco` like '" . $filterstr . "')"; } $res = mysql_query($sql, $conn) or die(mysql_error()); $row = mysql_fetch_assoc($res); reset($row); return current($row); }
function sql_getrecordcount() { global $conn; global $order; global $ordtype; global $filter; global $filterfield; global $wholeonly; $filterstr = sqlstr($filter); if (!$wholeonly && isset($wholeonly) && $filterstr != '') { $filterstr = "%" . $filterstr . "%"; } $sql = "SELECT COUNT(*) FROM (SELECT t1.`codigoContato`, lp0.`nome` AS `lp_codigoContato`, t1.`codigoTelefone`, lp1.`numero` AS `lp_codigoTelefone` FROM `contatotelefones` AS t1 LEFT OUTER JOIN `contato` AS lp0 ON (t1.`codigoContato` = lp0.`codigoContato`) LEFT OUTER JOIN `telefone` AS lp1 ON (t1.`codigoTelefone` = lp1.`codigoTelefone`)) subq"; if (isset($filterstr) && $filterstr != '' && isset($filterfield) && $filterfield != '') { $sql .= " where " . sqlstr($filterfield) . " like '" . $filterstr . "'"; } elseif (isset($filterstr) && $filterstr != '') { $sql .= " where (`lp_codigoContato` like '" . $filterstr . "') or (`lp_codigoTelefone` like '" . $filterstr . "')"; } $res = mysql_query($sql, $conn) or die(mysql_error()); $row = mysql_fetch_assoc($res); reset($row); return current($row); }
function checkpid($pid) { $imei = imei(); $pid_e = sqlstr($pid); $login_key = "LOGIN-{$pid}"; $login_imeis = apcfetch($login_key); if ($login_imeis === FALSE) { $login_imeis = array(); $data = db_fetch_all("SELECT imei FROM login WHERE pid={$pid_e}"); foreach ($data as $e) { $imei = $e["imei"]; $login_imeis[$imei] = 1; } apcstore($login_key, $login_imeis); $login_imeis = apcfetch($login_key); //operation_fail($login_imeis); on_apc_miss(); } else { on_apc_hit(); } if (!isset($login_imeis[$imei])) { operation_fail("你的登陆信息已失效,为了保护账号,请退出重新登陆"); } }
public function testConcat() { $this->assertEquals("md5(username||password)", sqlstr('username')->concat('password')->md5()); }
/** * @param type $name * @return SQLString */ protected function column($name) { return sqlstr($name)->dotPrefix($this->rel_alias); }
//must check this is a valid language $languages = $conn->queryAll("SELECT l.*, (select count(distinct translation_id) FROM translations WHERE variable_id in (select variable_id from variables where resource_id = $resourceId) AND language_code = l.code) as complete FROM languages l"); $languageFound = in_array_column($languageCode,'code',$languages); if (!$languageFound) $languageCode = ""; else { switch ($_REQUEST[a]) { case "update": $variableId = (int)$_REQUEST[id]; $text = sqlstr(str_replace('\\','\\\\',$_REQUEST[content])); $existing = $conn->queryAll("SELECT * FROM translations WHERE variable_id = $variableId AND user_id = $userId AND language_code = '$languageCode'"); if (sizeof($existing) == 0) { $conn->exec("INSERT INTO translations (user_id, variable_id, language_code, text) VALUES ($userId, $variableId, '$languageCode', '$text')"); } else { $conn->exec("UPDATE translations SET text = '$text', last_update = CURRENT_TIMESTAMP WHERE user_id = $userId AND language_code = '$languageCode' AND variable_id = $variableId"); } echo "1"; exit();
/** * Adds a table an a optional alias to the FROM list * @param string $table The name of the table * @param string $alias The table alias, default to '' * @return \Blend\Component\Database\SQL\Statement\Select */ public function from($table, $alias = '') { if (!empty($alias)) { $this->from[] = sqlstr($table)->tableAlias($alias); } else { $this->from[] = $table; } $this->lastFromIndex = count($this->from) - 1; return $this; }
public function testSelectCountWithAliasTest() { $s = new SelectStatement(); $s->selectCount('numbers')->from('table1')->where(sqlstr('field1')->equalsTo(5)); $this->assertEquals('SELECT COUNT(*) AS numbers FROM table1 WHERE field1 = 5', $s . ''); }
function sql_getrecordcount() { global $conn; global $order; global $ordtype; global $filter; global $filterfield; global $wholeonly; $filterstr = sqlstr($filter); if (!$wholeonly && isset($wholeonly) && $filterstr != '') { $filterstr = "%" . $filterstr . "%"; } $sql = "SELECT COUNT(*) FROM (SELECT t1.`codigoTarefa`, t1.`codigoTarefaStatus`, lp1.`descricao` AS `lp_codigoTarefaStatus`, t1.`dataInicio`, t1.`horaInicial`, t1.`dataLimite`, t1.`horaLimite`, t1.`titulo`, t1.`descricao`, t1.`codigoTarefaPrioridade`, lp8.`descricao` AS `lp_codigoTarefaPrioridade`, t1.`datahoracriacao` FROM `tarefa` AS t1 LEFT OUTER JOIN `tarefastatus` AS lp1 ON (t1.`codigoTarefaStatus` = lp1.`codigoTarefaStatus`) LEFT OUTER JOIN `tarefaprioridade` AS lp8 ON (t1.`codigoTarefaPrioridade` = lp8.`codigoTarefaPrioridade`)) subq"; if (isset($filterstr) && $filterstr != '' && isset($filterfield) && $filterfield != '') { $sql .= " where " . sqlstr($filterfield) . " like '" . $filterstr . "'"; } elseif (isset($filterstr) && $filterstr != '') { $sql .= " where (`codigoTarefa` like '" . $filterstr . "') or (`lp_codigoTarefaStatus` like '" . $filterstr . "') or (`dataInicio` like '" . $filterstr . "') or (`horaInicial` like '" . $filterstr . "') or (`dataLimite` like '" . $filterstr . "') or (`horaLimite` like '" . $filterstr . "') or (`titulo` like '" . $filterstr . "') or (`descricao` like '" . $filterstr . "') or (`lp_codigoTarefaPrioridade` like '" . $filterstr . "') or (`datahoracriacao` like '" . $filterstr . "')"; } $res = mysql_query($sql, $conn) or die(mysql_error()); $row = mysql_fetch_assoc($res); reset($row); return current($row); }
/** * Loads columns for a given relation * @param Relation $relation */ protected function loadColumnsForRelation(Relation $relation) { $sql = new SelectStatement(); $sql->from('information_schema.columns')->where(sqlstr('table_schema')->equalsTo(':table_schema'))->andWhere(sqlstr('table_name')->equalsTo(':table_name')); $params = [':table_schema' => $relation->getSchemaName(), ':table_name' => $relation->getName()]; foreach ($this->database->executeQuery($sql, $params) as $record) { $column = new Column($record); $relation->addColumn($column); } }