stripMaliciousSql PHP代码示例

示例#1

0

显示文件

文件： get_stories.php 项目： malimu/CrisisTracker

function getSafeValues($input, $readNumbers = FALSE)
{
    $output = array();
    if (is_array($input)) {
        foreach ($input as $tag) {
            $tmp = '';
            if ($readNumbers) {
                $tmp = intval($tag);
            } else {
                $tmp = stripMaliciousSql($tag);
            }
            if ($tmp != '') {
                $output[] = $tmp;
            }
        }
    }
    return $output;
}

示例#2

0

显示文件

文件： common_functions.php 项目： malimu/CrisisTracker

function dumpTable($tableName)
{
    include 'api/open_db.php';
    $tableName = stripMaliciousSql($tableName);
    //Percent of tweets tagged
    $result = mysql_query("select * from {$tableName} order by 1 limit 1000", $db_conn);
    echo '<table style="border-spacing: 4px; border-collapse: separate">';
    $firstRow = true;
    while ($row = mysql_fetch_array($result)) {
        if ($firstRow) {
            echo '<tr>';
            foreach ($row as $key => $value) {
                if (!is_int($key)) {
                    echo "<td><strong>{$key}</strong></td>";
                }
            }
            echo '</tr>';
            $firstRow = false;
        }
        echo '<tr>';
        foreach ($row as $key => $value) {
            if (!is_int($key)) {
                if (ord($value) == 1) {
                    echo "<td>yes</td>";
                } elseif (ord($value) == 0) {
                    echo "<td>no</td>";
                } else {
                    echo "<td>" . htmlspecialchars($value) . "</td>";
                }
            }
        }
        echo '</tr>';
    }
    echo '</table>';
    include 'api/close_db.php';
}

示例#3

0

显示文件

文件： evaluation-expert.php 项目： malimu/CrisisTracker

	    || email==null || email == ''
	    || role==null || role == '')
	{
	    alert("Please fill in your name, role and email.");
	    return false;
	}
    }
</script>

<?php 
include 'header_end.php';
$registered = false;
if (isset($_POST['role']) && isset($_POST['name']) && isset($_POST['email']) && (isset($_POST['survey']) || isset($_POST['interview']) || isset($_POST['deployment']))) {
    $role = stripMaliciousSql($_POST['role']);
    $name = stripMaliciousSql($_POST['name']);
    $email = stripMaliciousSql($_POST['email']);
    $survey = 0;
    if (isset($_POST['survey'])) {
        $survey = intval($_POST['survey']);
    }
    $interview = 0;
    if (isset($_POST['interview'])) {
        $interview = intval($_POST['interview']);
    }
    $deployment = 0;
    if (isset($_POST['deployment'])) {
        $deployment = intval($_POST['deployment']);
    }
    include 'api/open_db.php';
    mysql_query("insert into ParticipantRegistrationProfessional\n\t(RegisteredAt, Name, Role, Email, Survey, Interview, Deployment) values\n\t(utc_timestamp(), '{$name}', '{$role}', '{$email}', {$survey}, {$interview}, {$deployment});", $db_conn);
    include 'api/close_db.php';

示例#4

0

显示文件

文件： get_story.php 项目： malimu/CrisisTracker

header('Content-Type: text/xml; charset=UTF-8');
mb_internal_encoding('UTF-8');
include 'common_functions.php';
include 'open_db.php';
include 'get_story_content.php';
$storyID = 0;
if (isset($_GET['storyid'])) {
    $storyID = intval($_GET['storyid']);
}
$onlyTags = FALSE;
if (isset($_GET['onlytags'])) {
    $onlyTags = intval($_GET['onlytags']) != 0;
}
$sortOrder = 'size';
if (isset($_GET['sortorder'])) {
    $sortOrder = stripMaliciousSql($_GET['sortorder']);
    if ($sortOrder != 'time') {
        $sortOrder = 'size';
    }
}
//Define a story object to populate
$story = array('storyID' => $storyID);
if (!$onlyTags) {
    $story = get_story_content($storyID, $sortOrder, $db_conn);
    //This replaces the story array object
}
// Category tags
$categoryTagsResult = mysql_query("select Category, InfoCategoryID\nfrom StoryInfoCategoryTag natural join InfoCategory\nwhere StoryID = {$storyID}", $db_conn);
$story['categoryCount'] = mysql_num_rows($categoryTagsResult);
if (mysql_num_rows($categoryTagsResult) > 0) {
    $story['categories'] = array();

示例#5

0

显示文件

文件： survey-volunteer.php 项目： malimu/CrisisTracker

    include 'footer.php';
    exit;
}
include 'api/open_db.php';
$userAnsweredResult = mysql_query("select count(*) as 'answers' from SyriaDeploymentVolunteerSurveyAnswer where TwitterUserID={$userID};");
$resultObj = mysql_fetch_object($userAnsweredResult);
$userHasAnswered = $resultObj->answers > 0;
if (!$userHasAnswered && !is_null($_POST) && count($_POST) > 0) {
    $answers = array();
    foreach ($_POST as $key => $value) {
        if (is_null($value) || $value == '') {
            continue;
        }
        if (substr($key, -7) == 'comment') {
            $qid = substr($key, 0, -8);
            $answers[$qid]->comment = stripMaliciousSql($value);
        } else {
            $answers[$key]->value = $value[0];
        }
    }
    $sql = "insert ignore into SyriaDeploymentVolunteerSurveyAnswer (TwitterUserID, QuestionID, Timestamp, LikertRange, AnswerValue, AnswerText) values ";
    $firstRow = true;
    foreach ($answers as $qid => $answer) {
        if ($firstRow) {
            $firstRow = false;
        } else {
            $sql .= ',';
        }
        $value = property_exists($answer, 'value') ? $answer->value : 'null';
        $comment = property_exists($answer, 'comment') ? "'" . $answer->comment . "'" : 'null';
        $likert = array_key_exists($qid, $likertQuestions) ? $likertCount : 'null';

PHP stripMaliciousSql示例