function getSafeValues($input, $readNumbers = FALSE) { $output = array(); if (is_array($input)) { foreach ($input as $tag) { $tmp = ''; if ($readNumbers) { $tmp = intval($tag); } else { $tmp = stripMaliciousSql($tag); } if ($tmp != '') { $output[] = $tmp; } } } return $output; }
function dumpTable($tableName) { include 'api/open_db.php'; $tableName = stripMaliciousSql($tableName); //Percent of tweets tagged $result = mysql_query("select * from {$tableName} order by 1 limit 1000", $db_conn); echo '<table style="border-spacing: 4px; border-collapse: separate">'; $firstRow = true; while ($row = mysql_fetch_array($result)) { if ($firstRow) { echo '<tr>'; foreach ($row as $key => $value) { if (!is_int($key)) { echo "<td><strong>{$key}</strong></td>"; } } echo '</tr>'; $firstRow = false; } echo '<tr>'; foreach ($row as $key => $value) { if (!is_int($key)) { if (ord($value) == 1) { echo "<td>yes</td>"; } elseif (ord($value) == 0) { echo "<td>no</td>"; } else { echo "<td>" . htmlspecialchars($value) . "</td>"; } } } echo '</tr>'; } echo '</table>'; include 'api/close_db.php'; }
|| email==null || email == '' || role==null || role == '') { alert("Please fill in your name, role and email."); return false; } } </script> <?php include 'header_end.php'; $registered = false; if (isset($_POST['role']) && isset($_POST['name']) && isset($_POST['email']) && (isset($_POST['survey']) || isset($_POST['interview']) || isset($_POST['deployment']))) { $role = stripMaliciousSql($_POST['role']); $name = stripMaliciousSql($_POST['name']); $email = stripMaliciousSql($_POST['email']); $survey = 0; if (isset($_POST['survey'])) { $survey = intval($_POST['survey']); } $interview = 0; if (isset($_POST['interview'])) { $interview = intval($_POST['interview']); } $deployment = 0; if (isset($_POST['deployment'])) { $deployment = intval($_POST['deployment']); } include 'api/open_db.php'; mysql_query("insert into ParticipantRegistrationProfessional\n\t(RegisteredAt, Name, Role, Email, Survey, Interview, Deployment) values\n\t(utc_timestamp(), '{$name}', '{$role}', '{$email}', {$survey}, {$interview}, {$deployment});", $db_conn); include 'api/close_db.php';
header('Content-Type: text/xml; charset=UTF-8'); mb_internal_encoding('UTF-8'); include 'common_functions.php'; include 'open_db.php'; include 'get_story_content.php'; $storyID = 0; if (isset($_GET['storyid'])) { $storyID = intval($_GET['storyid']); } $onlyTags = FALSE; if (isset($_GET['onlytags'])) { $onlyTags = intval($_GET['onlytags']) != 0; } $sortOrder = 'size'; if (isset($_GET['sortorder'])) { $sortOrder = stripMaliciousSql($_GET['sortorder']); if ($sortOrder != 'time') { $sortOrder = 'size'; } } //Define a story object to populate $story = array('storyID' => $storyID); if (!$onlyTags) { $story = get_story_content($storyID, $sortOrder, $db_conn); //This replaces the story array object } // Category tags $categoryTagsResult = mysql_query("select Category, InfoCategoryID\nfrom StoryInfoCategoryTag natural join InfoCategory\nwhere StoryID = {$storyID}", $db_conn); $story['categoryCount'] = mysql_num_rows($categoryTagsResult); if (mysql_num_rows($categoryTagsResult) > 0) { $story['categories'] = array();
include 'footer.php'; exit; } include 'api/open_db.php'; $userAnsweredResult = mysql_query("select count(*) as 'answers' from SyriaDeploymentVolunteerSurveyAnswer where TwitterUserID={$userID};"); $resultObj = mysql_fetch_object($userAnsweredResult); $userHasAnswered = $resultObj->answers > 0; if (!$userHasAnswered && !is_null($_POST) && count($_POST) > 0) { $answers = array(); foreach ($_POST as $key => $value) { if (is_null($value) || $value == '') { continue; } if (substr($key, -7) == 'comment') { $qid = substr($key, 0, -8); $answers[$qid]->comment = stripMaliciousSql($value); } else { $answers[$key]->value = $value[0]; } } $sql = "insert ignore into SyriaDeploymentVolunteerSurveyAnswer (TwitterUserID, QuestionID, Timestamp, LikertRange, AnswerValue, AnswerText) values "; $firstRow = true; foreach ($answers as $qid => $answer) { if ($firstRow) { $firstRow = false; } else { $sql .= ','; } $value = property_exists($answer, 'value') ? $answer->value : 'null'; $comment = property_exists($answer, 'comment') ? "'" . $answer->comment . "'" : 'null'; $likert = array_key_exists($qid, $likertQuestions) ? $likertCount : 'null';