public function updatePlayer(IPlayer $player, $lastIP = null, $loginDate = null) { $name = trim(strtolower($player->getName())); if ($lastIP !== null) { $this->database->query("UPDATE simpleauth_players SET lastip = '" . $this->database->escape_string($lastIP) . "' WHERE name = '" . $this->database->escape_string($name) . "'"); } if ($loginDate !== null) { $this->database->query("UPDATE simpleauth_players SET logindate = " . intval($loginDate) . " WHERE name = '" . $this->database->escape_string($name) . "'"); } }
public function getStats($playerName) { $playerName = $this->db->escape_string(trim(strtolower($playerName))); $result = $this->db->query("SELECT * FROM tntstats WHERE name = '" . $playerName . "'"); if ($result instanceof \mysqli_result) { $assoc = $result->fetch_assoc(); $result->free(); if (isset($assoc["name"]) and $assoc["name"] === $playerName) { return $assoc; } } return null; }
/** * Экранирует значение * @param string|array $value * @param null $type * @return string */ public function quote($value, $type = null) { if (is_array($value)) { foreach ($value as $key => $val) { $q = $this->getQuoteIdentifierSymbol(); $value[$key] = $q . $this->db->escape_string($value) . $q; } $quoted_value = implode(', ', $value); } else { $q = $this->getQuoteIdentifierSymbol(); $quoted_value = $q . $this->db->escape_string($value) . $q; } return $quoted_value; }
public function escStr($str) { if (is_bool($str)) { return $str ? "1" : "0"; } return is_string($str) ? "'{$this->mysqli->escape_string($str)}'" : "{$str}"; }
/** * escaping a string * * @param string $str * @return string */ public function escape($str) { if (!$this->ready()) { return false; } return $this->_MySQLi->escape_string($str); }
/** * @param PlayerQuitEvent $e */ public function onPlayerQuit(PlayerQuitEvent $e) { if ($this->getPlayer($e->getPlayer()) == null) { $this->AddPlayer($e->getPlayer()); } else { $this->db->query("UPDATE player_stats SET quits = quits +1 WHERE name = '" . $this->db->escape_string($e->getPlayer()->getName()) . "'") or die($this->bd->mysqli_error()); } //$this->db->query("UPDATE player_stats SET quits = quits +1 WHERE name = '".$this->db->escape_string($e->getPlayer()->getName())."'") or die($this->bd->mysqli_error()); }
/** * Escape a string to be used in a SQL query. * * @param String $string The string to escape * * @return Mixed $return The escaped string on success, FALSE on error */ public function escape_string($string) { $this->connect(); if ($this->connected === TRUE) { return $this->mysqli->escape_string($string); } else { return FALSE; } }
/** * Escaped einen String, der durch Nutzereingabe herkommt * * @param type $string * @return type $string * @author Halldor Rolandsson */ public function escapeMethod($string) { $database = new mysqli($this->dbHost, $this->dbUser, $this->dbPass, $this->dbDatabase); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit; } $string = $database->escape_string($string); $database->close(); return $string; }
protected function _process_values($values) { $data = array(); foreach ($values as $v) { if (is_string($v)) { $v = $this->_connection->escape_string($v); } $data[] = $v; } return $data; }
public function touchIP($ip) { // $ip = $this->db->escape_string(implode("", array_map(function($token){ // return chr(intval($token)); // }, explode(".", $ip)))); $ip = $this->db->escape_string($ip); $result = $this->db->query("SELECT ip FROM {$this->itn} WHERE ip = '{$ip}';"); $exists = is_array($result->fetch_assoc()); $result->close(); if (!$exists) { $this->db->query("INSERT INTO {$this->itn} VALUES ('{$ip}');"); } return $exists; }
/** * Creates a new SQL-part for this field. * (Only adds ' around string typed fields) */ private final function getDataPart($data, $type) { $ret = ""; switch ($type) { case 'number': $ret = $data; break; case 'string': $ret = "'" . $this->db->escape_string($data) . "'"; break; default: $ret = "'" . $this->db->escape_string($data) . "'"; } return $ret; }
/** * Checks a MySQL database for invalid foreign keys, i.e., a keys pointing to missing rows. * * @author David Grudl (http://davidgrudl.com) * @copyright Copyright (c) 2008 David Grudl * @license New BSD License * @version 1.0 */ function checkForeignKeys(mysqli $db, $database = NULL) { $keys = $db->query(' SELECT TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME, REFERENCED_TABLE_NAME, REFERENCED_COLUMN_NAME FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA IS NOT NULL' . ($database ? " AND TABLE_SCHEMA='{$db->escape_string($database)}'" : '')); foreach ($keys as $key) { echo "{$key['TABLE_SCHEMA']} {$key['TABLE_NAME']}.{$key['COLUMN_NAME']}: "; foreach ($key as &$identifier) { $identifier = '`' . str_replace('`', '``', $identifier) . '`'; } $row = $db->query("\n\t\t\tSELECT COUNT({$key['COLUMN_NAME']})\n\t\t\tFROM {$key['TABLE_SCHEMA']}.{$key['TABLE_NAME']}\n\t\t\tWHERE {$key['COLUMN_NAME']} NOT IN (SELECT {$key['REFERENCED_COLUMN_NAME']} FROM {$key['TABLE_SCHEMA']}.{$key['REFERENCED_TABLE_NAME']})\n\t\t")->fetch_array(); echo $row[0] ? "found {$row['0']} invalid foreign keys!\n" : "OK\n"; } }
private function cleanCriteria($criteria) { if (is_numeric($criteria)) { if (false !== strpos($criteria, '.')) { $criteria = floatval($criteria); } else { $criteria = intval($criteria); } } elseif (is_array($criteria)) { $criteria = json_encode($criteria); } elseif (is_string($criteria)) { $criteria = $this->db->escape_string($criteria); } return $criteria; }
$stmt->execute() or die($stmt->error); $tabAdresseId[$rep->idadresse] = array('rue', $mysqliNew->insert_id); } else { echo '<p>aucun quartier correspondant à ' . $nomQuartier . '</p>'; $tabAdresseId[$rep->idadresse] = array('erreur', $mysqliNew->insert_id); } } else { if (!empty($rep->nomville)) { $nomVille = nettoyeChaine($rep->nomville); $stmtTrouveIdVille->execute() or die($stmt->error); $stmtTrouveIdVille->bind_result($idVille); if ($stmtTrouveIdVille->fetch()) { $stmtTrouveIdVille->free_result(); $result = $mysqliNew->query('SELECT idSousQuartier FROM sousQuartier sq WHERE idQuartier=(SELECT idQuartier FROM quartier sq WHERE idVille=' . $idVille . ' AND nom="autre") AND nom="autre"'); $reponse = $result->fetch_object(); $nom = $mysqliNew->escape_string($nom); $prefixe = $mysqliNew->escape_string($prefixe); // ajout laurent : pour separation prefixe (complement) du nom de la rue $idSousQuartier = $reponse->idSousQuartier; $stmt->execute() or die($stmt->error); $tabAdresseId[$rep->idadresse] = array('rue', $mysqliNew->insert_id); } else { echo '<p>aucun quartier correspondant à ' . $nomQuartier . '</p>'; $tabAdresseId[$rep->idadresse] = array('erreur', $mysqliNew->insert_id); } } else { echo '<p>PERTE : idadresse = ' . $rep->idadresse . '</p>'; $tabAdresseId[$rep->idadresse] = array('erreur', $mysqliNew->insert_id); } } }
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for insertion $id = $db->escape_string($_POST["id"]); $soort = $db->escape_string($_POST["soort"]); // Prepare query and execute $query = "insert into species (id, soort) values ('{$id}','{$soort}')"; $result = $db->query($query); // Tell the browser to go back to the index page. header("Location: ./"); exit; }
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for insertion $client = $db->escape_string($_POST["name"]); // Prepare query and execute $query = "INSERT INTO client (name) VALUES ('{$client}')"; $result = $db->query($query); // Tell the browser to go back to the index page. header("Location: ./"); exit; }
th, td { padding: 5px; text-align:center; } p { text-align:center; } </style> <?php global $mysqlusername, $mysqlpassword, $mysqldatabase, $mysqllocation; $db = new mysqli($mysqllocation, $mysqlusername, $mysqlpassword, $mysqldatabase); if (!isset($_GET["curr"])) { die("<script>window.close()</script>"); } $curr = $db->escape_string($_GET["curr"]); $query = "SELECT currency.shortname, valuechanges.newbuyvalue, valuechanges.newsellvalue, currency.name FROM valuechanges INNER JOIN currency ON currency.currencyid=valuechanges.currencyid WHERE valuechanges.changegroup={$curr} ORDER BY currency.name ASC"; $result = $db->query($query) or die($db->error); ?> </head> <body> <table style="width:100%"> <tr> <th>Currency</th> <th>New Buying Value</th> <th>New Selling Value</th> </tr> <?php while ($row = $result->fetch_assoc()) { echo "<tr>";
<?php if ($_SERVER["REQUEST_METHOD"] == "GET") { $client = NULL; if (isset($_GET['id'])) { // Get species for id $db = new mysqli('localhost', 'root', '', 'hospital'); $id = $db->query($query); $species = $result->fetch_assoc(); } if ($species == NULL) { // No species found http_response_code(404); include "../common/not_found.php"; exit; } } elseif ($_SERVER["REQUEST_METHOD"] == "POST") { if (isset($_POST['confirmed'])) { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for delete $id = $db->escape_string($_POST["id"]); // Prepare query and execute $query = "delete from species where id={$id}"; $result = $db->query($query); } // Tell the browser to go back to the index page. header("Location: ./"); exit; }
global $mysqlusername, $mysqlpassword, $mysqldatabase, $mysqllocation; ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Forex Trading Simulator - Add Users</title> <?php if (isset($_POST["name"]) && isset($_POST["userid"]) && isset($_POST["password"]) && isset($_POST["usertype"])) { $db = new mysqli($mysqllocation, $mysqlusername, $mysqlpassword, $mysqldatabase); $name = $db->real_escape_string($_POST["name"]); $userid = $db->real_escape_string($_POST["userid"]); $password = $db->real_escape_string($_POST["password"]); $usertype = $db->real_escape_string($_POST["usertype"]); $password = password_hash($password, PASSWORD_DEFAULT); $salt = $db->escape_string($salt); $query = "INSERT INTO users (name, userid, password, usertype) VALUES ('{$name}', '{$userid}', '{$password}', {$usertype});"; if ($db->query($query) === TRUE) { $query = "SELECT userkey FROM users WHERE userid='{$userid}'"; $result = $db->query($query); $row = $result->fetch_assoc(); $userkey = $row["userkey"]; $query = "INSERT INTO wallet (userkey, currencyid, amount) VALUES ({$userkey}, 1, 10000000)"; $db->query($query); //$query = "INSERT INTO wallet (userkey, currencyid, amount) VALUES ($userkey, 2, 1300000000)"; //$db->query($query); $query = "SELECT currencyid FROM currency WHERE currencyid != 1"; $result = $db->query($query); while ($row = $result->fetch_assoc()) { //if($row["currencyid"] == 1) // continue;
$allowed = true; if (!$register && isset($groupPermissions["SESSION_DURATION"])) { $sessionTime = $groupPermissions["SESSION_DURATION"]; } if (isset($groupPermissions["ALLOW_NO_PROXY"]) && $groupPermissions["ALLOW_NO_PROXY"]) { $proxyEnforced = false; } break; } } } } if ($allowed) { $noProxy = $proxyEnforced ? 'N' : 'Y'; if ($register) { $sql = "insert into user_devices (mac_address, username, auth_time_utc, no_proxy) values ('{$mac}', '" . $conn->escape_string($un) . "', UTC_TIMESTAMP(), '{$noProxy}')"; } else { $sql = "insert into auth_sessions (username, mac_address, ip_address, auth_time_utc, expiry_time_utc, no_proxy) values ('" . $conn->escape_string($un) . "', '{$mac}', '{$srcIP}', UTC_TIMESTAMP(), ADDTIME(UTC_TIMESTAMP(), '{$sessionTime}'), '{$noProxy}')"; } // create a session record if ($conn->query($sql) === false) { $errors[] = "Unable to create " . ($register ? "device" : "session") . " record in database."; } else { $loggedIn = true; iptablesAddUserDevice($mac, $proxyEnforced); } } else { $errors[] = "Your username and password are correct, but you're not authorised to " . ($register ? "register devices" : "log in") . " using this service. <a href='" . SQUID_SUPPORT_URL . "'>Click here to request help with this issue.</a>"; } } else { $errors[] = "Invalid username or password.";
/** * @see Yun_Db_Adapter_Interface::quote() */ public function quote($string) { return $this->mysqli->escape_string($string); }
<?php if ($_SERVER["REQUEST_METHOD"] == "GET") { $species = NULL; if (isset($_GET['id'])) { //Get Species for id require '../common/connect.php'; $id = $db->escape_string($_GET["id"]); $query = "select * from species where id={$id}"; $result = $db->query($query); $species = $result->fetch_assoc(); } if ($species == NULL) { // No species found http_response_code(404); include "../common/not_found.php"; exit; } } elseif ($_SERVER["REQUEST_METHOD"] == "POST") { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for update $id = $db->escape_string($_POST["id"]); $species = $db->escape_string($_POST["species"]); // Prepare query and execute $query = "update species set name='{$species}' where id={$id}"; $result = $db->query($query); // Tell the browser to go back to the index page. header("Location: ./"); exit; }
<?php if ($_SERVER["REQUEST_METHOD"] == "GET") { $species = NULL; if (isset($_GET['id'])) { // Get Species for id $db = new mysqli('localhost', 'root', '', 'hospital'); $id = $db->escape_string($_GET["id"]); $query = "select * from species where id={$id}"; $result = $db->query($query); $species = $result->fetch_assoc(); } if ($species == NULL) { // No species found http_response_code(404); include "../common/not_found.php"; exit; } } elseif ($_SERVER["REQUEST_METHOD"] == "POST") { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for update $id = $db->escape_string($_POST["id"]); $name = $db->escape_string($_POST["name"]); // Prepare query and execute $query = "update species set species='{$name}' where id={$id}"; $result = $db->query($query); // Tell the browser to go back to the index page. header("Location: ./"); exit; }
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for insertion $name = $db->escape_string($_POST["name"]); $species = $db->escape_string($_POST["species_id"]); $status = $db->escape_string($_POST["status"]); $client_id = $db->escape_string($_POST["client_id"]); // Prepare query and execute $query = "insert into patient (name, species_id, status, client_id) values ('{$name}','{$species}','{$status}','{$client_id}')"; $result = $db->query($query); // Tell the browser to go back to the index page. header("Location: ./"); exit; } else { $db = new mysqli('localhost', 'root', '', 'hospital'); $query = "\tSELECT * FROM clients;"; //client id uit CLIENT = verbonden met id uit client $result = $db->query($query); $clients = $result->fetch_all(MYSQLI_ASSOC); //------------------------ $query = "\tSELECT * FROM species;"; $result = $db->query($query); $species = $result->fetch_all(MYSQLI_ASSOC); }
} } echo $ln . "/" . $count . "\r"; $form['regno'] = $reg_no; $form['submit'] = "Submit"; $snoopy->submit("http://192.168.216.1/resultstatus.php", $form); if (strpos($snoopy->results, 'is invalid') !== false) { echo "Invalid."; continue; } else { $result = trim(strip_tags(cut_str($snoopy->results, '<p><br />', '<p class="content">'))); if (strpos($snoopy->results, "NOT Qualified") !== false) { //Did not qualify continue; } else { //Maybe qualified //save $res = $db->escape_string($result); $db->query("INSERT INTO results_2011_raw VALUES ('{$reg_no}','{$res}')"); } } } } function cut_str($str, $left, $right) { $str = substr(stristr($str, $left), strlen($left)); $leftLen = strlen(stristr($str, $right)); $leftLen = $leftLen ? -$leftLen : strlen($str); $str = substr($str, 0, $leftLen); return $str; }
if ($_SERVER["REQUEST_METHOD"] == "GET") { $client = NULL; if (isset($_GET['id'])) { // Get Patient for id $db = new mysqli('localhost', 'root', '', 'hospital'); $id = $db->escape_string($_GET["id"]); $query = "select * from client where id={$id}"; $result = $db->query($query); $client = $result->fetch_assoc(); } if ($client == NULL) { // No client found http_response_code(404); include "../common/not_found.php"; exit; } } elseif ($_SERVER["REQUEST_METHOD"] == "POST") { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for update $id = $db->escape_string($_POST["id"]); $name = $db->escape_string($_POST["name"]); $phone = $db->escape_string($_POST["phone"]); $mail = $db->escape_string($_POST["mail"]); // Prepare query and execute $query = "update client set name='{$name}', phone='{$phone}', mail='{$mail}' where id={$id}"; $result = $db->query($query); // Tell the browser to go back to the index page. header("Location: ./"); exit; }
/** * {@inheritdoc} */ public function quote($input, $type = \PDO::PARAM_STR) { return "'" . $this->_conn->escape_string($input) . "'"; }
// Key set and no key given or key is wrong if (!isset($_GET['key']) || !$helpers->keyToServerKeys($access_keys, $_GET['key'])) { $helpers->printXmlError("APP_AUTH_FAILURE", "CallAdmin_Takeover"); } $dbi = new mysqli($host, $username, $password, $database, $dbport); // Oh noes, we couldn't connect if ($dbi->connect_errno != 0) { $helpers->printXmlError("DB_CONNECT_FAILURE", "CallAdmin_Takeover"); } // Set utf-8 encodings $dbi->set_charset("utf8"); // Escape server keys foreach ($access_keys as $key => $value) { if (is_array($value)) { foreach ($value as $serverKey) { $access_keys[$key][$serverKey] = $dbi->escape_string($serverKey); } } } // Server Key clause $server_key_clause = 'serverKey IN (' . $helpers->keyToServerKeys($access_keys, $_GET['key']) . ') OR LENGTH(serverKey) < 1'; // Safety if (isset($_GET['callid']) && preg_match("/^[0-9]{1,11}+\$/", $_GET['callid'])) { $callID = $dbi->escape_string($_GET['callid']); $insertresult = $dbi->query("UPDATE\n\t\t\t\t\t\t\t\t\t`{$table}`\n\t\t\t\t\t\t\t\tSET callHandled = 1\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tcallID = {$callID} AND {$server_key_clause}"); // Insert failed, we should check if the update was successfull somehow (affected_rows ist reliable here) if ($insertresult === FALSE) { $dbi->close(); $helpers->printXmlError("DB_UPDATE_FAILURE", "CallAdmin_Takeover"); } } else {
if ($_SERVER["REQUEST_METHOD"] == "GET") { $species = NULL; if (isset($_GET['id'])) { //Get Species for id $db = new mysqli('localhost', 'root', '', 'hospital'); $id = $db->escape_string($_GET["id"]); $query = "select * from species where id={$id}"; $result = $db->query($query); $species = $result->fetch_assoc(); } if ($species == NULL) { // No species found http_response_code(404); include "../common/not_found.php"; exit; } } elseif ($_SERVER["REQUEST_METHOD"] == "POST") { $db = new mysqli('localhost', 'root', '', 'hospital'); // Prepare data for update $id = $db->escape_string($_POST["id"]); $name = $db->escape_string($_POST["name"]); $species = $db->escape_string($_POST["species"]); $status = $db->escape_string($_POST["status"]); // Prepare query and execute $query = "update species set {$name}='name', species='{$species}', status='{$status}' where id={$id}"; $result = $db->query($query); // Tell the browser to go back to the index page. header("Location: ./"); exit; }
/** * Экранирует символы */ function EscapeString($text) { return $this->db->escape_string($text); }