PHP security::escape示例

示例#1

文件： managers.php 项目： padratec/school-last

include "php/user.php";
include "php/security.php";
include "php/manager.php";
$login = new user();
$sec = new security();
$manager = new manager();
$logincheck = $login->islogin();
if ($logincheck != 1) {
    header("location: index.php");
} else {
    if (isset($_GET['error'])) {
        $error = $_GET['error'];
    }
    if ($_SERVER['REQUEST_METHOD'] == "POST") {
        $managername = $sec->escape($_POST['managername']);
        $managerlength = $sec->checknullwithoutwhitespace($managername);
        $managerage = $sec->escape($_POST['managerage']);
        $managermail = $sec->escape($_POST['managermail']);
        $manageraddress = $sec->escape($_POST['manageraddress']);
        if ($managerlength != 0) {
            $ans = $manager->addmanager($managername, $managerage, $managermail, $manageraddress);
            if ($ans == 0) {
                $error = "نام مدیر نباید تکراری باشد";
            } else {
                $error = "مدیر با موفقیت ایجاد شد";
            }
        } else {
            $error = "لطفا ابتدا نام مدیر را وارد کنید";
        }
    }

示例#2

文件： setmanagers.php 项目： padratec/school-last

$logincheck = $login->islogin();
if ($logincheck != 1) {
    header("location: index.php");
} else {
    if ($_SERVER['REQUEST_METHOD'] == "POST") {
        if (isset($_POST['schoolid'])) {
            $schoolid = $_POST['schoolid'];
            $managerid = $_POST['managerid'];
            $shift = $_POST['shift'];
            $school->addmanagertoschool($managerid, $schoolid, $shift);
            header("location: schools.php");
        }
    }
    if ($_SERVER['REQUEST_METHOD'] == "GET") {
        if (isset($_GET['schoolid']) & isset($_GET['shift'])) {
            $schoolid = $sec->escape($_GET['schoolid']);
            $shift = $sec->escape($_GET['shift']);
            $schoolresult = $school->getschoolbyid($schoolid);
            if ($schoolresult->num_rows == 1) {
                $schoolrow = $schoolresult->fetch_assoc();
                $managerresult = $manager->getmanagers();
                if ($managerresult->num_rows > 0) {
                } else {
                    header("location: managers.php?error=هیچ مدیری برای انتحاب وجود ندارد ابتدا مدیر را ایجاد کنید");
                }
            } else {
                header("location: schools.php?error=این مدرسه حذف شده است");
            }
        } else {
            header("location: schools.php");
        }

示例#3

文件： editmanager.php 项目： padratec/school-last

$name;
$age;
$email;
$address;
if ($_SERVER["REQUEST_METHOD"] == "GET") {
    if (isset($_GET['id'])) {
        $result = $manager->getmanagerbyid($_GET['id']);
        $row = $result->fetch_assoc();
        $name = $row['Name'];
        $age = $row['Age'];
        $email = $row['Email'];
        $address = $row['Address'];
    }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $id = $sec->escape($_POST['managerid']);
    $managername = $sec->escape($_POST["managername"]);
    $managerlength = $sec->checknullwithoutwhitespace($managername);
    $managerage = $sec->escape($_POST["managerage"]);
    $manageremail = $sec->escape($_POST["manageremail"]);
    $manageraddress = $sec->escape($_POST["manageraddress"]);
    if ($managerlength != 0) {
        $ans = $manager->editmanager($id, $managername, $managerage, $manageremail, $manageraddress);
        if ($ans == 1) {
            $error = "نام مدیر نباید تکراری باشد";
        } else {
            $error = "مشخصات مدیر با موفقیت ویرایش شد";
        }
    } else {
        $error = "لطفا ابتدا نام مدیر را وارد کنید";
    }

示例#4

文件： editschool.php 项目： padratec/school-last

$school = new school();
$sec = new security();
$name;
$address;
$telephone;
if ($_SERVER["REQUEST_METHOD"] == "GET") {
    if (isset($_GET['id'])) {
        $result = $school->getschoolbyid($_GET['id']);
        $row = $result->fetch_assoc();
        $name = $row['Sname'];
        $address = $row['Address'];
        $telephone = $row['Telephone'];
    }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $id = $sec->escape($_POST['schoolid']);
    $schoolname = $sec->escape($_POST["schoolname"]);
    $schoollength = $sec->checknullwithoutwhitespace($schoolname);
    $schooladdress = $sec->escape($_POST["schooladdress"]);
    $schooltel = $sec->escape($_POST["schooltel"]);
    if ($schoollength != 0) {
        $ans = $school->editschool($id, $schoolname, $schooladdress, $schooltel);
        if ($ans == 1) {
            $error = "نام مدرسه نباید تکراری باشد";
        } else {
            $error = "مدرسه با موفقیت ویرایش شد";
        }
    } else {
        $error = "لطفا ابتدا نام مدرسه را وارد کنید";
    }
    header("location: editschool.php?id={$id}&error={$error}");

示例#5

文件： index.php 项目： padratec/school

include "php/security.php";
$sec = new security();
$login = new user();
$error;
$logincheck = $login->islogin();
if ($logincheck == 1) {
    header("location: modiriat.php");
} else {
    if ($logincheck == 2) {
        header("location: user.php");
    }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST["username"];
    $password = $_POST["password"];
    $username = $sec->escape($username);
    $username = $sec->deletewhitespace($username);
    $password = $sec->escape($password);
    $password = $sec->deletewhitespace($password);
    $password = md5($password);
    if ($login->athenticate($username, $password) == 1) {
        header("location:modiriat.php");
    } else {
        $error = "نام کاربری یا رمز عبور اشتباه می باشد";
    }
}
?>

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>