本文整理汇总了PHP中makeSafe函数的典型用法代码示例。如果您正苦于以下问题:PHP makeSafe函数的具体用法?PHP makeSafe怎么用?PHP makeSafe使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了makeSafe函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: getLink
function getLink($table = '', $linkField = '', $pk = '', $id = '', $path = '')
{
if (!$id || !$table || !$linkField || !$pk) {
// default link to return
exit;
}
if (preg_match('/^Lookup: (.*?)::(.*?)::(.*?)$/', $path, $m)) {
$linkID = makeSafe(sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'"));
$link = sqlValue("select `{$m[3]}` from `{$m[1]}` where `{$m[2]}`='{$linkID}'");
} else {
$link = sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'");
}
if (!$link) {
exit;
}
if (preg_match('/^(http|ftp)/i', $link)) {
// if the link points to an external url, don't prepend path
$path = '';
} elseif (!is_file(dirname(__FILE__) . "/{$path}{$link}")) {
// if the file doesn't exist in the given path, try to find it without the path
$path = '';
}
@header("Location: {$path}{$link}");
exit;
}
开发者ID:vishwanathhsinhaa,项目名称:tieuthuong-org,代码行数:25,代码来源:link.php
示例2: forceDownload
/**
* Return file as response
* @param $filePath path of file to return
* @param $fileName name of file to return
*/
function forceDownload($filePath, $fileName)
{
header("Cache-Control: private");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=" . makeSafe(transliterate($fileName)));
header("Content-Type: audio/mpeg");
header("Content-length: " . filesize($filePath));
readfile($filePath);
}
开发者ID:hbcbh1999,项目名称:music,代码行数:14,代码来源:download.php
示例3: delete_file
/**
* Deletes a file
* @param string The relative folder path to the file
*/
function delete_file($listdir)
{
josSpoofCheck(null, null, 'get');
$delFile = makeSafe(mosGetParam($_REQUEST, 'delFile', ''));
$fullPath = COM_MEDIA_BASE . $listdir . DIRECTORY_SEPARATOR . stripslashes($delFile);
if (file_exists($fullPath)) {
unlink($fullPath);
}
}
开发者ID:patricmutwiri,项目名称:joomlaclube,代码行数:13,代码来源:admin.media.php
示例4: hate
public function hate()
{
$deal_id = makeSafe($this->input->post('did'));
if ($this->session->userdata('id_user') != "") {
$retData = $this->deal_model->hate($deal_id);
} else {
$retData = array('DEAL_ID' => $deal_id, 'STAT' => false, 'MSG' => 'Login to avail this faility');
}
echo json_encode($retData);
}
开发者ID:quaestio,项目名称:dealguru,代码行数:10,代码来源:Deals.php
示例5: login
public function login()
{
$data['msg'] = "";
$user_name = makeSafe($this->input->post('email'));
$user_pass = makeSafe($this->input->post('pass'));
if ($this->user_model->check_user($user_name, $user_pass)) {
echo 1;
} else {
echo 0;
}
}
开发者ID:quaestio,项目名称:dealguru,代码行数:11,代码来源:User.php
示例6: post_comment
public function post_comment()
{
$data = array('DEAL_ID' => makeSafe($this->input->post('did')), 'USER_ID' => $this->session->userdata('id_user'), 'COMMENT' => makeSafe($this->input->post('cmt')), 'IP' => $this->input->ip_address());
$this->db->insert('deal_comments', $data);
$dataR['comment_id'] = $this->db->insert_id();
$dataR['comment'] = makeSafe($this->input->post('cmt'));
$dataR['user_image'] = $this->session->userdata('user_image_url');
$dataR['full_name'] = $this->session->userdata('full_name');
$dataR['time'] = "Just Now";
return json_encode($dataR);
}
开发者ID:quaestio,项目名称:dealguru,代码行数:11,代码来源:Deal_model.php
示例7: smtp_mail
/**
* This hook function is called when send mail.
* @param $mail_info
* An array contains mail information : to,cc,bcc,subject,message
**/
function smtp_mail($mail_info)
{
/* include phpmailer library */
require dirname(__FILE__) . "/phpmailer/class.phpmailer.php";
require dirname(__FILE__) . "/phpmailer/class.smtp.php";
/* create mail_log table if it doesn't exist */
$database_tabels = str_split(sqlValue("SHOW TABLES"));
$exist = in_array('mail_log', $database_tabels) ? True : False;
if (!$exist) {
$sql = "CREATE TABLE IF NOT EXISTS `mail_log` (\r\n\t\t\t\t\t`mail_id` int(15) NOT NULL AUTO_INCREMENT,\r\n\t\t\t\t\t`to` varchar(225) NOT NULL,\r\n\t\t\t\t\t`cc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`bcc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`subject` varchar(225) NOT NULL,\r\n\t\t\t\t\t`body` text NOT NULL,\r\n\t\t\t\t\t`senttime` int(15) NOT NULL,\r\n\t\t\t\t\tPRIMARY KEY (`mail_id`)\r\n\t\t\t\t ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;\r\n\t\t\t\t ";
sql($sql, $eo);
}
/* SMTP configuration*/
$mail = new PHPMailer();
$mail->isSMTP();
// telling the class to use SMTP
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->isHTML(true);
// Set email format to HTML
$mail->SMTPDebug = 0;
// Enable verbose debug output
$mail->Username = SMTP_USER;
// SMTP username
$mail->Password = SMTP_PASSWORD;
// SMTP password
$mail->SMTPSecure = SMTP_SECURE;
// Enable TLS encryption, `ssl` also accepted
$mail->Port = SMTP_PORT;
// TCP port to connect to
$mail->FromName = SMTP_FROM_NAME;
$mail->From = SMTP_FROM;
$mail->Host = SMTP_SERVER;
// SMTP server
$mail->setFrom(SMTP_FROM, SMTP_FROM_NAME);
/* send to */
$mail->addAddress($mail_info['to']);
$mail->addCC($mail_info['cc']);
$mail->addBCC(SMTP_BCC);
$mail->Subject = $mail_info['subject'];
$mail->Body = $mail_info['message'];
if (!$mail->send()) {
return FALSE;
}
/* protect against malicious SQL injection attacks */
$to = makeSafe($mail_info['to']);
$cc = makeSafe($mail_info['cc']);
$bcc = makeSafe(SMTP_BCC);
$subject = makeSafe($mail_info['subject']);
$message = makeSafe($mail_info['message']);
sql("INSERT INTO `mail_log` (`to`,`cc`,`bcc`,`subject`,`body`,`senttime`) VALUES ('{$to}','{$cc}','{$bcc}','{$subject}','{$message}',unix_timestamp(NOW()))", $eo);
return TRUE;
}
开发者ID:bigprof,项目名称:jaap,代码行数:58,代码来源:__global.php
示例8: TB_ContactForm
/** Contact Form **/
function TB_ContactForm($emailTo, $emailCC = FALSE, $sentHeading = 'Your message has been successfully submitted..', $sentMessage = 'We will get back to you asap.')
{
if (isset($_POST['contact_submit'])) {
$error = "";
$fullname = makeSafe($_POST['fullname']);
$email = makeSafe($_POST['email']);
$phone = makeSafe($_POST['phone']);
$message = makesafe($_POST['message']);
$subject = "Enquiry from Canareef Resort Maldives";
$from_name = "Canareef";
$from_email = "[email protected]";
if (empty($fullname)) {
$error['fullname'] = "Your Name";
}
if (empty($email) || !isValidEmail($email)) {
$error['email'] = "Your Email";
}
if (empty($message)) {
$error['message'] = "Your Message";
}
if (!empty($_POST['antispam'])) {
echo '<p>We don’t appreciate spam.</p>';
} elseif (!empty($error)) {
TB_DisplayForm($error);
} else {
$content = __('Name') . ' : ' . $fullname . "\n" . __('Email') . ' : ' . $email . "\n" . __('Phone Number') . ' : ' . $phone . "\n" . __('Message') . " : \n" . $message . "\n\n";
$headers = 'From: =?UTF-8?B?' . base64_encode($fullname) . '?= <' . $email . '>' . "\r\n";
// $headers = 'From: =?UTF-8?B?'.base64_encode($from_name).'?= <'.$from_email.'>'."\r\n";
$emailBCC = '';
if ($emailCC) {
$headers .= 'CC: ' . $emailCC . "\r\n";
}
if ($emailBCC != '') {
$headers .= 'BCC: ' . $emailBCC . "\r\n";
}
$headers .= 'Reply-To: ' . $email . "\r\n";
$headers .= 'Content-type: text/plain; charset=UTF-8';
if (mail($emailTo, $subject, $content, $headers)) {
echo '<a id="contact-status" name="status"></a>' . "\n";
echo '<p class="tbSuccess">' . __($sentHeading) . ' ' . __($sentMessage) . '</p>' . "\n";
$fullname = "";
$email = "";
$phone = "";
$message = "";
} else {
$error['sendemail'] = "Email could not be sent.";
}
TB_DisplayForm($error);
}
} else {
TB_DisplayForm();
}
}
开发者ID:sindotnet,项目名称:canareef,代码行数:54,代码来源:index.php
示例9: activate
public function activate()
{
$user_id = $this->input->post('actid');
$act_code = makeSafe($this->input->post('user_input'));
$sql = "Select * FROM user_details where md5(USER_ID)='" . makeSafe($user_id) . "' and ACT_CODE='" . $act_code . "'";
$query = $this->db->query($sql);
if ($query->num_rows() > 0) {
$sql = "UPDATE user_details set ACTIVATED='Y' where md5(USER_ID)='" . makeSafe($user_id) . "' and ACT_CODE='" . $act_code . "'";
$query = $this->db->query($sql);
echo "Your account has been activated,Login to your account and post Deals ";
} else {
return "Invalid Activation COde";
}
}
开发者ID:quaestio,项目名称:dealguru,代码行数:14,代码来源:User_model.php
示例10: TB_ContactForm
/** Contact Form **/
function TB_ContactForm($emailTo, $emailCC = FALSE, $sentHeading = 'Your message was sent successfully.', $sentMessage = 'We will get back to you soon.')
{
if (isset($_POST['contact_submit'])) {
$error = "";
$fullname = makeSafe($_POST['fullname']);
$email = makeSafe($_POST['email']);
$phone = makeSafe($_POST['phone']);
$message = makesafe($_POST['message']);
$subject = "Enquiry from Estadia by Hatten";
if (empty($fullname)) {
$error['fullname'] = "Your name";
}
if (empty($email) || !isValidEmail($email)) {
$error['email'] = "Email Address";
}
if (empty($message)) {
$error['message'] = "General Enquiry";
}
if (!empty($_POST['antispam'])) {
echo '<p>We don’t appreciate spam.</p>';
} elseif (!empty($error)) {
TB_DisplayForm($error);
} else {
$content = __('Name') . ' : ' . $fullname . "\n\n" . __('Email Address') . ' : ' . $email . "\n\n" . __('Contact No.') . ' : ' . $phone . "\n\n" . __('General Enquiry') . " : \n\n" . $message . "\n\n";
$headers = 'From: =?UTF-8?B?' . base64_encode($fullname) . '?= <' . $email . '>' . "\r\n";
$emailBCC = '';
if ($emailCC) {
$headers .= 'CC: ' . $emailCC . "\r\n";
}
if ($emailBCC != '') {
$headers .= 'BCC: ' . $emailBCC . "\r\n";
}
$headers .= 'Reply-To: ' . $email . "\r\n";
$headers .= 'Content-type: text/plain; charset=UTF-8';
if (mail($emailTo, $subject, $content, $headers)) {
echo '<a id="contact-status" name="status"></a>' . "\n";
echo '<p class="tbSuccess">' . __($sentHeading) . ' ' . __($sentMessage) . '</p>' . "\n";
} else {
$error['sendemail'] = "Email could not be sent.";
}
TB_DisplayForm($error);
}
} else {
TB_DisplayForm();
}
}
开发者ID:sindotnet,项目名称:dashhotel,代码行数:47,代码来源:index.php
示例11: dirname
<?php
$d = dirname(__FILE__);
require "{$d}/incCommon.php";
include "{$d}/incHeader.php";
// process search
$memberID = makeSafe(strtolower($_GET['memberID']));
$groupID = intval($_GET['groupID']);
$tableName = makeSafe($_GET['tableName']);
// process sort
$sortDir = $_GET['sortDir'] ? 'desc' : '';
$sort = makeSafe($_GET['sort']);
if ($sort != 'dateAdded' && $sort != 'dateUpdated') {
// default sort is newly created first
$sort = 'dateAdded';
$sortDir = 'desc';
}
if ($sort) {
$sortClause = "order by {$sort} {$sortDir}";
}
if ($memberID != '') {
$where .= ($where ? " and " : "") . "r.memberID like '{$memberID}%'";
}
if ($groupID != '') {
$where .= ($where ? " and " : "") . "g.groupID='{$groupID}'";
}
if ($tableName != '') {
$where .= ($where ? " and " : "") . "r.tableName='{$tableName}'";
}
if ($where) {
$where = "where {$where}";
开发者ID:bigprof,项目名称:Symptoms-and-diseases-database,代码行数:31,代码来源:pageViewRecords.php
示例12: preg_replace
$permissionsJoin = $permissionsWhere ? ", `membership_userrecords`" : '';
// build the count query
$forcedWhere = $userPCConfig[$ChildTable][$ChildLookupField]['forced-where'];
$query = preg_replace('/^select .* from /i', 'SELECT count(1) FROM ', $userPCConfig[$ChildTable][$ChildLookupField]['query']) . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'";
$totalMatches = sqlValue($query);
// make sure $Page is <= max pages
$maxPage = ceil($totalMatches / $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']);
if ($Page > $maxPage) {
$Page = $maxPage;
}
// initiate output data array
$data = array('config' => $userPCConfig[$ChildTable][$ChildLookupField], 'parameters' => array('ChildTable' => $ChildTable, 'ChildLookupField' => $ChildLookupField, 'SelectedID' => $SelectedID, 'Page' => $Page, 'SortBy' => $SortBy, 'SortDirection' => $SortDirection, 'Operation' => 'get-records'), 'records' => array(), 'totalMatches' => $totalMatches);
// build the data query
if ($totalMatches) {
// if we have at least one record, proceed with fetching data
$startRecord = $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page'] * ($Page - 1);
$data['query'] = $userPCConfig[$ChildTable][$ChildLookupField]['query'] . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'" . ($SortBy !== false && $userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy] ? " ORDER BY {$userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy]} {$SortDirection}" : '') . " LIMIT {$startRecord}, {$userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']}";
$res = sql($data['query'], $eo);
while ($row = db_fetch_row($res)) {
$data['records'][$row[$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key-index']]] = $row;
}
} else {
// if no matching records
$startRecord = 0;
}
$response = loadView($userPCConfig[$ChildTable][$ChildLookupField]['template'], $data);
// change name space to ensure uniqueness
$uniqueNameSpace = $ChildTable . ucfirst($ChildLookupField) . 'GetRecords';
echo str_replace("{$ChildTable}GetChildrenRecordsList", $uniqueNameSpace, $response);
/************************************************/
}
开发者ID:vishwanathhsinhaa,项目名称:tieuthuong-org,代码行数:31,代码来源:parent-children.php
示例13: getValueGivenCaption
function getValueGivenCaption($query, $caption)
{
if (!preg_match('/select\\s+(.*?)\\s*,\\s*(.*?)\\s+from\\s+(.*?)\\s+order by.*/i', $query, $m)) {
if (!preg_match('/select\\s+(.*?)\\s*,\\s*(.*?)\\s+from\\s+(.*)/i', $query, $m)) {
return '';
}
}
// get where clause if present
if (preg_match('/\\s+from\\s+(.*?)\\s+where\\s+(.*?)\\s+order by.*/i', $query, $mw)) {
$where = "where ({$mw['2']}) AND";
$m[3] = $mw[1];
} else {
$where = 'where';
}
$caption = makeSafe($caption);
return sqlValue("SELECT {$m['1']} FROM {$m['3']} {$where} {$m['2']}='{$caption}'");
}
开发者ID:TokaMElTorkey,项目名称:northwind,代码行数:17,代码来源:incFunctions.php
示例14: dirname
<?php
$currDir = dirname(__FILE__);
require "{$currDir}/incCommon.php";
include "{$currDir}/incHeader.php";
if ($_GET['searchGroups'] != "") {
$searchSQL = makeSafe($_GET['searchGroups']);
$searchHTML = htmlspecialchars($_GET['searchGroups']);
$where = "where name like '%{$searchSQL}%' or description like '%{$searchSQL}%'";
} else {
$searchSQL = '';
$searchHTML = '';
$where = "";
}
$numGroups = sqlValue("select count(1) from membership_groups {$where}");
if (!$numGroups && $searchSQL != '') {
echo "<div class=\"status\">{$Translation['no matching results found']}</div>";
$noResults = true;
$page = 1;
} else {
$noResults = false;
}
$page = intval($_GET['page']);
if ($page < 1) {
$page = 1;
} elseif ($page > ceil($numGroups / $adminConfig['groupsPerPage']) && !$noResults) {
redirect("admin/pageViewGroups.php?page=" . ceil($numGroups / $adminConfig['groupsPerPage']));
}
$start = ($page - 1) * $adminConfig['groupsPerPage'];
?>
<div class="page-header"><h1><?php
开发者ID:TokaMElTorkey,项目名称:northwind,代码行数:31,代码来源:pageViewGroups.php
示例15: categories_form
function categories_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('categories');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `categories` where `CategoryID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
} else {
}
ob_start();
?>
<script>
// initial lookup values
jQuery(function() {
});
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/categories_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/categories_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Add/Edit Product Categories', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
//.........这里部分代码省略.........
开发者ID:bigprof,项目名称:appgini-mssql,代码行数:101,代码来源:categories_dml.php
示例16: iconv
$search_term = false;
if (isset($_REQUEST['s'])) {
$search_term = iconv('UTF-8', datalist_db_encoding, $_REQUEST['s']);
}
$page = intval($_REQUEST['p']);
if ($page < 1) {
$page = 1;
}
$skip = $results_per_page * ($page - 1);
$table_name = $_REQUEST['t'];
if (!in_array($table_name, array_keys(getTableList()))) {
/* invalid table */
echo '{"results":[{"id":"","text":"Invalid table"}],"more":false,"elapsed":0}';
exit;
}
/* if id is provided, get owner */
$owner = false;
if ($id) {
$owner = sqlValue("select memberID from membership_userrecords where tableName='{$table_name}' and pkValue='" . makeSafe($id) . "'");
}
$prepared_data = array();
$where = "g.name!='{$adminConfig['anonymousGroup']}' and p.allowView>0 ";
if ($search_term) {
$search_term = makeSafe($search_term);
$where .= "and (u.memberID like '%{$search_term}%' or g.name like '%{$search_term}%')";
}
$res = sql("select u.memberID, g.name from membership_users u left join membership_groups g on u.groupID=g.groupID left join membership_grouppermissions p on g.groupID=p.groupID and p.tableName='{$table_name}' where {$where} order by g.name, u.memberID limit {$skip}, {$results_per_page}", $eo);
while ($row = db_fetch_row($res)) {
$prepared_data[] = array('id' => iconv(datalist_db_encoding, 'UTF-8', $row[0]), 'text' => iconv(datalist_db_encoding, 'UTF-8', "<b>{$row[1]}</b>/{$row[0]}"));
}
echo json_encode(array('results' => $prepared_data, 'more' => @db_num_rows($res) >= $results_per_page, 'elapsed' => round(microtime(true) - $start_ts, 3)));
开发者ID:WebxOne,项目名称:swldbav0.6,代码行数:31,代码来源:getUsers.php
示例17: intval
require "{$d}/incCommon.php";
// request to save changes?
if ($_POST['saveChanges'] != '') {
// validate data
$recID = intval($_POST['recID']);
$memberID = makeSafe(strtolower($_POST['memberID']));
$groupID = intval($_POST['groupID']);
###############################
// update ownership
$upQry = "UPDATE `membership_userrecords` set memberID='{$memberID}', groupID='{$groupID}' WHERE recID='{$recID}'";
sql($upQry);
// redirect to member editing page
redirect("pageEditOwnership.php?recID={$recID}");
} elseif ($_GET['recID'] != '') {
// we have an edit request for a member
$recID = makeSafe($_GET['recID']);
}
include "{$d}/incHeader.php";
if ($recID != '') {
// fetch record data to fill in the form below
$res = sql("select * from membership_userrecords where recID='{$recID}'");
if ($row = mysql_fetch_assoc($res)) {
// get record data
$tableName = $row['tableName'];
$pkValue = $row['pkValue'];
$memberID = strtolower($row['memberID']);
$dateAdded = date($adminConfig['PHPDateTimeFormat'], $row['dateAdded']);
$dateUpdated = date($adminConfig['PHPDateTimeFormat'], $row['dateUpdated']);
$groupID = $row['groupID'];
} else {
// no such record exists
开发者ID:bigprof,项目名称:Symptoms-and-diseases-database,代码行数:31,代码来源:pageEditOwnership.php
示例18: orders_form
function orders_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('orders');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
$filterer_CustomerID = thisOr(undo_magic_quotes($_REQUEST['filterer_CustomerID']), '');
$filterer_EmployeeID = thisOr(undo_magic_quotes($_REQUEST['filterer_EmployeeID']), '');
$filterer_ShipVia = thisOr(undo_magic_quotes($_REQUEST['filterer_ShipVia']), '');
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: CustomerID
$combo_CustomerID = new DataCombo();
// combobox: EmployeeID
$combo_EmployeeID = new DataCombo();
// combobox: OrderDate
$combo_OrderDate = new DateCombo();
$combo_OrderDate->DateFormat = "mdy";
$combo_OrderDate->MinYear = 1900;
$combo_OrderDate->MaxYear = 2100;
$combo_OrderDate->DefaultDate = parseMySQLDate('1', '1');
$combo_OrderDate->MonthNames = $Translation['month names'];
$combo_OrderDate->NamePrefix = 'OrderDate';
// combobox: RequiredDate
$combo_RequiredDate = new DateCombo();
$combo_RequiredDate->DateFormat = "mdy";
$combo_RequiredDate->MinYear = 1900;
$combo_RequiredDate->MaxYear = 2100;
$combo_RequiredDate->DefaultDate = parseMySQLDate('1', '1');
$combo_RequiredDate->MonthNames = $Translation['month names'];
$combo_RequiredDate->NamePrefix = 'RequiredDate';
// combobox: ShippedDate
$combo_ShippedDate = new DateCombo();
$combo_ShippedDate->DateFormat = "mdy";
$combo_ShippedDate->MinYear = 1900;
$combo_ShippedDate->MaxYear = 2100;
$combo_ShippedDate->DefaultDate = parseMySQLDate('', '');
$combo_ShippedDate->MonthNames = $Translation['month names'];
$combo_ShippedDate->NamePrefix = 'ShippedDate';
// combobox: ShipVia
$combo_ShipVia = new DataCombo();
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `orders` where `OrderID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_CustomerID->SelectedData = $row['CustomerID'];
$combo_EmployeeID->SelectedData = $row['EmployeeID'];
$combo_OrderDate->DefaultDate = $row['OrderDate'];
$combo_RequiredDate->DefaultDate = $row['RequiredDate'];
$combo_ShippedDate->DefaultDate = $row['ShippedDate'];
$combo_ShipVia->SelectedData = $row['ShipVia'];
} else {
$combo_CustomerID->SelectedData = $filterer_CustomerID;
$combo_EmployeeID->SelectedData = $filterer_EmployeeID;
$combo_ShipVia->SelectedData = $filterer_ShipVia;
}
$combo_CustomerID->HTML = '<span id="CustomerID-container' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_CustomerID->MatchText = '<span id="CustomerID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_EmployeeID->HTML = '<span id="EmployeeID-container' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_EmployeeID->MatchText = '<span id="EmployeeID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_ShipVia->HTML = '<span id="ShipVia-container' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_ShipVia->MatchText = '<span id="ShipVia-container-readonly' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
//.........这里部分代码省略.........
开发者ID:bigprof,项目名称:appgini-mssql,代码行数:101,代码来源:orders_dml.php
示例19: makeSafe
$custom3 = makeSafe($_POST['custom3']);
$custom4 = makeSafe($_POST['custom4']);
$MySQLDateFormat = makeSafe($_POST['MySQLDateFormat']);
$PHPDateFormat = makeSafe($_POST['PHPDateFormat']);
$PHPDateTimeFormat = makeSafe($_POST['PHPDateTimeFormat']);
$groupsPerPage = intval($_POST['groupsPerPage']) ? intval($_POST['groupsPerPage']) : $adminConfig['groupsPerPage'];
$membersPerPage = intval($_POST['membersPerPage']) ? intval($_POST['membersPerPage']) : $adminConfig['membersPerPage'];
$recordsPerPage = intval($_POST['recordsPerPage']) ? intval($_POST['recordsPerPage']) : $adminConfig['recordsPerPage'];
$defaultSignUp = intval($_POST['visitorSignup']);
$anonymousGroup = makeSafe($_POST['anonymousGroup']);
$anonymousMember = makeSafe($_POST['anonymousMember']);
$senderEmail = isEmail($_POST['senderEmail']);
$senderName = makeSafe($_POST['senderName']);
$approvalMessage = makeSafe($_POST['approvalMessage']);
//$approvalMessage=str_replace(array("\r", "\n"), '\n', $approvalMessage);
$approvalSubject = makeSafe($_POST['approvalSubject']);
// save changes
if (!($fp = @fopen($conFile, "w"))) {
errorMsg("Couldn't create the file '{$conFile}'. Please make sure the directory is writeable (Try chmoding it to 755 or 777).");
include "{$d}/incFooter.php";
} else {
fwrite($fp, "<?php\n\t");
fwrite($fp, "\$adminConfig['adminUsername']='{$adminUsername}';\n\t");
fwrite($fp, "\$adminConfig['adminPassword']='{$adminPassword}';\n\t");
fwrite($fp, "\$adminConfig['notifyAdminNewMembers']={$notifyAdminNewMembers};\n\t");
fwrite($fp, "\$adminConfig['defaultSignUp']={$defaultSignUp};\n\t");
fwrite($fp, "\$adminConfig['anonymousGroup']='{$anonymousGroup}';\n\t");
fwrite($fp, "\$adminConfig['anonymousMember']='{$anonymousMember}';\n\t");
fwrite($fp, "\$adminConfig['groupsPerPage']={$groupsPerPage};\n\t");
fwrite($fp, "\$adminConfig['membersPerPage']={$membersPerPage};\n\t");
fwrite($fp, "\$adminConfig['recordsPerPage']={$recordsPerPage};\n\t");
开发者ID:bigprof,项目名称:Symptoms-and-diseases-database,代码行数:31,代码来源:pageSettings.php
示例20: dirname
<?php
$d = dirname(__FILE__);
require "{$d}/incCommon.php";
include "{$d}/incHeader.php";
// process search
if ($_GET['searchMembers'] != "") {
$searchSQL = makeSafe($_GET['searchMembers']);
$searchHTML = htmlspecialchars($_GET['searchMembers']);
$searchField = intval($_GET['searchField']);
$searchFieldName = array_search($searchField, array('m.memberID' => 1, 'g.name' => 2, 'm.email' => 3, 'm.custom1' => 4, 'm.custom2' => 5, 'm.custom3' => 6, 'm.custom4' => 7, 'm.comments' => 8));
if (!$searchFieldName) {
// = search all fields
$where = "where (m.memberID like '%{$searchSQL}%' or g.name like '%{$searchSQL}%' or m.email like '%{$searchSQL}%' or m.custom1 like '%{$searchSQL}%' or m.custom2 like '%{$searchSQL}%' or m.custom3 like '%{$searchSQL}%' or m.custom4 like '%{$searchSQL}%' or m.comments like '%{$searchSQL}%')";
} else {
// = search a specific field
$where = "where ({$searchFieldName} like '%{$searchSQL}%')";
}
} else {
$searchSQL = '';
$searchHTML = '';
$searchField = 0;
$searchFieldName = '';
$where = "";
}
// process groupID filter
$groupID = intval($_GET['groupID']);
if ($groupID) {
if ($where != '') {
$where .= " and (g.groupID='{$groupID}')";
} else {
开发者ID:bigprof,项目名称:Symptoms-and-diseases-database,代码行数:31,代码来源:pageViewMembers.php
注:本文中的makeSafe函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项 |
客服电话
APP下载
官方微信
请发表评论