Changeset 90
- Timestamp:
- Apr 8, 2006 8:35:17 AM (18 years ago)
- Location:
- branches/1.1dev
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/bin/file_importer.php
r89 r90 43 43 // added_datetime 44 44 // ) VALUES ( 45 // '" . addslashes(0) . "',46 // '" . addslashes('hosting') . "',47 // '" . addslashes($file_date) . "',48 // '" . addslashes($amt[1]) . "',49 // '" . addslashes('Paid') . "',50 // '" . addslashes('') . "',51 // '" . addslashes($file_text) . "',52 // '" . addslashes($file_date) . "',45 // '" . mysql_real_escape_string(0) . "', 46 // '" . mysql_real_escape_string('hosting') . "', 47 // '" . mysql_real_escape_string($file_date) . "', 48 // '" . mysql_real_escape_string($amt[1]) . "', 49 // '" . mysql_real_escape_string('Paid') . "', 50 // '" . mysql_real_escape_string('') . "', 51 // '" . mysql_real_escape_string($file_text) . "', 52 // '" . mysql_real_escape_string($file_date) . "', 53 53 // NOW() 54 54 // ) -
branches/1.1dev/bin/module_maker/form_template.cli.php
r89 r90 28 28 29 29 // Get DB table column info. 30 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));30 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 31 31 while ($row = mysql_fetch_row($qid)) { 32 32 $cols[] = $row; -
branches/1.1dev/bin/module_maker/list_template.cli.php
r89 r90 40 40 41 41 // Get DB table column info. 42 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));42 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 43 43 while ($row = mysql_fetch_row($qid)) { 44 44 $cols[] = $row; -
branches/1.1dev/bin/module_maker/module.cli.php
r89 r90 135 135 // Ensure requested table contains columns. 136 136 // Get DB table column info. 137 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));137 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 138 138 while ($row = mysql_fetch_row($qid)) { 139 139 $cols[] = $row; -
branches/1.1dev/bin/module_maker/skel/admin.php
r89 r90 138 138 if (getFormdata('repeat', false)) { 139 139 // Display edit function with next available ID. 140 $qid = dbQuery("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . addslashes(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");140 $qid = dbQuery("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); 141 141 if (list($next_id) = mysql_fetch_row($qid)) { 142 142 dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); … … 204 204 SELECT * 205 205 FROM %DB_TBL% 206 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'206 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 207 207 "); 208 208 if (!$frm = mysql_fetch_assoc($qid)) { … … 241 241 SELECT <##> 242 242 FROM %DB_TBL% 243 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'243 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 244 244 "); 245 245 if (! list($name) = mysql_fetch_row($qid)) { … … 250 250 251 251 // Delete the record. 252 dbQuery("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'");252 dbQuery("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "'"); 253 253 254 254 raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); … … 320 320 if (getFormData('filter_<##>', false)) { 321 321 // Limit by filter. 322 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . addslashes(getFormData('filter_<##>')) . "'";322 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . mysql_real_escape_string(getFormData('filter_<##>')) . "'"; 323 323 } 324 324 … … 400 400 dbQuery(" 401 401 UPDATE %DB_TBL% SET 402 rank = '" . addslashes($new_rank) . "'403 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'402 rank = '" . mysql_real_escape_string($new_rank) . "' 403 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 404 404 "); 405 405 } -
branches/1.1dev/bin/module_maker/skel/public.php
r89 r90 36 36 $qid = dbQuery(" 37 37 SELECT * FROM %DB_TBL% 38 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'38 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' 39 39 AND publish = 'true' 40 40 <##>AND (publish_date <= CURDATE() OR publish_date = '0000-00-00') … … 50 50 UPDATE %DB_TBL% 51 51 SET hit_count = hit_count + 1 52 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'52 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' 53 53 "); 54 54 -
branches/1.1dev/bin/module_maker/sql.cli.php
r89 r90 39 39 40 40 // Get DB table column info. 41 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));41 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 42 42 while ($row = mysql_fetch_row($qid)) { 43 43 $cols[] = $row; … … 68 68 } else if ('added_by_admin_id' == $field || 'modified_by_admin_id' == $field) { 69 69 // Toggle types. 70 $c[$field] = "'\" . addslashes(\$_admin->getVal('user_id')) . \"'";70 $c[$field] = "'\" . mysql_real_escape_string(\$_admin->getVal('user_id')) . \"'"; 71 71 } else if ('added_datetime' == $field || 'modified_datetime' == $field) { 72 72 // DB record insertion datetime. … … 74 74 } else { 75 75 // Default. Just insert data. 76 $c[$field] = "'\" . addslashes(\$frm['$field']) . \"'";76 $c[$field] = "'\" . mysql_real_escape_string(\$frm['$field']) . \"'"; 77 77 } 78 78 } … … 127 127 dbQuery(" 128 128 UPDATE $db_tbl SET$key_eq_val 129 WHERE $primary_key = '" . addslashes(\$frm['$primary_key']) . "'129 WHERE $primary_key = '" . mysql_real_escape_string(\$frm['$primary_key']) . "' 130 130 "); 131 131 E_O_F; … … 140 140 $delim = 'WHERE'; 141 141 if (!empty($primary_key)) { 142 $where_clause = " $delim $primary_key = '\" . addslashes(\$frm['$primary_key']) . \"'\n";142 $where_clause = " $delim $primary_key = '\" . mysql_real_escape_string(\$frm['$primary_key']) . \"'\n"; 143 143 $delim = 'AND'; 144 144 } … … 147 147 continue; 148 148 } 149 $where_clause .= " $delim $k = '\" . addslashes(\$frm['$k']) . \"'\n";149 $where_clause .= " $delim $k = '\" . mysql_real_escape_string(\$frm['$k']) . \"'\n"; 150 150 $delim = 'AND'; 151 151 } … … 175 175 if (!isset($op) || 'search' == $op) { 176 176 $search_skip_columns = array('added_datetime', 'added_by_admin_id', 'modified_datetime', 'modified_by_admin_id', 'publish', 'featured'); 177 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . addslashes(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));177 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . mysql_real_escape_string(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns)); 178 178 echo <<<E_O_F 179 179 \$where_clause .= (empty(\$where_clause) ? 'WHERE' : 'AND') . " 180 180 ( 181 $search_columns LIKE '%" . addslashes(\$qry_words[\$i]) . "%'181 $search_columns LIKE '%" . mysql_real_escape_string(\$qry_words[\$i]) . "%' 182 182 ) 183 183 "; -
branches/1.1dev/bin/module_maker/validation.cli.php
r89 r90 29 29 30 30 // Get DB table column info. 31 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));31 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 32 32 while ($row = mysql_fetch_row($qid)) { 33 33 $cols[] = $row; -
branches/1.1dev/docs/file_layout.txt
r89 r90 16 16 FormValidator.inc.php (validation routines used to test incoming user data.) 17 17 ImageThumb.inc.php (automated image thumbnailing routines.) 18 NodeHeirarchy.php (class for manipulation of node heirarchies.)18 Hierarchy.php (class for manipulation of node heirarchies.) 19 19 MySQLSessionHandler.inc.php (database session handler.) 20 20 Nav.inc.php (navigation element management class)) -
branches/1.1dev/lib/Hierarchy.inc.php
r89 r90 1 1 <?php 2 2 /** 3 * H eirarchy.inc.php3 * Hierarchy.inc.php 4 4 * Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information 5 5 */ … … 7 7 /** 8 8 * Objective: This class provides the tools to organize pieces of data into a 9 * h eirarchy of nodes. Any form of data (article, product, image) can be10 * represented as a node in this h eirarchy. This class does not manipulate the9 * hierarchy of nodes. Any form of data (article, product, image) can be 10 * represented as a node in this hierarchy. This class does not manipulate the 11 11 * data, nor is it involved in storing or retrieving the data. In fact it does 12 12 * not access the tables where data exists and cannot find out info about the 13 13 * data. You must provide identification of a piece of data (type and ID) to 14 * insert it into the h eirarchy. The node heirarchy is completely14 * insert it into the hierarchy. The node hierarchy is completely 15 15 * separate from data storage and retreival. You must separatly store the data 16 16 * using whatever logic is specific to the data then also call these functions. 17 17 * Nodes are not the data. The nodes are mere singularities in virtual space 18 * that represent a piece of data's relationship with another. The h eirarchy18 * that represent a piece of data's relationship with another. The hierarchy 19 19 * is an inverted tree structure. Each node can have virtually infinite 20 20 * children. Each child can have multiple parents. … … 29 29 require_once dirname(__FILE__) . '/Utilities.inc.php'; 30 30 31 class H eirarchy {31 class Hierarchy { 32 32 33 33 /** … … 67 67 * configuration or connection parameters. 68 68 */ 69 function H eirarchy($params=array())69 function Hierarchy($params=array()) 70 70 { 71 71 $this->params = $params; … … 128 128 129 129 /** 130 * Takes a sing lar node identifier and returns it as components of an array.130 * Takes a singular node identifier and returns it as components of an array. 131 131 * @param string $node 132 132 * @return mixed Array of node type and id on success, false on failure. … … 547 547 * the specified node IS an ancestor of a node made into it's parent, we would 548 548 * have a circular reference that would cause an infinite loop with any 549 * recursive queries of the h eirarchy.549 * recursive queries of the hierarchy. 550 550 * @param string $child_type 551 551 * @param string $child_id … … 573 573 * ALL ancestors to the specified node. I'm not sure what the order will be 574 574 * but that probably isn't useful anyways. I use this to prevent circular 575 * references in the h eirarchy.575 * references in the hierarchy. 576 576 * @param string $child_type 577 577 * @param string $child_id … … 712 712 for ($i=0; $i<$num_children; $i++) { 713 713 714 $row = $my_children[$i]; 715 // Preventing circular references. 716 if ($row['child_type'] == $child_type && $row['child_id'] == $child_id) { 717 logMsg(sprintf(_("Circular reference detected: %s has itself as a parent."), $this->toStringID($row['child_type'], $row['child_id'])), LOG_ERR, __FILE__, __LINE__); 714 // Preventing circular references (Except when including current item in list). 715 if ($my_children[$i]['child_type'] == $child_type && $my_children[$i]['child_id'] == $child_id && !($_return_flag && $include_curr)) { 716 logMsg(sprintf(_("Circular reference detected: %s has itself as a parent."), $this->toStringID($my_children[$i]['child_type'], $my_children[$i]['child_id'])), LOG_ERR, __FILE__, __LINE__); 718 717 continue; 719 718 } 720 $row['indent'] = $_indent; 721 if (in_array($this->toStringID($row['child_type'], $row['child_id']), $preselected)) { 722 $row['selected'] = true; 719 720 $my_children[$i]['indent'] = $_indent; 721 722 if (in_array($this->toStringID($my_children[$i]['child_type'], $my_children[$i]['child_id']), $preselected)) { 723 $my_children[$i]['selected'] = true; 723 724 } 724 $output[] = $row; 725 unset($row);725 726 $output[] = $my_children[$i]; 726 727 727 // T his is so we test if each node is a string only once. We store the result in the is_a_leaf array statically.728 // Test if each node is a string only once. Store the result in the is_a_leaf array statically. 728 729 if (!isset($is_a_leaf[$this->toStringID($my_children[$i]['child_type'], $my_children[$i]['child_id'])])) { 729 730 $is_a_leaf[$this->toStringID($my_children[$i]['child_type'], $my_children[$i]['child_id'])] = $this->isLeaf($my_children[$i]['child_type'], $my_children[$i]['child_id']); 730 731 } 731 732 if (!$is_a_leaf[$this->toStringID($my_children[$i]['child_type'], $my_children[$i]['child_id'])]) { 732 // If this node is not a leaf, we dive into it recursiv ly.733 // If this node is not a leaf, we dive into it recursively. 733 734 $this->getNodeList($preselected, $my_children[$i]['child_type'], $my_children[$i]['child_id'], $type_constraint, $include_curr, $order, $_indent+1, false); 734 735 } … … 747 748 } 748 749 750 function convertListToTree($curr, $child_type=null, $child_id=null, $_return_flag=true) 751 { 752 if (!is_array($curr) || empty($curr)) { 753 return array(); 754 } 755 756 static $orig; 757 static $children_map; 758 static $node_map; 759 760 // The original $curr contains the full list. Save a copy of this. 761 if (!isset($orig)) { 762 $orig = $curr; 763 764 // Create children map, a dictionary of Parent IDs -> Children IDs. 765 $children_map = array(); 766 foreach ($orig as $i => $n) { 767 $n_parent = $this->toStringID($n['parent_type'], $n['parent_id']); 768 $n_child = $this->toStringID($n['child_type'], $n['child_id']); 769 $children_map[$n_parent][] = $n_child; 770 } 771 772 // Create node array map, a dictionary of $orig keys -> node IDs. 773 $node_map = array(); 774 foreach ($orig as $i => $n) { 775 $n_child = $this->toStringID($n['child_type'], $n['child_id']); 776 $node_map[$n_child] = $i; 777 } 778 779 // Set initial (root) node. 780 if (isset($child_type) && isset($child_id)) { 781 // Use provided node as starting point. 782 $curr = $orig[$node_map[$this->toStringID($child_type, $child_id)]]; 783 } else { 784 // Otherwise assume first element of orig is starting point. 785 $curr = $orig[0]; 786 } 787 } 788 789 // Get children of current node. 790 $curr_str_id = $this->toStringID($curr['child_type'], $curr['child_id']); 791 $curr_children = $children_map[$curr_str_id]; 792 793 // If any children, recurse in appending a multidimensional array to $curr. 794 if (!empty($curr_children)) { 795 foreach ($curr_children as $child) { 796 $curr['children'][] = $this->convertListToTree($orig[$node_map[$child]], null, null, false); 797 } 798 } 799 800 if ($_return_flag) { 801 // We must reset the static variables so that they do 802 // not fill up during subsequent function calls. 803 $orig = null; 804 $children_map = null; 805 $node_map = null; 806 return array($curr); 807 } 808 809 return $curr; 810 } 811 812 function printTree($in) 813 { 814 if (!is_array($in) || empty($in)) { 815 return false; 816 } 817 818 ?><ul><?php 819 foreach ($in as $n) { 820 $class = $n['selected'] ? ' class="current"' : ''; 821 ?><li<?php echo $class; ?>><?php 822 echo oTxt($n['title']); 823 if (isset($n['children']) && !empty($n['children'])) { 824 $this->printTree($n['children']); 825 } 826 ?></li><?php 827 } 828 ?></ul><?php 829 } 749 830 750 831 /**
Note: See TracChangeset
for help on using the changeset viewer.