mysql updaten met escape string
Door escapen komt dus overal een slash voor. voor een ", voor een ', voor een &, noem maar op.
Hierdoor werken de codes niet meer via de editor. Voorbeeld:
Code (php)
1
2
3
4
5
6
7
2
3
4
5
6
7
<p>Dit is een test</p>
<p> </p>
<p>dit ook: \\\\\\\" \\\\\\\'</p>
<p> </p>
<p><a href="\"\\"http:/zeeland.blog.nl/files/2011/01/drol1.jpg\\"\"">http://zeeland.blog.nl/files/2011/01/drol1.jpg</a></p>
<p> </p>
<p><img src="\"http:/zeeland.blog.nl/files/2011/01/drol1.jpg\"" alt="\"\"" width="\"225\"" height="\"191\"" /></p>
<p> </p>
<p>dit ook: \\\\\\\" \\\\\\\'</p>
<p> </p>
<p><a href="\"\\"http:/zeeland.blog.nl/files/2011/01/drol1.jpg\\"\"">http://zeeland.blog.nl/files/2011/01/drol1.jpg</a></p>
<p> </p>
<p><img src="\"http:/zeeland.blog.nl/files/2011/01/drol1.jpg\"" alt="\"\"" width="\"225\"" height="\"191\"" /></p>
Dit is de update pagina:
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?php
loading_system::fullload();
$inhoud = $_POST['elm1'];
$post = $_POST['blocks'];
$bansys = $_POST['bansys'];
database_object("UPDATE ".$settings['reference']."pages SET inhoud=? WHERE id=?", $inhoud, $_GET['id']);
if($post==''.$language['active'].'')
{
database_object("UPDATE ".$settings['reference']."pages SET blocks='0' WHERE id=?", $_GET['id']);
}
else
{
database_object("UPDATE ".$settings['reference']."pages SET blocks='1' WHERE id=?", $_GET['id']);
}
if($bansys==''.$language['active'].'')
{
database_object("UPDATE ".$settings['reference']."pages SET bansystem='0' WHERE id=?", $_GET['id']);
}
else
{
database_object("UPDATE ".$settings['reference']."pages SET bansystem='1' WHERE id=?", $_GET['id']);
}
redirect_page('./admin.php?action=pages');
?>
loading_system::fullload();
$inhoud = $_POST['elm1'];
$post = $_POST['blocks'];
$bansys = $_POST['bansys'];
database_object("UPDATE ".$settings['reference']."pages SET inhoud=? WHERE id=?", $inhoud, $_GET['id']);
if($post==''.$language['active'].'')
{
database_object("UPDATE ".$settings['reference']."pages SET blocks='0' WHERE id=?", $_GET['id']);
}
else
{
database_object("UPDATE ".$settings['reference']."pages SET blocks='1' WHERE id=?", $_GET['id']);
}
if($bansys==''.$language['active'].'')
{
database_object("UPDATE ".$settings['reference']."pages SET bansystem='0' WHERE id=?", $_GET['id']);
}
else
{
database_object("UPDATE ".$settings['reference']."pages SET bansystem='1' WHERE id=?", $_GET['id']);
}
redirect_page('./admin.php?action=pages');
?>
Database_object is gewoon om snel en gemakkelijk alles in de codes te kunnen zetten. Eigenlijk pdo vergelijkbaar met mysql_query maken.
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<?php
function db_update($table, $row, $value, $w1 = null, $v1 = null, $w2 = null, $v2 = null, $w3 = null, $v3 = null, $w4 = null, $v4 = null, $w5 = null, $v5 = null)
{
$start = 5;
$end = 1;
if(isset($w5)){$isset[5] = true;}else{$isset[5] = false;}
if(isset($w4)){$isset[4] = true;}else{$isset[4] = false;}
if(isset($w3)){$isset[3] = true;}else{$isset[3] = false;}
if(isset($w2)){$isset[2] = true;}else{$isset[2] = false;}
if(isset($w1)){$isset[1] = true;}else{$isset[1] = false;}
while($end==1){if($isset[$start]==false){$start--;}else{$end = 0;}if($start==0){$end = 0;}}
if($start==5){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."' AND ".$w3." = '".$v3."' AND ".$w4." = '".$v4."' AND ".$w5." = '".$v5."'");}
elseif($start==4){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."' AND ".$w3." = '".$v3."' AND ".$w4." = '".$v4."'");}
elseif($start==3){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."' AND ".$w3." = '".$v3."'");}
elseif($start==2){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."'");}
elseif($start==1){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."'");}
elseif($start==0){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."'");}
}
?>
function db_update($table, $row, $value, $w1 = null, $v1 = null, $w2 = null, $v2 = null, $w3 = null, $v3 = null, $w4 = null, $v4 = null, $w5 = null, $v5 = null)
{
$start = 5;
$end = 1;
if(isset($w5)){$isset[5] = true;}else{$isset[5] = false;}
if(isset($w4)){$isset[4] = true;}else{$isset[4] = false;}
if(isset($w3)){$isset[3] = true;}else{$isset[3] = false;}
if(isset($w2)){$isset[2] = true;}else{$isset[2] = false;}
if(isset($w1)){$isset[1] = true;}else{$isset[1] = false;}
while($end==1){if($isset[$start]==false){$start--;}else{$end = 0;}if($start==0){$end = 0;}}
if($start==5){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."' AND ".$w3." = '".$v3."' AND ".$w4." = '".$v4."' AND ".$w5." = '".$v5."'");}
elseif($start==4){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."' AND ".$w3." = '".$v3."' AND ".$w4." = '".$v4."'");}
elseif($start==3){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."' AND ".$w3." = '".$v3."'");}
elseif($start==2){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."' AND ".$w2." = '".$v2."'");}
elseif($start==1){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."' WHERE ".$w1." = '".$v1."'");}
elseif($start==0){mysql_query("UPDATE ".$table." SET ".$row." = '".$value."'");}
}
?>
Syntax database_object:
database_object('SELECT * FROM koekjes WHERE id=?', $_GET['id']);
Gelijk aan:
$statement = $db->prepare('SELECT * FROM koekjes WHERE id=?');
$statement->execute(array($_GET['id']));
Kan iemand me helpen/tips geven?
Toevoeging op 21/04/2011 16:16:54:
* Bump *
???
Gewijzigd op 20/04/2011 21:21:42 door Phpnuke r
