Re: Web DNA...

This WebDNA talk-list message is from

2007


It keeps the original formatting.
numero = 68921
interpreted = N
texte = Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Web DNA... ( Clint Davis 2007)
  2. Re: Web DNA... ( "Will Starck" 2007)
  3. Re: Web DNA... ( Donovan Brooke 2007)
  4. Re: Web DNA... ( "Will Starck" 2007)
  5. Re: Web DNA... ( Jay Van Vark 2007)
  6. Re: Web DNA... ( Frank Nordberg 2007)
  7. Re: Web DNA... ( David Maish 2007)
  8. Re: Web DNA... ( "Nitai @ ComputerOil" 2007)
  9. Re: Web DNA... ( Clint Davis 2007)
  10. Re: Web DNA... ( David Maish 2007)
  11. Re: Web DNA... ( Clint Davis 2007)
  12. Re: Web DNA... ( Clint Davis 2007)
  13. Re: Web DNA... ( Ki Song 2007)
  14. Re: Web DNA... ( Clint Davis 2007)
  15. Re: Web DNA... ( Alex McCombie 2007)
  16. Re: Fwd: Web DNA... ( Frank Nordberg 2007)
Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ David Maish

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Webcatalog error, Plug-in for Webstar (1996) search command (1999) DON'T use old cart file! (1997) Is there an easier way? (1998) [WebDNA] WebDNA FastCGI (2014) A Global Variable (1997) How To question on setting up downloads (1997) Help! WebCat2 bug (1997) [ADDLINEITEM] hangs Web* (1998) case sensitivity in lookups (1997) How To get Some Help (2003) RE: WebCat and image maps (1997) RE: [WebDNA] anyone know why webdna kicking out incorrect dates? (2008) WebCatalog f2 Installation (1997) Search results templates (1996) RePost: NAT and the CART (1999) Almost a there but..bye bye NetCloak (1997) Don't do this! (was: Crashing Type 3) (1999) WebCat virtual postcard is done! Thanks for the help! (1998) Nested vs conditional (1997)