Re: Web DNA...

This WebDNA talk-list message is from

2007


It keeps the original formatting.
numero = 68921
interpreted = N
texte = Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Web DNA... ( Clint Davis 2007)
  2. Re: Web DNA... ( "Will Starck" 2007)
  3. Re: Web DNA... ( Donovan Brooke 2007)
  4. Re: Web DNA... ( "Will Starck" 2007)
  5. Re: Web DNA... ( Jay Van Vark 2007)
  6. Re: Web DNA... ( Frank Nordberg 2007)
  7. Re: Web DNA... ( David Maish 2007)
  8. Re: Web DNA... ( "Nitai @ ComputerOil" 2007)
  9. Re: Web DNA... ( Clint Davis 2007)
  10. Re: Web DNA... ( David Maish 2007)
  11. Re: Web DNA... ( Clint Davis 2007)
  12. Re: Web DNA... ( Clint Davis 2007)
  13. Re: Web DNA... ( Ki Song 2007)
  14. Re: Web DNA... ( Clint Davis 2007)
  15. Re: Web DNA... ( Alex McCombie 2007)
  16. Re: Fwd: Web DNA... ( Frank Nordberg 2007)
Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ David Maish

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997) Retaining data (2003) Custom Tags or Modular Code (2001) Date range (2006) Date Help! (2003) RE: Any limit to [include] (1997) Pref settings? (1998) Email Set-Up? (1997) If Empty ? (1997) Supported product? (2006) ConvertChars? (1998) Cart Numbers (1997) showif errors (1998) Separate SSL Server (1997) Multiple Purchase (2002) Search/sort in URL Was: GuestBook example (1997) More questions about serial number dishing (1997) Deleting Orders (1997) Search results templates (1996) Firesite cache vs webcat cache (1997)