Re: Web DNA...

This WebDNA talk-list message is from

2007


It keeps the original formatting.
numero = 68921
interpreted = N
texte = Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Web DNA... ( Clint Davis 2007)
  2. Re: Web DNA... ( "Will Starck" 2007)
  3. Re: Web DNA... ( Donovan Brooke 2007)
  4. Re: Web DNA... ( "Will Starck" 2007)
  5. Re: Web DNA... ( Jay Van Vark 2007)
  6. Re: Web DNA... ( Frank Nordberg 2007)
  7. Re: Web DNA... ( David Maish 2007)
  8. Re: Web DNA... ( "Nitai @ ComputerOil" 2007)
  9. Re: Web DNA... ( Clint Davis 2007)
  10. Re: Web DNA... ( David Maish 2007)
  11. Re: Web DNA... ( Clint Davis 2007)
  12. Re: Web DNA... ( Clint Davis 2007)
  13. Re: Web DNA... ( Ki Song 2007)
  14. Re: Web DNA... ( Clint Davis 2007)
  15. Re: Web DNA... ( Alex McCombie 2007)
  16. Re: Fwd: Web DNA... ( Frank Nordberg 2007)
Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ David Maish

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Mac 4.0b2 Installer Problems (2000) shownext not showing next...still r2 (1997) Can a Get or Post throw off a Ping? (1998) Follow-Up to: Removing [showif] makes a big difference in speed (1997) Image Sizes (2003) Adding multiple items to Cart at one time, & append context problem (1998) Another question (1997) Max Record length restated as maybe bug (1997) X etc.... (1999) WebCatalog Mac and cgi-bin (WebSTAR 2.0) (1997) How true is this? (1999) 2cd pare of eyes. (2001) Webcat listserver - WAS - webcat method for waiting specific amount of time? (2000) Credit card arrangement (2005) upgrading (1997) Server crash (1997) Q: how long for answers to the WebDNA-Talk list? (1997) Running WebCat from a CD-ROM (1997) [WebDNA] CICADA (2009) WebCat2 as a chat server? (1997)