Re: Web DNA...

This WebDNA talk-list message is from

2007


It keeps the original formatting.
numero = 68921
interpreted = N
texte = Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Web DNA... ( Clint Davis 2007)
  2. Re: Web DNA... ( "Will Starck" 2007)
  3. Re: Web DNA... ( Donovan Brooke 2007)
  4. Re: Web DNA... ( "Will Starck" 2007)
  5. Re: Web DNA... ( Jay Van Vark 2007)
  6. Re: Web DNA... ( Frank Nordberg 2007)
  7. Re: Web DNA... ( David Maish 2007)
  8. Re: Web DNA... ( "Nitai @ ComputerOil" 2007)
  9. Re: Web DNA... ( Clint Davis 2007)
  10. Re: Web DNA... ( David Maish 2007)
  11. Re: Web DNA... ( Clint Davis 2007)
  12. Re: Web DNA... ( Clint Davis 2007)
  13. Re: Web DNA... ( Ki Song 2007)
  14. Re: Web DNA... ( Clint Davis 2007)
  15. Re: Web DNA... ( Alex McCombie 2007)
  16. Re: Fwd: Web DNA... ( Frank Nordberg 2007)
Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ David Maish

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Extended [ConvertChars] (1997) Am on the list? (1997) 2.0 Info (1997) FTP (1999) PSC recommends what date format yr 2000??? (1997) SiteGuard Admin Feature ? (1997) WebCommerce: Folder organization ? (1997) Can't use old cart file (was One more try) (1997) new server, can't use [writefile] - code attached [long] (2004) oops private message leaked into talk list (1997) Download capabilities (1997) So many lookers, hey smith micro (2003) RE:It just Does't add up!!! (1997) Using WebCat for product info requests (1997) Webcat Manual and TeaRoom Examples Uses Different Examples. (1997) my price won't move (1997) Math (1997) access denied problem (1997) ReturnRaw and redirect (1997) Requiring that certain fields be completed (1997)