Re: Web DNA...

This WebDNA talk-list message is from

2007


It keeps the original formatting.
numero = 68921
interpreted = N
texte = Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Web DNA... ( Clint Davis 2007)
  2. Re: Web DNA... ( "Will Starck" 2007)
  3. Re: Web DNA... ( Donovan Brooke 2007)
  4. Re: Web DNA... ( "Will Starck" 2007)
  5. Re: Web DNA... ( Jay Van Vark 2007)
  6. Re: Web DNA... ( Frank Nordberg 2007)
  7. Re: Web DNA... ( David Maish 2007)
  8. Re: Web DNA... ( "Nitai @ ComputerOil" 2007)
  9. Re: Web DNA... ( Clint Davis 2007)
  10. Re: Web DNA... ( David Maish 2007)
  11. Re: Web DNA... ( Clint Davis 2007)
  12. Re: Web DNA... ( Clint Davis 2007)
  13. Re: Web DNA... ( Ki Song 2007)
  14. Re: Web DNA... ( Clint Davis 2007)
  15. Re: Web DNA... ( Alex McCombie 2007)
  16. Re: Fwd: Web DNA... ( Frank Nordberg 2007)
Thank you! On May 1, 2007, at 11:04 AM, Clint Davis wrote: > I usually put this into a func.php file that I include into each page. > Note > the line breaks that should all be one line. > > if (!function_exists("GetSQLValueString")) { > function GetSQLValueString($theValue, $theType,(LINEBREAK) > $theDefinedValue = "", $theNotDefinedValue = "") { > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : > $theValue; > $theValue = function_exists("mysql_real_escape_string") ?(LINEBREAK) > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > switch ($theType) { > case "text": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "long": > case "int": > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > break; > case "double": > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : > "NULL"; > break; > case "date": > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > break; > case "defined": > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > break; > } > return $theValue; > } > } > ?> > > > Then, you can set your variables like this: > $myVariable = GetSQLValueString($_GET['Variable'],'text'); > (your variable name) = GetSQLValueString(GET/POST depending ['Incoming > Variable Name'],'type of variable from function above'); > > > On 5/1/07 10:15 AM, "David Maish" wrote: > >> Please do. I had a server compromised awhile back. >> >> Thanks, Dave >> >> >>> One more thing... >>> >>> Make sure you validate *ALL* user input with PHP, or you'll be asking >>> to get >>> hacked. Cross site scripting (XSS) and SQL injection can compromise >>> an >>> entire server. I can post a simple function if anyone likes - it's >>> from >>> Dreamweaver. > > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ David Maish

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Bug or syntax error on my part? (1997) Webstar 1.3.1 PPC (1997) Forms Search Questions (1997) [WebDNA] Google Cloud (2014) Credit Card Processing (2000) [WebDNA] Triggers.db wiped completely blank (2011) HTML Editors (1997) Almost a there but..bye bye NetCloak (1997) Here we go again... (2006) Version 4 (2000) [WebDNA] a major shift in strategy? (2008) Unable to view next 101-200 (1997) I have troubles to send message out (1998) How is it done? (1998) Selling? (2001) re:check boxes (1997) Almost a there but..bye bye NetCloak (1997) Snake Bites (1997) WebCatalog f2 Installation (1997) Emailer setup (1997)