Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
- {
- $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
- $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
- switch ($theType) {
- case "text":
- $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
- break;
- case "long":
- case "int":
- $theValue = ($theValue != "") ? intval($theValue) : "NULL";
- break;
- case "double":
- $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
- break;
- case "date":
- $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
- break;
- case "defined":
- $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
- break;
- }
- return $theValue;
- }
- if (isset($_POST['username'])) {
- $loginUsername=$_POST['username'];
- $password=$_POST['password'];
- $MM_fldUserAuthorization = "";
- $MM_redirectLoginSuccess = "main.php";
- $MM_redirectLoginFailed = "login_form.php";
- $MM_redirecttoReferrer = false;
- mysql_select_db($database_connection1, $connection1);
- $LoginRS__query=sprintf("SELECT username, password FROM member WHERE username=%s AND password=%s",
- GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
- ...
- $sql = "SELECT * FROM users WHERE username = " . GetSQLValueString($_GET['username'], 'text');
- $result = mysql_query($sql);
- GetSQLValueString("a value that I want to escape's", 'text');
- function GetSQLValueString($conn_vote, $theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
- {
- $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
- $theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($conn_vote, $theValue) : mysqli_escape_string($conn_vote, $theValue);`enter code here`
- switch ($theType) {
- case "text":
- $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
- break;
- case "long":
- case "int":
- $theValue = ($theValue != "") ? intval($theValue) : "NULL";
- break;
- case "double":
- $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
- break;
- case "date":
- $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
- break;
- case "defined":
- $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
- break;
- }
- return $theValue;
- }
- }
Add Comment
Please, Sign In to add comment