My php code works well to escape '," signs. After pages are loaded a catched file is creating. and that is where i get into trouble because in catched copies of files the special characters (' " etc) are not escaped. so i have \' instead of ' and \" instead of " etc.
Bellow is the code i will highly appreciate if someone can help me out to understand what is wrong with the code. thank you very much.
Regards
Arman Galstyan
eNotalone.com inc.
<?
################################################
OpenTemplate for processing
Expects: Templatename, error (optional)
Returns: printout of template after processing
################################################
Function OpenTemplate($tempname, $error = "",$filename="",$fileext=""){
Global $formatcomment,$tempurl, $url, $uname,$password,$grand_total,$keywords,$catlist,$catlist2,$catlist3,$description,$title,$cname,$cmail,$category,$category2,$category3,$reciplink,$id,$visits,$rookie,$vet,$getmail,$rating,$search,$number,$links,$links2,$previousnext,$votes,$adddate,$min_votes,$catlinks,$catlinks2,$catstr,$pathcategory,$numlinks,$cat_id,$catsel,$catsel1,$maxhighfly,$linkprint,$username,$catid,$catid2,$catid3,$maillink,$maildate,$mailfromperson,$mailfromaddress,$subject,$msgid,$body,$session,$msg,$uid,$categoryname,$ID;
include ("var.php3");
$tempfile = fopen (stripslashes ("$tempurl/$tempname"), stripslashes ("r"));
if ($cachetime > 0){
$cachefile = fopen(stripslashes("$cache_path/$filename?$fileext.cache"), addslashes("w"));
}
while(!feof($tempfile))
{
$templine = fgets(addslashes($tempfile), 255);
include("templates.php3");
if ($cachetime > 0){
fputs(addslashes($cachefile), addslashes($templine));
}
print(stripslashes($templine));
}
fclose(addslashes($tempfile));
if ($cachetime > 0){
fclose(addslashes($cachefile));
}
}
################################################
Get total number of links in database
Expects: Search table, Connection
Returns: Total number of links
################################################
function total_links($searchtable, $conn){
$que = "SELECT lid FROM $searchtable WHERE priority > -1";
$queresult = db_query($que,$conn);
$grand_total = db_num_rows($queresult);
return ($grand_total);
}
################################################
Get categories
Expects: Connection, category (optional),
category term (optional)
Returns: HTML format for category selection
################################################
function getcats($conn,$cat="",$catselect ="category")
{
include ("var.php3");
$catsquery="SELECT * FROM $cattable WHERE goto is null OR goto =''";
$catsresult = db_query($catsquery,$conn);
$catsnumber = db_num_rows($catsresult);
$cati = 1;
IF ($catsnumber == 0) :
$catlist="no categories";
ELSEIF ($catsnumber > 0) :
WHILE ($row = db_fetch_array($catsresult,$nr)):
$category[$cati] = $row["name"];
$mas_cat_id[$cati] = $row["mas_cat_id"];
$mascatid[$cati]=$row["mas_cat_id"];
$cat_id[$cati] = $row["cat_id"];
WHILE ($mas_cat_id[$cati] > 0):
$newquery = "SELECT * FROM $cattable WHERE cat_id = $mas_cat_id[$cati]";
$newresult = db_query($newquery,$conn);
$newrow = db_fetch_array($newresult,$nr);
$mas_cat_id[$cati] = $newrow["mas_cat_id"];
$cat2 = $newrow["name"];
$category[$cati] = $cat2 . "/" . $category[$cati];
ENDWHILE;
$cati ++;
ENDWHILE;
asort($category);
$catlist = "<SELECT NAME=$catselect><OPTION VALUE=''>---";
for(reset($category); $key = key($category); next($category)) {
if ($cat == $cat_id[$key]){
$catlist= $catlist . "<OPTION VALUE = '$cat_id[$key]' SELECTED>$category[$key]";
}
else{
$catlist= $catlist . "<OPTION VALUE = '$cat_id[$key]'>$category[$key]";
}
}
$catlist = $catlist . "</SELECT>";
$catlist = $catlist . "</CENTER>";
ENDIF;
return($catlist);
}
################################################
SessionID
Expects Length (optional)
Returns Session ID
################################################
function SessionID($length=8)
{
$Pool = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$Pool .= "abcdefghijklmnopqrstuvwxyz";
for ($index = 0; $index < $length; $index++)
{
$sid .=substr($Pool,
(rand()%(strlen($Pool))), 1);
}
return($sid);
}
################################################
Create Session
Expects: Username, password, session
Returns: valid Session
################################################
function CreateSession($uname,$password,$session2){
include ("var.php3");
$conn = db_connect($db_hostname,$db_username,$db_password,$db_name);
srand(time());
$query = "DELETE FROM $ds_session WHERE lastaction < '" . date("Y-m-d H:i:s", (time()-10800)) . "'";
$db_result = db_query($query,$conn);
if (isset($session2))
{
$query = "SELECT * FROM $ds_session WHERE ID='$session2'";
$mysql_query = db_query($query,$conn);
if(db_num_rows($mysql_query))
{
$query = "UPDATE $ds_session SET lastaction = now() WHERE ID='$session2'";
db_query($query,$conn);
}
else
{
print "Bad Session ID ($session2)";
$session2 = "";
}
}
else {
$session2 = SessionID(8);
$query = "SELECT uid FROM $usertable WHERE uname='$uname' AND password=encode('$password','$encstr')";
$result = db_query($query,$conn);
if (db_num_rows($result)){
$row = db_fetch_array($result,"");
$uid = $row["uid"];
$query = "INSERT INTO $ds_session VALUES ('$session2', now(),$uid)";
db_query($query,$conn);
}
else {
print "Bad Login. Please Try Again.";
}
}
if ($session2 == ""){
$query = "SELECT uid FROM $usertable WHERE uname='$uname' AND password=encode('$password','$encstr')";
$result = db_query($query,$conn);
if (db_num_rows($result)){
$row = db_fetch_array($result,"");
$uid = $row["uid"];
$session2 = SessionID(8);
$query = "INSERT INTO $ds_session VALUES ('$session2', now(), $uid)";
db_query($query,$conn);
}
else {
print "Bad Login. Please Try Again.";
}
}
return($session2);
}
################################################
Create administrative session
Expects: Username, password, session
Returns: Admin Session
################################################
function CreateAdminSession($uname,$password,$session2){
include ("admininc.php3");
$conn = db_connect($db_hostname,$db_username,$db_password,$db_name);
srand(time());
$query = "DELETE FROM $ds_session WHERE lastaction < '" . date("Y-m-d H:i:s", (time()-10800)) . "'";
$db_result = db_query($query,$conn);
if (isset($session2))
{
$query = "SELECT * FROM $ds_session WHERE ID='$session2'";
$mysql_query = db_query($query,$conn);
if(db_num_rows($mysql_query))
{
$query = "UPDATE $ds_session SET lastaction = now() WHERE ID='$session2'";
db_query($query,$conn);
}
else
{
print "Bad Session ID ($session2)";
$session2 = "";
}
}
else {
$session2 = SessionID(8);
$query = "SELECT id FROM $admintable WHERE uname='$uname' AND password=encode('$password','$encstr')";
$result = db_query($query,$conn);
if (db_num_rows($result)){
$row = db_fetch_array($result,"");
$id = $row["id"];
$query = "INSERT INTO $ds_session VALUES ('$session2', now(),$id)";
db_query($query,$conn);
}
else {
print "Bad Login. Please Try Again.";
}
}
if ($session2 == ""){
$query = "SELECT id FROM $admintable WHERE uname='$uname' AND password=encode('$password','$encstr')";
$result = db_query($query,$conn);
if (db_num_rows($result)){
$row = db_fetch_array($result,"");
$id = $row["id"];
$session2 = SessionID(8);
$query = "INSERT INTO $ds_session VALUES ('$session2', now(), $id)";
db_query($query,$conn);
}
else {
print "Bad Login. Please Try Again.";
}
}
return($session2);
}
################################################
Administrator get categories
Expects: Connection, category (optional),
Category Select Name (optional)
################################################
function admgetcats($conn,$cat="",$catselect ="category")
{
include ("admininc.php3");
$catsquery="SELECT * FROM $cattable";
$catsresult = db_query($catsquery,$conn);
$catsnumber = db_num_rows($catsresult);
$cati = 1;
IF ($catsnumber == 0) :
$catlist="no categories";
ELSEIF ($catsnumber > 0) :
WHILE ($row = db_fetch_array($catsresult,$nr)):
$category[$cati] = $row["name"];
$mas_cat_id[$cati] = $row["mas_cat_id"];
$mascatid[$cati]=$row["mas_cat_id"];
$cat_id[$cati] = $row["cat_id"];
WHILE ($mas_cat_id[$cati] > 0):
$newquery = "SELECT * FROM $cattable WHERE cat_id = $mas_cat_id[$cati]";
$newresult = db_query($newquery,$conn);
$newrow = db_fetch_array($newresult,$nr);
$mas_cat_id[$cati] = $newrow["mas_cat_id"];
$cat2 = $newrow["name"];
$category[$cati] = $cat2 . "/" . $category[$cati];
ENDWHILE;
$cati ++;
ENDWHILE;
asort($category);
$catlist = "<SELECT NAME=$catselect><OPTION VALUE=''>---";
for(reset($category); $key = key($category); next($category)) {
if ($cat == $cat_id[$key]){
$catlist= $catlist . "<OPTION VALUE = '$cat_id[$key]' SELECTED>$category[$key]";
}
else{
$catlist= $catlist . "<OPTION VALUE = '$cat_id[$key]'>$category[$key]";
}
}
$catlist = $catlist . "</SELECT>";
$catlist = $catlist . "</CENTER>";
ENDIF;
return($catlist);
}
Function GetLinks($query){
Global $linknum,$numnext,$tempurl, $url, $uname,$password,$grand_total,$keywords,$catlist,$catlist2,$catlist3,$description,$title,$cname,$cmail,$category,$category2,$category3,$reciplink,$id,$visits,$rookie,$vet,$getmail,$rating,$search,$number,$links,$links2,$previousnext,$votes,$adddate,$min_votes,$catlinks,$catlinks2,$catstr,$pathcategory,$numlinks,$cat_id,$catsel,$catsel1,$maxhighfly,$linkprint,$username,$catid,$catid2,$catid3,$maillink,$maildate,$mailfromperson,$mailfromaddress,$subject,$msgid,$body,$session,$msg,$uid,$categoryname,$ID,$conn;
include ("var.php3");
$result = db_query($query,$conn);
$xnumber = db_num_rows($result);
$numleft = $number - $linknum;
if ($numleft >= $maxlinkdisplay){
$numnext = $maxlinkdisplay;
}
else{
$numnext = $numleft;
}
$i=0;
################################################
Process the results
################################################
IF ($number == 0) :
ELSEIF ($number > 0) :
WHILE ($row = db_fetch_array($result,"")){
################################################
Pull in the parts of the result needed to
display
################################################
$id = $row["lid"];
$title = stripslashes ($row["title"]);
$url = $row["url"];
$description = stripslashes ($row ["description"]);
$adddate = $row["date"];
$visits = $row["visits"];
$rating = $row["rating"];
$votes = $row["votes"];
if ($id > 0){
$query = "SELECT did from $ds_details WHERE lid=$id AND commenttype='Comment'";
$commresult = db_query($query,$conn);
$numcoms = db_num_rows($commresult);
}
################################################
set up the rookie and vet tags if needed
################################################
if ($adddate > date("Y-m-d H:i:s", (time()-$timenew)-$timenew2-$timenew3))
{
$rookie="<small><sup class=\"rookie3\">New</sup></small>\n";
}
else {
$rookie = "";
}
if ($adddate > date("Y-m-d H:i:s", (time()-$timenew-$timenew2)))
{
$rookie="<small><sup class=\"rookie2\">Newer</sup></small>\n";
}
if ($adddate > date("Y-m-d H:i:s", (time()-$timenew)))
{
$rookie="<small><sup class=\"rookie\">Newest</sup></small>\n";
}
if ($visits >= $min_visits)
{
$vet = "<small><sup class=\"vet\">Vet</sup></small>";
}
else {
$vet = "";
}
################################################
link.php3 formats the results
################################################
include ("link.php3");
$i++;
}
return $links;
ENDIF;
}
Function PreviousNext($filename){
Global $linknum,$tempurl, $url, $uname,$password,$grand_total,$keywords,$catlist,$catlist2,$catlist3,$description,$title,$cname,$cmail,$category,$category2,$category3,$reciplink,$id,$visits,$rookie,$vet,$getmail,$rating,$search,$number,$links,$links2,$previousnext,$votes,$adddate,$min_votes,$catlinks,$catlinks2,$catstr,$pathcategory,$numlinks,$cat_id,$catsel,$catsel1,$maxhighfly,$linkprint,$username,$catid,$catid2,$catid3,$maillink,$maildate,$mailfromperson,$mailfromaddress,$subject,$msgid,$body,$session,$msg,$uid,$categoryname,$numnext,$ID;
include ("var.php3");
if ($linknum>$maxlinkdisplay){
$prevlink = $linknum-($maxlinkdisplay * 2);
$previousnext = "<A HREF=$filename&linknum=$prevlink>Previous <B>$maxlinkdisplay</B> Results</A>";
$side=" | ";
if ($linknum >= $number){
}
}
if ($linknum<$number){
if ($side != " | "){
$previousnext = "<A HREF=$filename&linknum=$linknum>Next <b>$numnext</b> Results</A>";
}
else {
$previousnext = $previousnext . $side . "<A HREF=$filename&linknum=$linknum>Next <b>$numnext</b> Results</A>";
}
}
return $previousnext;
}
Function GetLink($query){
Global $linknum,$numnext,$tempurl, $url, $uname,$password,$grand_total,$keywords,$catlist,$catlist2,$catlist3,$description,$title,$cname,$cmail,$category,$category2,$category3,$reciplink,$id,$visits,$rookie,$vet,$getmail,$rating,$search,$number,$links,$links2,$previousnext,$votes,$adddate,$min_votes,$catlinks,$catlinks2,$catstr,$pathcategory,$numlinks,$cat_id,$catsel,$catsel1,$maxhighfly,$linkprint,$username,$catid,$catid2,$catid3,$maillink,$maildate,$mailfromperson,$mailfromaddress,$subject,$msgid,$body,$session,$msg,$uid,$categoryname,$ID,$conn;
include ("var.php3");
$result = db_query($query,$conn);
$number = db_num_rows($result);
$i=0;
IF ($number == 0) :
ELSEIF ($number > 0) :
WHILE ($row = db_fetch_array($result,"")){
$id = $row["lid"];
$url = $row["url"];
$title = $row["title"];
$description = stripslashes ($row["description"]);
$adddate = $row["date"];
$visits = $row["visits"];
$rating = $row["rating"];
$votes = $row["votes"];
if ($adddate > date("Y-m-d H:i:s", (time()-$timenew)-$timenew2-$timenew3))
{
$rookie="<small><sup class=\"rookie3\">New</sup></small>\n";
}
else {
$rookie = "";
}
if ($adddate > date("Y-m-d H:i:s", (time()-$timenew-$timenew2)))
{
$rookie="<small><sup class=\"rookie2\">Newer</sup></small>\n";
}
if ($adddate > date("Y-m-d H:i:s", (time()-$timenew)))
{
$rookie="<small><sup class=\"rookie\">Newest</sup></small>\n";
}
if ($visits >= $min_visits)
{
$vet = "<small><sup class=\"vet\">Vet</sup></small>";
}
else {
$vet = "";
}
$i++;
}
$query = "SELECT * FROM $ds_details WHERE lid = $id AND commenttype='Comment'";
$result = db_query($query,$conn);
while ($row=db_fetch_array($result,$nr)){
$comments=$row["comments"];
$comdate = $row["date"];
$uname = $row["uname"];
$mail = $row["cmail"];
include("formatcomment.php3");
}
return $formatcomment;
ENDIF;
}
?>
