Mercurial > hg > ywww
comparison php/read/getBookDetails.php @ 25:828895488948
more db column protection
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Tue, 01 Jan 2019 07:30:05 -0500 |
| parents | d606320ec331 |
| children | b058736bc9ad |
comparison
equal
deleted
inserted
replaced
| 24:341d8c681357 | 25:828895488948 |
|---|---|
| 285 $publisher = $xml->Items->Item->ItemAttributes->Publisher; | 285 $publisher = $xml->Items->Item->ItemAttributes->Publisher; |
| 286 restore_error_handler(); | 286 restore_error_handler(); |
| 287 if ($publisher and strlen($publisher)>30) { | 287 if ($publisher and strlen($publisher)>30) { |
| 288 $publisher=substr($publisher,0,30); | 288 $publisher=substr($publisher,0,30); |
| 289 } | 289 } |
| 290 if ($author and strlen($author)>30) { | |
| 291 $author=substr($author,0,30); | |
| 292 } | |
| 290 if ($title and strlen($title)>100) { | 293 if ($title and strlen($title)>100) { |
| 291 $title=substr($title,0,100); | 294 $title=substr($title,0,100); |
| 292 } | 295 } |
| 293 $publisher=mysqli_real_escape_string($link,$publisher); | 296 $publisher=mysqli_real_escape_string($link,$publisher); |
| 297 $author=mysqli_real_escape_string($link,$author); | |
| 294 $title=mysqli_real_escape_string($link,$title); | 298 $title=mysqli_real_escape_string($link,$title); |
| 295 if (strlen($pubDate)==4) { $pubDate=$pubDate."-01-01";} | 299 if (strlen($pubDate)==4) { $pubDate=$pubDate."-01-01";} |
| 296 if (strlen($pubDate)==7) { $pubDate=$pubDate."-01";} | 300 if (strlen($pubDate)==7) { $pubDate=$pubDate."-01";} |
| 301 if (strlen($pubDate)==0) { | |
| 302 $pubDate="null"; | |
| 303 } | |
| 304 else { | |
| 305 $pubDate="\"$pubDate\""; | |
| 306 } | |
| 297 /*echo $title; | 307 /*echo $title; |
| 298 echo $author; | 308 echo $author; |
| 299 echo $binding; | 309 echo $binding; |
| 300 echo $dewey; | 310 echo $dewey; |
| 301 echo $imageURL; | 311 echo $imageURL; |
| 361 | 371 |
| 362 mysqli_close($link); //do not remove. reset is needed otherwise mysqli_fetch_array doesn't work after first loop | 372 mysqli_close($link); //do not remove. reset is needed otherwise mysqli_fetch_array doesn't work after first loop |
| 363 include "../../../private/db.php"; | 373 include "../../../private/db.php"; |
| 364 | 374 |
| 365 $title = strtr($title, '"', "'"); | 375 $title = strtr($title, '"', "'"); |
| 366 $queryInsert = "CALL b_addNewBook(\"$isbn\",\"$title\", \"$author\",\"$binding\",\"$imageURL\", $dewey, $salesRank,\"$pubDate\",\"$publisher\",$g1,$g2,$g3,$loc)"; | 376 $queryInsert = "CALL b_addNewBook(\"$isbn\",\"$title\", \"$author\",\"$binding\",\"$imageURL\", $dewey, $salesRank,$pubDate,\"$publisher\",$g1,$g2,$g3,$loc)"; |
| 367 //echo $queryInsert; | 377 //echo $queryInsert; |
| 368 | 378 |
| 369 $res = mysqli_query($link, $queryInsert); | 379 $res = mysqli_query($link, $queryInsert); |
| 370 if (!$res) { | 380 if (!$res) { |
| 371 $err=mysqli_error( $link ); | 381 $err=mysqli_error( $link ); |