Search results
Prepared statements
ResourceSpace, an open-source digital asset management software, has announced that all new code must use prepared statements for any SQL execution. The new functions ps_query(), ps_array() and ps_value() replace functions sql_query(), sql_array() and sql_value() respectively.
sql_query_prepared()
Developer reference for function sql_query_prepared()
process_if_statements()
Developer reference for function process_if_statements()
Coding standards v1.3
The article provides coding standards for developers working on the ResourceSpace project. The standards cover various aspects of coding, including security, documentation, functionality, PHP version, MySQL strict mode, backward compatibility, file format, coding style, indentation, line length, control structures, function calls, function definitions, MySQL statements, readability of code blocks, returning early, and avoiding cross-site scripting vulnerabilities.
Injection
Injection attacks are a type of attack vector that occur when an attacker can send hostile data to an interpreter as part of a command or query, which alters the execution of that program. The most common injection flaws are cross-site scripting (XSS), SQL injections (SQLi), command injections which can lead to remote code execution (RCE) vulnerabilities, and LDAP injections.
do_report()
Developer reference for function do_report()
remove_config_option()
Description Remove system/user preferences Parameters Column Type Default Description $user_id ?int Database user ID $name: string $name string Configuration option (variable) name Location include/config_functions.
get_user_requests()
Developer reference for function get_user_requests()
get_requests()
Developer reference for function get_requests()
managed_collection_request()
Developer reference for function managed_collection_request()
get_resource_log()
Developer reference for function get_resource_log()
get_alternative_files()
Developer reference for function get_alternative_files()
get_advanced_search_fields()
Developer reference for function get_advanced_search_fields()
search_filter()
Developer reference for function search_filter()
search_special()
Developer reference for function search_special()
get_filter_sql()
Developer reference for function get_filter_sql()
validate_user()
Developer reference for function validate_user()
get_users()
Developer reference for function get_users()
sql_null_or_val()
Developer reference for function sql_null_or_val()
ps_query()
Description Execute a prepared statement and return the results as an array. Parameters Column Type Default Description $sql string The SQL to execute $parameters string array An array of parameters used in the SQL in the order: type, value, type, value.
fetch_assoc_stmt()
Description Fetches the results of a prepared statement as an array of associative arrays such that each stored array is keyed by the result's column names. Parameters Column Type Default Description $stmt \mysqli_stmt $buffer true $fetchrows -1 Must stmt have been successfully prepared and executed prior to calling this function Whether buffer to buffer the result set; if true, results are freed at end of function The fetchrows maximum numbers of rows to return; results will be truncated if necessary Return An array, possibly empty, containing one associative array per result row OR true if there was no result set.
sql_limit_with_total_count()
The article describes a utility function called `sql_limit_with_total_count()` that is used to obtain the total number of rows found while paginating the results. The function requires a deterministic order in the input query to help with performance and avoid undefined behavior.
get_tabs_with_usage_count()
The get_tabs_with_usage_count() function is used to retrieve tabs based on certain criteria, such as order by and limit. The function takes an array of criteria information as a parameter, including the order by and limit values.
updateAnnotation()
Developer reference for function updateAnnotation()
errorhandler()
Developer reference for function errorhandler()
escape_check()
Developer reference for function escape_check()
featured_collections_permissions_filter_sql()
Developer reference for function featured_collections_permissions_filter_sql()
ps_param_insert()
Description When constructing prepared statements and using e.g. ref in (some list of values), assists in outputting the correct number of parameters. Parameters Column Type Default Description $count integer How many parameters to insert, e.
ps_param_fill()
Description When constructing prepared statements and using e.g. ref in (some list of values), assists in preparing the parameter array. Parameters Column Type Default Description $array array The input array, to prepare for output.
columns_in()
The `columns_in()` function is a PHP function used in ResourceSpace, a digital asset management system. It returns a comma-separated list of table columns from a given table, with the option to use an alias instead of the table name to prefix the columns.
get_user_actions()
Developer reference for function get_user_actions()
createAnnotation()
Developer reference for function createAnnotation()
process_template()
Developer reference for function process_template()
prepareTags()
Developer reference for function prepareTags()
get_collection_log()
Developer reference for function get_collection_log()
db_begin_transaction()
Developer reference for function db_begin_transaction()
prepareFaceImage()
Developer reference for function prepareFaceImage()
faceRecognizerPredict()
Developer reference for function faceRecognizerPredict()
job_queue_get_jobs()
Developer reference for function job_queue_get_jobs()
get_activity_log()
Developer reference for function get_activity_log()
generate_pdf()
Developer reference for function generate_pdf()