diff --git a/inc/controllers/AdminController.class.php b/inc/controllers/AdminController.class.php
index dcbd41e..4059827 100644
--- a/inc/controllers/AdminController.class.php
+++ b/inc/controllers/AdminController.class.php
@@ -59,6 +59,7 @@ class AdminController extends Controller
if ($this->loadDependencies())
{
$this->loadModel('UsersModel');
+ get_clean('id', $this->db);
$user_info = $this->getModel('UsersModel')->getUserInformation($_GET['id'], true);
if ($user_info == null)
@@ -72,13 +73,13 @@ class AdminController extends Controller
if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
{
//secure pools
- $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
- $_POST['passwd'] = trim($_POST['passwd']);
- $_POST['passwd_confirm'] = trim($_POST['passwd_confirm']);
- $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
- $_POST['location'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['location'])));
- $_POST['signature'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['signature'])));
- $_POST['user_rank'] = trim(strip_tags($this->db->real_escape_string($_POST['user_rank'])));
+ post_clean('nick', $this->db, array('spchars'));
+ post_clean('passwd', $this->db, array());
+ post_clean('passwd_confirm', $this->db, array());
+ post_clean('email', $this->db);
+ post_clean('location', $this->db, array('spchars'));
+ post_clean('signature', $this->db, array('spchars'));
+ post_clean('user_rank', $this->db);
if ($_POST['passwd'] != '')
{
@@ -154,12 +155,11 @@ class AdminController extends Controller
}
}
- $_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : $user_info['nick'];
- $_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : $user_info['email'];
- $_POST['location'] = (isset($_POST['location'])) ? stripslashes($_POST['location']) : $user_info['location'];
- $_POST['signature'] = (isset($_POST['signature'])) ? stripslashes($_POST['signature']) : $user_info['signature'];
- $_POST['user_rank'] = (isset($_POST['user_rank'])) ? $_POST['user_rank'] : $user_info['rank'];
-
+ post_default('nick', $user_info['nick']);
+ post_default('email', $user_info['email']);
+ post_default('location', $user_info['location']);
+ post_default('signature', $user_info['signature']);
+ post_default('user_rank', $user_info['rank']);
$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
if (!isset($lockv))
@@ -193,10 +193,10 @@ class AdminController extends Controller
else
$_GET['rank'] = '';
- $_POST['sort_type'] = (isset($_POST['sort_type'])) ? $this->db->real_escape_string($_POST['sort_type']) : 'regdate';
+ post_default('sort_type', 'regdate');
$allowed_sorting = array('regdate', 'lastvisit', 'nick', 'post_count');
if (!in_array($_POST['sort_type'], $allowed_sorting))
- $_POST['sort_type'] = '';
+ $_POST['sort_type'] = 'regdate';
$_POST['sort_desc'] = (isset($_POST['sort_desc'])) ? 'DESC' : 'ASC';
$this->getView('MainView')->admin_userlist();
@@ -211,7 +211,7 @@ class AdminController extends Controller
$this->loadModel('UsersModel');
$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+ get_clean('id', $this->db);
$user_info = $this->getModel('UsersModel')->getUserInformation($_GET['id']);
if ($user_info == null)
@@ -228,7 +228,6 @@ class AdminController extends Controller
}
}
-
if (isset($_POST['confirmed']) && !isset($lockv))
{
if (!isset($_POST['rejected']))
@@ -258,8 +257,8 @@ class AdminController extends Controller
if (isset($_POST['forum_name'], $_POST['forum_desc']))
{
- $_POST['forum_name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['forum_name'])));
- $_POST['forum_desc'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['forum_desc'])));
+ post_clean('forum_name', $this->db, array('spchars'));
+ post_clean('forum_desc', $this->db, array('spchars'));
if (strlen($_POST['forum_name']) < 3)
{
@@ -289,8 +288,8 @@ class AdminController extends Controller
}
}
- $_POST['forum_name'] = (isset($_POST['forum_name'])) ? stripslashes($_POST['forum_name']) : $this->getModel('ConfigModel')->getConf('forum_name');
- $_POST['forum_desc'] = (isset($_POST['forum_desc'])) ? stripslashes($_POST['forum_desc']) : $this->getModel('ConfigModel')->getConf('forum_desc');
+ post_default('forum_name', $this->getModel('ConfigModel')->getConf('forum_name'));
+ post_default('forum_desc', $this->getModel('ConfigModel')->getConf('forum_desc'));
if (!isset($lockv))
{
$this->getView('MainView')->admin_config($msg);
@@ -343,7 +342,8 @@ class AdminController extends Controller
if ($this->loadDependencies())
{
$this->loadModel('ForumsModel');
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+ get_clean('id', $this->db);
+
$forum_info = $this->getModel('ForumsModel')->getForum($_GET['id']);
if ($forum_info == null)
@@ -375,7 +375,8 @@ class AdminController extends Controller
if ($this->loadDependencies())
{
$this->loadModel('ForumsModel');
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+
+ get_clean('id', $this->db);
$cat_info = $this->getModel('ForumsModel')->getCat($_GET['id']);
if ($cat_info == null)
@@ -410,7 +411,7 @@ class AdminController extends Controller
if ($m == 'edit')
{
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+ get_clean('id', $this->db);
$cat_info = $this->getModel('ForumsModel')->getCat($_GET['id']);
if ($cat_info == null)
@@ -423,7 +424,7 @@ class AdminController extends Controller
if (isset($_POST['name']) && !isset($lockv))
{
- $_POST['name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['name'])));
+ post_clean('name', $this->db, array('spchars'));
if (strlen($_POST['name']) < 3)
$msg .= 'Category name is too short (min 3 characters)!
';
@@ -446,10 +447,7 @@ class AdminController extends Controller
if (!isset($lockv))
{
- if ($m == 'add')
- $_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : '';
- else
- $_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : $cat_info['name'];
+ post_default('name', ($m == 'add') ? '' : $cat_info['name']);
$this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
$this->getView('MainView')->admin_cat_form($msg, $m);
@@ -464,7 +462,7 @@ class AdminController extends Controller
if ($m == 'edit')
{
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+ get_cat('id', $this->db);
$forum_info = $this->getModel('ForumsModel')->getForum($_GET['id']);
if ($forum_info == null)
@@ -477,10 +475,10 @@ class AdminController extends Controller
if (isset($_POST['name']) && !isset($lockv))
{
- $_POST['name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['name'])));
- $_POST['desc'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['desc'])));
- $_POST['category_id'] = trim(strip_tags($this->db->real_escape_string($_POST['category_id'])));
- $_POST['locked'] = trim(strip_tags($this->db->real_escape_string($_POST['locked'])));
+ post_clean('name', $this->db, array('spchars'));
+ post_clean('desc', $this->db, array('spchars'));
+ post_clean('category_id', $this->db);
+ post_clean('locked', $this->db);
$_POST['locked'] = ($_POST['locked'] == true) ? true : false;
if (strlen($_POST['name']) < 3)
@@ -510,20 +508,10 @@ class AdminController extends Controller
if (!isset($lockv))
{
- if ($m == 'add')
- {
- $_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : '';
- $_POST['desc'] = (isset($_POST['desc'])) ? stripslashes($_POST['desc']) : '';
- $_POST['category_id'] = (isset($_POST['category_id'])) ? $_POST['category_id'] : '';
- $_POST['locked'] = (isset($_POST['locked'])) ? $_POST['locked'] : '';
- }
- else
- {
- $_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : $forum_info['name'];
- $_POST['desc'] = (isset($_POST['desc'])) ? stripslashes($_POST['desc']) : $forum_info['desc'];
- $_POST['category_id'] = (isset($_POST['category_id'])) ? $_POST['category_id'] : $forum_info['category_id'];
- $_POST['locked'] = (isset($_POST['locked'])) ? $_POST['locked'] : $forum_info['locked'];
- }
+ post_default('name', ($m == 'add') ? '' : $forum_info['name']);
+ post_default('desc', ($m == 'add') ? '' : $forum_info['desc']);
+ post_default('category_id', ($m == 'add') ? '' : $forum_info['category_id']);
+ post_default('locked', ($m == 'add') ? '' : $forum_info['locked']);
$this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
$this->getView('MainView')->admin_forum_form($msg, $m);
@@ -541,7 +529,8 @@ class AdminController extends Controller
if ($this->loadDependencies())
{
$this->loadModel('BansModel');
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+
+ get_clean('id', $this->db);
$ban_info = $this->getModel('BansModel')->getBan($_GET['id']);
if ($ban_info == null)
@@ -579,8 +568,8 @@ class AdminController extends Controller
if (isset($_POST['user_id'], $_POST['reason']))
{
- $_POST['user_id'] = trim(strip_tags($this->db->real_escape_string($_POST['user_id'])));
- $_POST['reason'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['reason'])));
+ post_clean('user_id', $this->db);
+ post_clean('reason', $this->db, array('spchars'));
if ($_POST['user_id'] == $this->getModel('SessionModel')->getID())
$msg .= 'You cannot ban your profile!
';
@@ -601,8 +590,8 @@ class AdminController extends Controller
if (!isset($lockv))
{
- $_POST['user_id'] = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
- $_POST['reason'] = (isset($_POST['reason'])) ? stripslashes($_POST['reason']) : '';
+ post_default('user_id', '');
+ post_default('reason', '');
$this->getView('MainView')->admin_ban_form($msg);
}
diff --git a/inc/controllers/MainController.class.php b/inc/controllers/MainController.class.php
index 4d9705e..b1a4bf6 100644
--- a/inc/controllers/MainController.class.php
+++ b/inc/controllers/MainController.class.php
@@ -49,7 +49,7 @@ class MainController extends Controller
$this->loadModel('ForumsModel');
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+ get_clean('id', $this->db);
$f = $this->getModel('ForumsModel')->getForum($_GET['id']);
@@ -87,10 +87,10 @@ class MainController extends Controller
else
$_GET['rank'] = '';
- $_POST['sort_type'] = (isset($_POST['sort_type'])) ? $this->db->real_escape_string($_POST['sort_type']) : 'regdate';
+ post_default('sort_type', 'regdate');
$allowed_sorting = array('regdate', 'lastvisit', 'nick', 'post_count');
if (!in_array($_POST['sort_type'], $allowed_sorting))
- $_POST['sort_type'] = '';
+ $_POST['sort_type'] = 'regdate';
$_POST['sort_desc'] = (isset($_POST['sort_desc'])) ? 'DESC' : 'ASC';
$this->getView('MainView')->userlist();
@@ -99,11 +99,9 @@ class MainController extends Controller
public function viewtopic()
{
$this->loadDependencies();
-
$this->loadModel('PostsModel');
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
-
+ get_clean('id', $this->db);
$t = $this->getModel('PostsModel')->getTopic($_GET['id']);
if ($t == null)
@@ -141,8 +139,8 @@ class MainController extends Controller
$this->loadModel('PostsModel');
$this->loadModel('ForumsModel');
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
- $_GET['submode'] = (isset($_GET['submode'])) ? trim(strip_tags($this->db->real_escape_string($_GET['submode']))) : 0;
+ get_clean('id', $this->db);
+ get_clean('submode', $this->db, false);
if (!$this->getModel('SessionModel')->isLogged())
{
@@ -210,13 +208,11 @@ class MainController extends Controller
case 'deletepost':
$this->getModel('PostsModel')->deletePost($_GET['id']);
$this->getView('MainView')->forum_message('Post deleted. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$p['topic_id']));
- $lockv = true;
break;
case 'deletetopic':
$this->getModel('PostsModel')->deleteTopic($_GET['id']);
$this->getView('MainView')->forum_message('Topic deleted. Redirecting...', buildURL('index.php?mode=viewforum&id='.$t['forum_id']));
- $lockv = true;
break;
case 'locktopic':
@@ -230,8 +226,8 @@ class MainController extends Controller
$this->getModel('PostsModel')->lockTopic($_GET['id'], false);
$this->getView('MainView')->forum_message('Topic unlocked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
}
- $lockv = true;
break;
+
case 'sticktopic':
if ($t['topic_sticky'] == false)
{
@@ -243,8 +239,8 @@ class MainController extends Controller
$this->getModel('PostsModel')->stickTopic($_GET['id'], false);
$this->getView('MainView')->forum_message('Topic unsticked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
}
- $lockv = true;
break;
+
case 'movetopic':
if ($this->getModel('ForumsModel')->getForum($_POST['forum_id']) == null)
$this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
@@ -253,10 +249,10 @@ class MainController extends Controller
$this->getModel('PostsModel')->moveTopic($_GET['id'], $_POST['forum_id']);
$this->getView('MainView')->forum_message('Topic moved. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
}
- $lockv = true;
- break;
+ break;
}
+ $lockv = true;
}
else
{
@@ -307,12 +303,11 @@ class MainController extends Controller
public function posting($type)
{
$this->loadDependencies();
- $msg = '';
-
$this->loadModel('PostsModel');
$this->loadModel('ForumsModel');
-
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+
+ $msg = '';
+ get_clean('id', $this->db);
if (!$this->getModel('SessionModel')->isLogged())
{
@@ -365,7 +360,7 @@ class MainController extends Controller
if ($type == POSTING_QUOTE)
{
- $_GET['q'] = (isset($_GET['q'])) ? trim(strip_tags($this->db->real_escape_string($_GET['q']))) : 0;
+ get_clean('q', $this->db);
$qp = $this->getModel('PostsModel')->getPost($_GET['q']);
if ($qp == null)
@@ -425,11 +420,11 @@ class MainController extends Controller
//posting a HTML form --------------------------------------------------------------------------------
if (isset($_POST['post']) && !isset($_POST['preview']) && !isset($lockv))
{
- $_POST['post'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['post'])));
+ post_clean('post', $this->db, array('spchars'));
if ($type == POSTING_NEWTOPIC || $type == POSTING_EDITTOPIC) //walidacja tytułu tematu (add, edit)
{
- $_POST['topic'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['topic'])));
+ post_clean('topic', $this->db, array('spchars'));
if (strlen($_POST['topic']) < 3)
$msg .= 'Topic title is too short (min 3 characters)
';
@@ -481,23 +476,23 @@ class MainController extends Controller
{
case POSTING_NEWTOPIC:
case POSTING_REPLY:
- $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : '';
+ post_default('post', '');
break;
case POSTING_EDITTOPIC:
- $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : $p['content'];
- $_POST['topic'] = (isset($_POST['topic'])) ? stripslashes($_POST['topic']) : $t['topic_title'];
+ post_default('post', $p['content']);
+ post_default('topic', $t['topic_title']);
break;
case POSTING_EDIT:
- $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : $p['content'];
+ post_default('post', $p['content']);
break;
case POSTING_QUOTE:
$quote = ($qp['nick'] != null) ? '='.$qp['nick'] : '';
- $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : '[quote'.$quote.']'.$qp['content'].'[/quote]';
+ post_default('post', '[quote'.$quote.']'.$qp['content'].'[/quote]');
break;
}
if ($type == POSTING_NEWTOPIC)
- $_POST['topic'] = (isset($_POST['topic'])) ? stripslashes($_POST['topic']) : '';
+ post_default('topic', '');
$this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel'));
$this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
@@ -522,7 +517,7 @@ class MainController extends Controller
$this->loadModel('UsersModel');
$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
- $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
+ get_clean('id', $this->db);
if ($this->getModel('UsersModel')->getUserInformation($_GET['id']) == null)
$this->getView('MainView')->forum_message('User does not exist!', buildURL('index.php'));
@@ -548,13 +543,13 @@ class MainController extends Controller
if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
{
//secure pools
- $_POST['nick'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['nick'])));
- $_POST['passwd_old'] = trim($_POST['passwd_old']);
- $_POST['passwd'] = trim($_POST['passwd']);
- $_POST['passwd_confirm'] = trim($_POST['passwd_confirm']);
- $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
- $_POST['location'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['location'])));
- $_POST['signature'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['signature'])));
+ post_clean('nick', $this->db, array('spchars'));
+ post_clean('passwd_old', $this->db, array());
+ post_clean('passwd', $this->db, array());
+ post_clean('passwd_confirm', $this->db, array());
+ post_clean('email', $this->db);
+ post_clean('location', $this->db, array('spchars'));
+ post_clean('signature', $this->db, array('spchars'));
if ($_POST['email'] != $user_info['email'] || $_POST['passwd'] != '')
{
@@ -619,10 +614,10 @@ class MainController extends Controller
}
}
- $_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : $user_info['nick'];
- $_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : $user_info['email'];
- $_POST['location'] = (isset($_POST['location'])) ? stripslashes($_POST['location']) : $user_info['location'];
- $_POST['signature'] = (isset($_POST['signature'])) ? stripslashes($_POST['signature']) : $user_info['signature'];
+ post_default('nick', $user_info['nick']);
+ post_default('email', $user_info['email']);
+ post_default('location', $user_info['location']);
+ post_default('signature', $user_info['signature']);
$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
@@ -656,7 +651,7 @@ class MainController extends Controller
if (isset($_POST['nick'], $_POST['passwd']))
{
//secure pools
- $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
+ post_clean('nick', $this->db);
$_POST['passwd'] = $this->getModel('UsersModel')->generatePasswordHash($_POST['nick'], trim($this->db->real_escape_string($_POST['passwd'])));
$userinfo = $this->getModel('SessionModel')->tryGetUser($_POST['nick'], $_POST['passwd']);
@@ -682,7 +677,7 @@ class MainController extends Controller
}
}
- $_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : '';
+ post_default('nick', '');
if (!isset($lockv))
$this->getView('MainView')->login_form($msg);
}
@@ -699,10 +694,10 @@ class MainController extends Controller
if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
{
//secure pools
- $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
- $_POST['passwd'] = trim($_POST['passwd']);
- $_POST['passwd_confirm'] = trim($_POST['passwd_confirm']);
- $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
+ post_clean('nick', $this->db);
+ post_clean('passwd', $this->db, array());
+ post_clean('passwd_confirm', $this->db, array());
+ post_clean('email', $this->db);
if (strlen($_POST['nick']) < 3)
$msg .= 'Nick is too short (min 3 characters)
';
@@ -727,9 +722,8 @@ class MainController extends Controller
}
}
- $_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : '';
- $_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : '';
-
+ post_default('nick', '');
+ post_default('email', '');
if (!isset($lockv))
$this->getView('MainView')->register_form($msg);
}
diff --git a/inc/misc_functions.php b/inc/misc_functions.php
index 466f0d9..da1b964 100644
--- a/inc/misc_functions.php
+++ b/inc/misc_functions.php
@@ -26,23 +26,45 @@ function post_default($key, $default='')
$_POST[$key] = (isset($_POST[$key])) ? stripslashes($_POST[$key]) : $default;
}
-function clean_input(&$input, $dbobj, $opts = null)
+function input_clean(&$input, &$dbobj, $opts = null)
{
$input = trim($input);
- $input = $dbobj->real_escape_string($input);
if ($opts != null)
{
if (in_array('spchars', $opts)) //special chars
$input = htmlspecialchars($input);
+ if (in_array('strip', $opts)) //strip tags
+ $input = strip_tags($input);
+
if (in_array('nnegint', $opts)) //non-negative integer
{
$int_options = array('options' => array('min_range' => 0));
- $input = var_dump(filter_var($input, FILTER_VALIDATE_INT, $int_options));
+ $input = filter_var($input, FILTER_VALIDATE_INT, $int_options);
}
}
else
$input = strip_tags($input);
+
+ $input = $dbobj->real_escape_string($input);
+}
+
+function post_clean($key, &$dbobj, $opts)
+{
+ input_clean($_POST[$key], $dbobj, $opts);
+}
+
+function get_clean($key, &$dbobj, $intval = true)
+{
+ if (array_key_exists($key, $_GET))
+ {
+ $opts = ($intval) ? array('strip', 'nnegint') : null;
+ input_clean($_GET[$key], $dbobj, $opts);
+ }
+ else
+ {
+ $_GET[$key] = ($intval) ? 0 : '';
+ }
}
?>
\ No newline at end of file