improved data filtering in controllers
This commit is contained in:
@@ -26,23 +26,45 @@ function post_default($key, $default='')
|
||||
$_POST[$key] = (isset($_POST[$key])) ? stripslashes($_POST[$key]) : $default;
|
||||
}
|
||||
|
||||
function clean_input(&$input, $dbobj, $opts = null)
|
||||
function input_clean(&$input, &$dbobj, $opts = null)
|
||||
{
|
||||
$input = trim($input);
|
||||
$input = $dbobj->real_escape_string($input);
|
||||
|
||||
if ($opts != null)
|
||||
{
|
||||
if (in_array('spchars', $opts)) //special chars
|
||||
$input = htmlspecialchars($input);
|
||||
|
||||
if (in_array('strip', $opts)) //strip tags
|
||||
$input = strip_tags($input);
|
||||
|
||||
if (in_array('nnegint', $opts)) //non-negative integer
|
||||
{
|
||||
$int_options = array('options' => array('min_range' => 0));
|
||||
$input = var_dump(filter_var($input, FILTER_VALIDATE_INT, $int_options));
|
||||
$input = filter_var($input, FILTER_VALIDATE_INT, $int_options);
|
||||
}
|
||||
}
|
||||
else
|
||||
$input = strip_tags($input);
|
||||
|
||||
$input = $dbobj->real_escape_string($input);
|
||||
}
|
||||
|
||||
function post_clean($key, &$dbobj, $opts)
|
||||
{
|
||||
input_clean($_POST[$key], $dbobj, $opts);
|
||||
}
|
||||
|
||||
function get_clean($key, &$dbobj, $intval = true)
|
||||
{
|
||||
if (array_key_exists($key, $_GET))
|
||||
{
|
||||
$opts = ($intval) ? array('strip', 'nnegint') : null;
|
||||
input_clean($_GET[$key], $dbobj, $opts);
|
||||
}
|
||||
else
|
||||
{
|
||||
$_GET[$key] = ($intval) ? 0 : '';
|
||||
}
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user