function checkUploaded($isUpload, $notUploadStr, $str, $correctStr, $messageCorrect, $messageWrong, $sanitize = TRUE) { if ($isUpload) { showMessage($str, $correctStr, $messageCorrect, $messageWrong); } else { if ($sanitize) { ?> <span class='text'><?php echo Database::sanitizeData($notUploadStr); ?> <span class='text'><?php } else { echo $notUploadStr; } } }
public static function searchCoursesByProfessor($searchFor) { $searchFor = Database::sanitizeData($searchFor); $args = array($searchFor . "%"); $conn = self::connect(); $stmt = $conn->prepare("SELECT * FROM Course WHERE instructor LIKE ? ORDER BY semester DESC,instructor ASC"); $stmt->execute($args); return $stmt->fetchAll(); }
?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Arizona Notes</title> <link rel="stylesheet" type="text/css" href="css/main.css"> <link rel="stylesheet" type="text/css" href="css/fonts.css"> </head> <body> <div class="darken_div"></div> <div class="main-logo"> <a href="index.php"> <img src="images/logo.png" height="90px" width=auto></a> </div> <article class="main-content"> <header> <p>Oops, something went wrong!</p> <div class='leftDiv'><?php echo Database::sanitizeData($error); ?> </div> </header> </article> </body> </html>
<?php require_once "./database.php"; require_once "./session.php"; /* This page handles uploading of blog posts. TODO: Need to secure this by making sure correct CSRF token was sent */ //if the user is not logged in, do not allow the upload to continue into database if (!Session::userLoggedIn()) { header("Location: login.php"); exit; } $req = $_POST; $needed = array("author", "title", "text", "token"); foreach ($needed as $key => $value) { if (!isset($req[$value])) { die("Missing {$value}"); } } if (!Session::verifyToken($req['token'])) { $str = urlencode("Request could not be handled, token does not match"); header("Location: admin.php?blog=true&uploaded={$str}"); exit; } $title = Database::sanitizeData($req['title']); $text = Database::sanitizeData($req['text']); $author = Database::sanitizeData($req['author']); Database::createBlogPost($author, $title, $text); header("Location: admin.php?blog=true&uploaded=yes"); exit;