function inserDatosCsv2($dbObject, $distrito_, $nombre_, $latitud_, $longitud_) { $query = "INSERT INTO pruebaleercsv (distrito,nombre,latitud,longitud) VALUES (?,?,?,?)"; $stmt = $dbObject->prepare($query); //$stmt->param('isss',NULL,$uName,$uPass,NULL); asi tambien funciona $stmt->bind_param('ssdd', $distrito, $nombre, $latitud, $longitud); $distrito = cleanSQL($distrito_, $dbObject); $nombre = cleanSQL($nombre_, $dbObject); $latitud = cleanSQL($latitud_, $dbObject); $longitud = cleanSQL($longitud_, $dbObject); $stmt->execute(); $elIdDeLaFilaInsertada = $stmt->insert_id; //MUY UTIL!!!!!!!!!! tener el ID de la fila insertada $stmt->close(); return $elIdDeLaFilaInsertada; }
} //---------------------Security Fix + load SQLLib---------------- require_once 'libs/db_lib.php'; // Try to globally fix security vulnerabilities (very dirty way..) require_once 'libs/valid_lib.php'; $sqlm = new SQL(); //mysql_real_escape_string needs a sql connection $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); foreach ($_POST as $key => $value) { $_POST[$key] = cleanSQL($value); } foreach ($_GET as $key => $value) { $_GET[$key] = cleanSQL($value); } foreach ($_COOKIE as $key => $value) { $_COOKIE[$key] = cleanSQL($value); } $sqlm->close(); unset($sqlm); // End //---------------------Loading User Theme and Language Settings---------------- if (isset($_COOKIE['theme'])) { if (is_dir('themes/' . $_COOKIE['theme'])) { if (is_file('themes/' . $_COOKIE['theme'] . '/' . $_COOKIE['theme'] . '_1024.css')) { $theme = $_COOKIE['theme']; } } } if (isset($_COOKIE['lang'])) { $lang = $_COOKIE['lang']; if (file_exists('lang/' . $lang . '.php')) {
function RemoveXSS($val) { if ($val != "") { global $XSS_cache; if (!empty($XSS_cache) && array_key_exists($val, $XSS_cache)) { return $XSS_cache[$val]; } $source = html_entity_decode($val, ENT_QUOTES, 'ISO-8859-1'); $source = preg_replace('/&#(\\d+);/me', 'chr(\\1)', $source); $source = preg_replace('/&#x([a-f0-9]+);/mei', 'chr(0x\\1)', $source); while ($source != filterTags($source)) { $source = filterTags($source); } $source = nl2br($source); $XSS_cache[$val] = $source; return $source; } return cleanSQL($val); }