function filterData($data) { foreach ($data as $index => $item) { if ($item == 'red' && is_object($data)) { return array(); } if (is_object($item) || is_array($item)) { if (is_object($data)) { $data->{$index} = filterData($item); } elseif (is_array($data)) { $data[$index] = filterData($item); } } } return $data; }
This file: Process the forms from the index.php. Calls to the APIs. ================================================ */ include 'admin.class.php'; include 'treatment.class.php'; include 'billing.class.php'; include 'common.php'; include 'header.php'; // Decide which form we're processing if (array_key_exists('submit', $_POST)) { $action = $_POST['form_action']; $data = filterData($_POST); switch ($action) { // Admin Module 1 case 'addPatient': $a = new Admin(); if ($a->addPatient($data)) { header('Location: index.php?admin&success=a'); } else { printError("Failed to add a new patient."); } break; case 'updatePatient': $a = new Admin(); if ($a->updatePatient($data)) { header('Location: index.php?admin&success=a'); } else {
<?php header('Location: update-record.php'); require '../mysqli_connect.php'; // basic form input sanitazation function filterData($data) { $data = trim(strip_tags($data)); return $data; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!empty($_POST['title'])) { $title = filterData($_POST['title']); } else { $title = null; } if (!empty($_POST['article'])) { $article = filterData($_POST['article']); } else { $article = null; } } $query = "INSERT INTO article_info (title, article) VALUES ('{$title}', '{$article}')"; $respond = mysqli_query($dbc, $query); if ($respond) { echo "wihu"; } else { echo "error :/"; } mysqli_close($dbc);
$rows = GetUsers($config); switch ($config['adapter']) { case 'Mysql': foreach ($rows as $val) { $keys[] = $val['iduser']; } $content = RenderView($router, array('rows' => $rows, 'ids' => $keys)); break; case 'Txt': $content = RenderView($router, array('rows' => $rows, 'ids' => array_keys($rows))); break; } break; case 'insert': if ($_POST) { $data = filterData($_POST, $formdef); $validate = validateData($data, $formdef); if ($validate['result'] === true) { InsertUser($config, $_POST, $userfilename); // saltar a tabla header("Location: /user/select"); } else { $content = RenderView($router, array('data' => $_POST, 'config' => $config, 'validation' => $validate)); } } else { $rows = GetUsers($config); $content = RenderView($router, array('rows' => $rows, 'config' => $config)); } break; case 'update': if ($_POST) {
<?php define('PERPAGE', 10); //rewiew: 检查是否去掉 define('RUN_IN', 'FRONT_END'); error_reporting(E_ALL & ~(E_STRICT | E_NOTICE | E_WARNING)); ob_start(); if (!file_exists('config/config.php') || !(require 'config/config.php')) { header('Location: install/'); exit; } ob_end_clean(); define('CORE_INCLUDE_DIR', CORE_DIR . ((!defined('SHOP_DEVELOPER') || !constant('SHOP_DEVELOPER')) && version_compare(PHP_VERSION, '5.0', '>=') ? '/include_v5' : '/include')); if (isset($_GET['cron']) && $_GET['cron']) { require CORE_INCLUDE_DIR . '/crontab.php'; $_GET['action'] = $_GET['cron']; return new crontab(); } filterData($_POST); require CORE_INCLUDE_DIR . '/shopCore.php'; return new shopCore(); //过滤字段 function filterData(&$data) { static $black_list = array('order_num', 'advance', 'advance_freeze', 'point_freeze', 'point_history', 'member_lv_id', 'point', 'score_rate', 'state', 'role_type', 'advance_total', 'advance_consume', 'experience', 'login_count'); foreach ($black_list as $v) { unset($data[$v]); } }