// Вырезать из строки всякие инжекции. function SecureText($text) { $search = array("'<script[^>]*?>.*?</script>'si", "'<[\\/\\!]*?[^<>]*?>'si", "'([\r\n])[\\s]+'"); // Вырезает пробельные символы $replace = array("", "", "\\1", "\\1"); $str = preg_replace($search, $replace, $text); $str = str_replace("`", "", $str); $str = str_replace("'", "", $str); $str = str_replace("\"", "", $str); $str = str_replace("%0", "", $str); return $str; } if (method() === "POST" && $_POST['mode'] === "save") { $id = intval($_POST['template_id']); $name = SecureText($_POST['template_name']); $name = mb_substr($name, 0, 30); $now = time(); if ($id) { // Изменить $query = "SELECT * FROM " . $db_prefix . "template WHERE id = {$id} AND owner_id = " . $GlobalUser['player_id'] . " LIMIT 1"; $result = dbquery($query); if (dbrows($result) > 0) { $query = "UPDATE " . $db_prefix . "template SET name='" . $name . "', date={$now}"; foreach ($temp_map as $i => $gid) { $query .= ", ship{$gid} ='" . intval($_POST['ship'][$gid]) . "' "; } $query .= " WHERE id = {$id}"; dbquery($query); } } else {
$str = str_replace("`", "", $str); $str = str_replace("'", "", $str); $str = str_replace("\"", "", $str); $str = str_replace("%0", "", $str); return $str; } function search_selected($opt) { if ($_POST['type'] === $opt) { return "selected"; } else { return ""; } } if (method() === "POST") { $searchtext = SecureText($_POST['searchtext']); $query = ""; if ($_POST['type'] === "playername") { $query = "SELECT * FROM " . $db_prefix . "users WHERE oname LIKE '" . $searchtext . "%' LIMIT {$SEARCH_LIMIT}"; } else { if ($_POST['type'] === "planetname") { $query = "SELECT * FROM " . $db_prefix . "planets WHERE name LIKE '" . $searchtext . "%' LIMIT {$SEARCH_LIMIT}"; } else { if ($_POST['type'] === "allytag") { $query = "SELECT * FROM " . $db_prefix . "ally WHERE tag LIKE '" . $searchtext . "%' LIMIT {$SEARCH_LIMIT}"; } else { if ($_POST['type'] === "allyname") { $query = "SELECT * FROM " . $db_prefix . "ally WHERE name LIKE '" . $searchtext . "%' LIMIT {$SEARCH_LIMIT}"; } } }