function preparedata($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); $data = urldecode($data); $data = ms_escape_string($data); return $data; }
public function escape($escape_value) { $this->connect(); if (is_array($escape_value)) { foreach ($escape_value as $key => $value) { $escape_value[$key] = ms_escape_string($value); } } else { $escape_value = ms_escape_string($escape_value); } return $escape_value; }
/** * This function will return a row with student data * * @param string $student * @return mssql result row */ function getSMSStudentInfo($student) { $ret['error'] = '0'; $ret['message'] = ''; $ret['student'] = ''; list($first, $last) = preg_split("/ /", $student); $first = ms_escape_string($first); $last = ms_escape_string($last); $query = "SELECT * from StudentDemographicData WHERE FirstName like '" . $first . "' AND LastName like '" . $last . "'"; $result = queryMSsql($sql); $n = mssql_num_rows($result); if (!$n) { $ret['error'] = '1'; $ret['message'] = "Problem running query {" . $query . "}. Error: "; //.mssql_error(); } else { $row = mssql_fetch_assoc($result); $ret['message'] = "Found Student using {" . $query . "}"; $info = array(); $info['query'] = $query; $info['name'] = $row['FirstName'] . " " . $row['LastName']; $info['STGUID'] = mssql_guid_string($row['STGUID']); $ret['student'] = $info; } return $ret; }
if (!isset($data) or empty($data)) { return ''; } if (is_numeric($data)) { return $data; } $non_displayables = array('/%0[0-8bcef]/', '/%1[0-9a-f]/', '/[\\x00-\\x08]/', '/\\x0b/', '/\\x0c/', '/[\\x0e-\\x1f]/'); foreach ($non_displayables as $regex) { $data = preg_replace($regex, '', $data); } $data = str_replace("'", "", $data); return $data; } if ('GET' == $_SERVER['REQUEST_METHOD']) { if (!empty($_GET['text'])) { $freetext = ms_escape_string($_GET["text"]); } else { $freetext = ''; } if (!empty($_GET['subject'])) { $subject = $_GET["subject"]; } else { $subject = ''; } if (!empty($_GET["location"])) { $location = $_GET["location"]; } else { $location = ''; } if (!empty($_GET["semester"])) { $semester = $_GET["semester"];
$sql->execute(); if ($db->error) { print $db->errno . " : " . $db->error . "<br>"; exit; } $sql->close(); } /** * */ /** * NOW for SMS * Should not need to see if a reccord exists since I push grades up starting right off * in the beginning of the year. */ $sql = "UPDATE StudentGradeRecords\n SET Comment='" . ms_escape_string($_POST['gradeComment']) . "'\n WHERE STGUID='" . $stguid . "' AND SectionID='" . $SectionID . "' AND SchoolYear='" . $schoolYear . "'"; $result = queryMSsql($sql); } $cid = -1; $sid = -1; if (isset($_SESSION[$_CONF['sess_name'] . '_selected_class'])) { $cid = $_SESSION[$_CONF['sess_name'] . '_selected_class']; $result = get_class_info($cid); $row = $result->fetch_assoc(); $term_id = $row['term_id']; $interimDueDate = $row['interimsDueDate']; $gradesDueDate = $row['gradesDueDate']; $className = $row['course_name']; $termName = $row['term_name']; $teacherName = $row['first_name'] . " " . $row['last_name']; $tid = $_SESSION[$_CONF['sess_name'] . '_myUID'];
$exists = mssql_num_rows($r); mssql_free_result($r); if ($exists != 0) { $errmsg .= "'txn_id' has already been processed: " . $_POST['txn_id'] . "\n"; } if (!empty($errmsg)) { // manually investigate errors from the fraud checking $body = "IPN failed fraud checks: \n{$errmsg}\n\n"; $body .= $listener->getTextReport(); mail($personalEmail, 'Paypal Buyer Notice!', $body); error_log($body); exit(0); } else { $payer_email = ms_escape_string($_POST['payer_email']); $mc_gross = ms_escape_string($_POST['mc_gross']); $username = ms_escape_string($_POST['custom']); $timenow = date("y-m-d H:i:s", time()); $sql = "INSERT INTO paypal (txn_id,payer_email,mc_gross,username,date)VALUES \r\n ('{$txn_id}', '{$payer_email}', {$mc_gross}, '{$username}', '{$timenow}')"; // Add A logs of buys for server owner [Naty48] . if (!mssql_query($sql)) { error_log(mysql_error()); exit(0); } //silk update [NATY48] $silkAmount = $usdToSilks[(int) $mc_gross]; mssql_query("exec CGI.CGI_WebPurchaseSilk 0,'{$username}',0,{$silkAmount},0"); // will execute automated in game update of silks. } } else { // manually investigate the invalid IPN . // mail($personalEmail, 'Invalid IPN', $listener->getTextReport());