function createShittalkRow($text) { $text_escaped = mysql_escape_mimic(strip_double_quotes($text)); $today = mysql_escape_mimic(date("Y-m-d H:i:s")); $sql = "INSERT INTO `shittalkDB`\n (`text`, `date_created`, `custom`)\n VALUES ('{$text_escaped}', '{$today}', 0);"; $result = mySqlQuery($sql); return $result; }
function clean_title(&$title, $key) { $title = substr($title, 1, strlen($title) - 2); $title = urldecode($title); $title = mysql_escape_mimic($title); $title = "'" . $title . "'"; return $title; }
function getUpvotedTextRowsForCfg($limit = 150) { $response = []; $limit_escaped = mysql_escape_mimic($limit); $sql = "SELECT *, `upvotes` - `downvotes` AS `netVotes` FROM shittalkDB WHERE (`upvotes` - `downvotes`) >= 5 ORDER by `netVotes` DESC LIMIT {$limit_escaped};"; $result = mySqlQuery($sql); if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { $response[] = $row['text']; } } return $response; }
protected static function sanitize($input) { # Emails get mutilated here -- let's check that first $preg = "/[a-z0-9!#\$%&'*+=?^_`{|}~-]+(?:\\.[a-z0-9!#\$%&'*+=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)\\b/"; if (preg_match($preg, $input) === 1) { # It's an email, let's escape it and be done with it $output = mysql_escape_mimic($input); return $output; } if (is_array($input)) { foreach ($input as $var => $val) { $output[$var] = self::staticSanitize($val); } } else { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } $input = htmlentities(self::cleanInput($input)); $input = str_replace('_', '_', $input); // Fix _ potential wildcard $input = str_replace('%', '%', $input); // Fix % potential wildcard $input = str_replace("'", ''', $input); $input = str_replace('"', '"', $input); $output = mysql_escape_mimic($input); } return $output; }
function timestampDeletion($count = 0, $downvotes = 0, $upvotes = 0) { date_default_timezone_set('America/New_York'); $timestamp = date('Y-m-d G:i:s'); $count_escaped = mysql_escape_mimic($count); $downvotes_escaped = mysql_escape_mimic($downvotes); $upvotes_escaped = mysql_escape_mimic($upvotes); $sql = "UPDATE `timestamps`\n SET uses = uses + 1,\n last_use = '{$timestamp}',\n num_deleted = num_deleted + '{$count_escaped}',\n downvotes_deleted = downvotes_deleted + '{$downvotes_escaped}',\n upvotes_deleted = upvotes_deleted + '{$upvotes_escaped}'\n WHERE `action` = 'delete_Downvoted';"; $result = mySqlQuery($sql); if ($result === true) { echo 'Updated timestamp<br />'; } else { var_dump($result); } }
$in = array(&$_GET, &$_POST); if (get_magic_quotes_gpc()) { while (list($k, $v) = each($in)) { foreach ($v as $key => $val) { if (!is_array($val)) { $in[$k][mysql_escape_mimic(htmlspecialchars(stripslashes($key), ENT_QUOTES))] = mysql_escape_mimic(htmlspecialchars(stripslashes($val), ENT_QUOTES)); } else { $in[] =& $in[$k][$key]; } } } } else { while (list($k, $v) = each($in)) { foreach ($v as $key => $val) { if (!is_array($val)) { $in[$k][mysql_escape_mimic(htmlspecialchars($key, ENT_QUOTES))] = mysql_escape_mimic(htmlspecialchars($val, ENT_QUOTES)); } else { $in[] =& $in[$k][$key]; } } } } if (!function_exists('json_encode')) { function json_encode($a = false) { /** * This function encodes a PHP array into JSON * Function from php.net by Steve * Returns: @JSON */ if (is_null($a)) {
function chatlog($mysql, $sender, $sendcontent, $replycontent) { $query = "INSERT INTO `chatlog` (`id`, `sender`, `sendcontent`, `replycontent`) VALUES (NULL, '" . mysql_escape_mimic($sender) . "', '" . mysql_escape_mimic($sendcontent) . "', '" . mysql_escape_mimic($replycontent) . "');"; $mysql->query($query); }
function downvoteRow($id) { $id_escaped = mysql_escape_mimic($id); $sql = "UPDATE shittalkDB SET downvotes = downvotes + 1 WHERE `id` = {$id_escaped};"; $result = mySqlQuery($sql); return $result; }
<?php include_once 'funciones.php'; if (isset($_POST['url'])) { if (isset($_POST['comentario']) && $_POST['comentario'] !== 'Insertar comentario (indique su correo si es posible)...') { $comentario =& $_POST['comentario']; } else { $comentario = ''; } $db = new PDO('sqlite:cpanel/avisos.sqlite'); $db->query('INSERT INTO avisos (url, comentario, ip, referer, useragent) VALUES (\'' . mysql_escape_mimic($_POST['url']) . '\', \'' . mysql_escape_mimic($comentario) . '\', \'' . $_SERVER['REMOTE_ADDR'] . '\', \'' . $_SERVER['HTTP_REFERER'] . '\', \'' . $_SERVER['HTTP_USER_AGENT'] . '\');'); } ?>