function ins($xqtable, $xqdata) { $xqactionstring = str_replace('insert', 'INSERT INTO ', $xqaction); $xqactionmiddle = str_replace('insert', ' VALUES ', $xqaction); $xqfieldnames = implode(mysql_real_escape_array(array_keys($xqdata)), '`, `'); $xqvalues = implode(mysql_real_escape_array(array_values($xqdata)), '\', \''); foreach ($xqdata as $key => $value) { $sqlstring .= "'split'`{$key}` = '{$value}'"; } $xqselectconditions = implode(explode("'split'", $sqlstring), ' AND '); // print_r($xqselectconditions); $xqidfield = $xqtable . '_id'; //This next block of code needs to be uncommented for the duplicate-checking feature to work… as does the closing brace a ways down… /* $xqinitqueryarray = mysql_fetch_array(mysql_query("SELECT `" . $xqidfield . "` FROM `" . $xqtable . "` WHERE `" . $xqselectconditions . ';')); if ($xqinitqueryarray[$xqidfield]) { $xqnewitemid = $xqinitqueryarray[$xqidfield]; } else { */ $insquery = 'INSERT INTO `' . $xqtable . '` ( `node_revision_id`, `' . $xqfieldnames . '` ) VALUES ( NULL , \'' . $xqvalues . '\');'; //echo $insquery; mysql_query($insquery); global $newIntfId; $xqnewitemid = mysql_insert_id(); // } global $newItemId; $newItemId = $xqnewitemid; }
/** * Does mysql_real_escape_string() on every value in an array * * @param array The array to be escaped */ function mysql_real_escape_array($data) { if (is_array($data)) { foreach ($data as $key => $value) { $data[$key] = mysql_real_escape_array($value); } return $data; } else { //escape if not numeric if (!is_numeric($data)) { return mysql_real_escape_string($data); } else { return $data; } } }
require_once 'sys.includes.php'; $page_title = __('E-mail templates', 'cftp_admin'); $active_nav = 'options'; include 'header.php'; $database->MySQLDB(); if ($_POST) { /** Checkboxes */ $checkboxes = array('email_header_footer_customize', 'email_new_file_by_user_customize', 'email_new_file_by_client_customize', 'email_new_client_by_user_customize', 'email_new_client_by_self_customize', 'email_new_user_customize', 'email_pass_reset_customize'); foreach ($checkboxes as $checkbox) { $_POST[$checkbox] = empty($_POST[$checkbox]) || !isset($_POST[$checkbox]) ? 0 : 1; } /** * Escape all the posted values on a single function. * Defined on functions.php */ $_POST = mysql_real_escape_array($_POST); $keys = array_keys($_POST); $options_total = count($keys); $updated = 0; for ($j = 0; $j < $options_total; $j++) { $q = 'UPDATE tbl_options SET value="' . $_POST[$keys[$j]] . '" WHERE name="' . $keys[$j] . '"'; $sql = mysql_query($q, $database->connection); $updated++; } if ($updated > 0) { $query_state = '1'; } else { $query_state = '2'; } /** Redirect so the options are reflected immediatly */ while (ob_get_level()) {