public static function query($sql, $params = array()) { $pdo = self::pdo(); $sql = secure_string($sql, $params); //echo $sql."<hr/>".printer($params)."<hr/>"; $b = $pdo->query($sql); self::$_last_id = $pdo->lastInsertId(); return $b; }
/** * Buffers the layout * * @return $this */ protected function addLayout() { if ($this->parent->configHas('layout')) { $name = $this->parent->getName(); $layout = secure_string(config('cms.path.layouts') . '/' . $this->parent->getConfig('layout')); $this->parent->setLayout($layout); Helper::setBufferKey($layout, 'page', $name); } return $this; }
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $field_email)) { $error_message .= '<br>' . $email_error_msg; } // PHONE if (isset($_REQUEST['contact-phone'])) { $field_phone = secure_string($_REQUEST['contact-phone']); } // SUBJECT if (isset($_REQUEST['contact-subject']) && strlen($_REQUEST['contact-subject']) > 0) { $field_subject = secure_string($_REQUEST['contact-subject']); } else { $field_subject = $default_email_subject; } // MESSAGE $field_message = secure_string($_REQUEST['contact-message']); if (strlen($field_message) < 2) { $error_message .= '<br>' . $message_error_msg; } // END IF THERE IS AT LEAST ONE ERROR MESSAGE if (strlen($error_message) > 0) { died($error_message); } /* ------------------------------------------------------------------------- SEND EMAIL ------------------------------------------------------------------------- */ function clean_string($string) { $bad = array('content-type', 'bcc:', 'to:', 'cc:', 'href'); return str_replace($bad, '', $string); }
} // PHONE if (isset($_REQUEST['reservation-phone'])) { $field_phone = secure_string($_REQUEST['reservation-phone']); } // DATE if (isset($_REQUEST['reservation-date'])) { $field_date = secure_string($_REQUEST['reservation-date']); } // TIME if (isset($_REQUEST['reservation-time'])) { $field_time = secure_string($_REQUEST['reservation-time']); } // NOTE if (isset($_REQUEST['reservation-note'])) { $field_note = secure_string($_REQUEST['reservation-note']); } // END IF THERE IS AT LEAST ONE ERROR MESSAGE if (strlen($error_message) > 0) { died($error_message); } /* ------------------------------------------------------------------------- SEND EMAIL ------------------------------------------------------------------------- */ function clean_string($string) { $bad = array('content-type', 'bcc:', 'to:', 'cc:', 'href'); return str_replace($bad, '', $string); } $email_message = $email_text . "\n\n"; if (isset($field_services)) {