PHP stripAllString Examples

Example #1

File: tedit.php Project: cpeel/dproofreaders-shadow

    $result = mysql_query("SELECT id FROM user_teams WHERE id != " . $tid . " AND teamname = '" . addslashes(stripAllString(trim($_POST['teamname']))) . "'");
    if (mysql_num_rows($result) > 0 || trim($_POST['teamname']) == '') {
        $preview = _("Preview");
        output_header($preview, SHOW_STATSBAR, $theme_extra_args);
        $teamimages = uploadImages(1, $tid, "both");
        $curTeam['avatar'] = $teamimages['avatar'];
        if (trim($_POST['teamname']) == "") {
            echo "<center><br>" . _("The team name must not be empty.") . "<br>";
        } else {
            echo "<center><br>" . _("The team name must be unique. Please make any changes and resubmit.") . "<br>";
        }
        showEdit(stripslashes($_POST['teamname']), stripslashes($_POST['text_data']), stripslashes($_POST['teamwebpage']), 0, $tid);
        echo "<br></center><br>";
    } else {
        if (!empty($_POST['tavatar'])) {
            mysql_query("UPDATE user_teams SET avatar='" . $_POST['tavatar'] . "' WHERE id = {$tid}");
        } elseif (!empty($_FILES['teamavatar'])) {
            uploadImages(0, $tid, "avatar");
        }
        if (!empty($_POST['ticon'])) {
            mysql_query("UPDATE user_teams SET icon='" . $_POST['ticon'] . "' WHERE id = {$tid}");
        } elseif (!empty($_FILES['teamicon'])) {
            uploadImages(0, $tid, "icon");
        }
        mysql_query("UPDATE user_teams SET teamname='" . addslashes(stripAllString(trim($_POST['teamname']))) . "', team_info='" . addslashes(stripAllString($_POST['text_data'])) . "', webpage='" . addslashes(stripAllString($_POST['teamwebpage'])) . "' WHERE id='{$tid}'");
        $title = _("Saving Team Update");
        $desc = _("Updating team....");
        metarefresh(0, "tdetail.php?tid={$tid}", $title, $desc);
    }
}
// vim: sw=4 ts=4 expandtab

Example #2

File: new_team.php Project: cpeel/dproofreaders-shadow

 if (isset($_POST['mkMake'])) {
     $result = mysql_query("SELECT id FROM user_teams WHERE teamname = '" . addslashes(stripAllString(trim($_POST['teamname']))) . "'");
     if (mysql_num_rows($result) > 0 || trim($_POST['teamname']) == "") {
         $name = _("Create Team");
         output_header($name);
         $teamimages = uploadImages(1, "", "both");
         $curTeam['avatar'] = $teamimages['avatar'];
         if (trim($_POST['teamname']) == "") {
             echo "<center><br>" . _("The team name must not be empty.") . "<br>";
         } else {
             echo "<center><br>" . _("The team name must be unique. Please make any changes and resubmit.") . "<br>";
         }
         showEdit(stripslashes($_POST['teamname']), stripslashes($_POST['text_data']), stripslashes($_POST['teamwebpage']), 1, 0);
         echo "<br></center><br>";
     } else {
         mysql_query("INSERT INTO user_teams (teamname,team_info,webpage,createdby,owner,created) VALUES('" . addslashes(stripAllString(trim($_POST['teamname']))) . "','" . addslashes(stripAllString($_POST['text_data'])) . "','" . addslashes(stripAllString($_POST['teamwebpage'])) . "','{$pguser}','{$userP['u_id']}','" . time() . "')");
         $tid = mysql_insert_id($db_Connection->db_lk);
         if (!empty($_POST['tavatar'])) {
             mysql_query("UPDATE user_teams SET avatar='" . $_POST['tavatar'] . "' WHERE id = {$tid}");
         } elseif (!empty($_FILES['teamavatar'])) {
             uploadImages(0, $tid, "avatar");
         }
         if (!empty($_POST['ticon'])) {
             mysql_query("UPDATE user_teams SET icon='" . $_POST['ticon'] . "' WHERE id = {$tid}");
         } elseif (!empty($_FILES['teamicon'])) {
             uploadImages(0, $tid, "icon");
         }
         //figure out which team to overwrite
         $otid = 0;
         if (!isset($_POST['teamall'])) {
             if ($userP['team_1'] == $_POST['tteams']) {