/**
* Performs a full escape
*
* @uses wd_mysql_escape_mimic()
* @param $string
* @return array|mixed
*/
protected function escape($string)
{
global $wpdb;
// recursively go through if it is an array
if (is_array($string)) {
foreach ($string as $k => $v) {
$string[$k] = $this->escape($v);
}
return $string;
}
if (is_float($string)) {
return $string;
}
// Escape support for WP < 4.0
if (method_exists($wpdb, 'esc_like')) {
return esc_sql($wpdb->esc_like($string));
}
return esc_sql(wd_mysql_escape_mimic($string));
}
/**
* Performs a full escape
*
* @uses wd_mysql_escape_mimic()
* @param $string
* @return array|mixed
*/
protected function escape($string)
{
global $wpdb;
// recursively go through if it is an array
if (is_array($string)) {
foreach ($string as $k => $v) {
$string[$k] = $this->escape($v);
}
return $string;
}
if (is_float($string)) {
return $string;
}
// Escape for 4.0 >=
if (method_exists($wpdb, 'esc_like')) {
return $wpdb->esc_like($string);
}
// Escape support for WP < 4.0
if (function_exists('like_escape')) {
return like_escape($string);
}
// Okay, what? Not one function is present, use the one we have
return wd_mysql_escape_mimic($string);
}
<?php
include ASP_PATH . "backend/tabs/instance/advanced_options.php";
?>
</fieldset>
</div>
</div>
<input type="hidden" name="sett_tabid" id="sett_tabid" value="1" />
</form>
</div>
<?php
$output = ob_get_clean();
?>
<?php
if (isset($_POST['submit_' . $search['id']])) {
$params = wpdreams_parse_params($_POST);
//print_r($params);
$data = wd_mysql_escape_mimic(json_encode($params));
//print_r($_POST);
$search['id'] = (int) $search['id'];
// secure the parameter
$wpdb->query("\n UPDATE " . $_prefix . "ajaxsearchpro\n SET data = '" . $data . "'\n WHERE id = " . $search['id'] . "\n ");
$style = $params;
$id = $search['id'];
asp_register_wpml_translations($params);
asp_generate_the_css();
echo "<div class='successMsg'>Search settings saved!</div>";
}
echo $output;
?>
</div>
if (response == 1) {
$this.parent().fadeOut();
}
});
}
});
<?php
$items1 = "";
foreach ($top20 as $item) {
$items1 .= "['" . wd_mysql_escape_mimic($item['keyword']) . "', " . $item['num'] . "],";
rtrim($items1, ",");
}
$items2 = "";
foreach ($last20 as $item) {
$items2 .= "['" . wd_mysql_escape_mimic($item['keyword']) . "', " . $item['num'] . "],";
rtrim($items2, ",");
}
?>
var line1 = [<?php
echo $items1;
?>
];
var line2 = [<?php
echo $items2;
?>
];
var plot1 = $.jqplot('top20', [line1], {
title: 'Top 20 Search Phrases',
series: [
{renderer: $.jqplot.BarRenderer}
<?php
}
?>
<div class="wpdreams-box">
<form name="add-slider" action="" method="POST">
<fieldset>
<legend>Create a new search instance</legend>
<?php
$new_slider = new wpdreamsText("addsearch", "Search form name:", "", array(array("func" => "wd_isEmpty", "op" => "eq", "val" => false)), "Please enter a valid form name!");
?>
<input name="submit" type="submit" value="Add"/>
<?php
if (isset($_POST['addsearch']) && !$new_slider->getError()) {
$_search_default = get_option('asp_defaults');
$wpdb->query("INSERT INTO " . $_prefix . "ajaxsearchpro\n (name, data) VALUES\n ('" . esc_sql($_POST['addsearch']) . "', '" . wd_mysql_escape_mimic(json_encode($_search_default)) . "')");
$id = $wpdb->insert_id;
asp_generate_the_css();
echo "<div class='successMsg'>Search Form Successfuly added!</div>";
}
if (isset($_POST['instance_new_name']) && isset($_POST['instance_id'])) {
if ($_POST['instance_new_name'] != '' && strlen($_POST['instance_new_name']) > 0) {
$wpdb->query($wpdb->prepare("UPDATE " . $_prefix . "ajaxsearchpro SET name = '%s' WHERE id = %d", $_POST['instance_new_name'], $_POST['instance_id']));
echo "<div class='infoMsg'>Form name changed!</div>";
} else {
echo "<div class='errorMsg'>Failure. Form name must be at least 1 character long</div>";
}
}
if (isset($_POST['instance_copy_id'])) {
if ($_POST['instance_copy_id'] != '') {
$wpdb->query($wpdb->prepare("INSERT INTO " . $_prefix . "ajaxsearchpro( name, data ) SELECT CONCAT(name, ' duplicate'), data FROM " . $_prefix . "ajaxsearchpro WHERE id=%d;", $_POST['instance_copy_id']));
