PHP Tools::escape_string Examples

Example #1

File: smarty_tools.php Project: fg-ok/codev

 /**
  * @param int $value
  * @param bool $allowNull
  * @return int $value
  * @throws Exception
  * @deprecated Use Tools::getSecurePOSTIntValue($key, $defaultValue)
  */
 public static function checkNumericValue($value, $allowNull = FALSE)
 {
     if (NULL == $value && TRUE == $allowNull) {
         return NULL;
     }
     $formattedValue = Tools::escape_string($value);
     if (!is_numeric($formattedValue)) {
         echo "<span style='color:red'>ERROR: Please contact your CodevTT administrator</span>";
         $e = new Exception("SECURITY ALERT: Attempt to set non_numeric value ({$value})");
         self::$logger->fatal("EXCEPTION: " . $e->getMessage());
         self::$logger->fatal("EXCEPTION stack-trace:\n" . $e->getTraceAsString());
         throw $e;
     }
     return $formattedValue;
 }

Example #2

File: tools.php Project: dfuzeau/codev

 /**
  * Get a clean up String value by POST
  * @static
  * @param string $key The key
  * @param mixed $defaultValue The value used if no value found. If null, the value is mandatory
  * @return string The value or die if there is a problem
  */
 public static function getSecurePOSTStringValue($key, $defaultValue = NULL)
 {
     if (isset($_POST[$key])) {
         return Tools::escape_string($_POST[$key]);
     } else {
         if (isset($defaultValue)) {
             return $defaultValue;
         } else {
             self::sendBadRequest("No POST value for " . $key);
             die("<span style='color:red'>ERROR: Please contact your CodevTT administrator</span>");
         }
     }
 }

Example #3

File: commandset_edit.php Project: fg-ok/codev

 /**
  * Action on 'Save' button
  *
  * @param CommandSet $cmdset
  */
 private function updateCommandSetInfo($cmdset)
 {
     // TODO check sc_teamid in grantedTeams
     $cset_teamid = Tools::getSecurePOSTIntValue('cset_teamid');
     if ($cset_teamid != $this->teamid) {
         // switch team (because you won't find the SC in current team's contract list)
         $_SESSION['teamid'] = $cset_teamid;
         $this->updateTeamSelector();
     }
     $cmdset->setTeamid($cset_teamid);
     $formattedValue = Tools::escape_string($_POST['commandsetName']);
     $cmdset->setName($formattedValue);
     $formattedValue = Tools::escape_string($_POST['commandsetReference']);
     $cmdset->setReference($formattedValue);
     $formattedValue = Tools::escape_string($_POST['commandsetDesc']);
     $cmdset->setDesc($formattedValue);
     $formattedValue = Tools::escape_string($_POST['commandsetDate']);
     if ('' != $formattedValue) {
         $cmdset->setDate(Tools::date2timestamp($formattedValue));
     }
     $cmdset->setCost(SmartyTools::checkNumericValue($_POST['commandsetCost'], true));
     $cmdset->setBudgetDays(SmartyTools::checkNumericValue($_POST['commandsetBudget'], true));
 }