function test_input($data, $conn = null)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if (isset($conn)) {
$data = $conn->real_escape_string($data);
// escaping single quotes
} else {
$data = escapeSingleQuotes($data);
}
return $data;
}
<?php
include '../c_config.php';
$errors = array();
// array to hold validation errors
$data = array();
// array to pass back data
$tag = escapeSingleQuotes($_POST['tags']);
$id = escapeSingleQuotes($_POST['id']);
if (empty($tag)) {
$errors['tag'] = 'Tag is required.';
}
/*if (empty($_POST['name']))
$errors['name'] = 'Name is required.';*/
// return a response ===========================================================
// if there are any errors in our errors array, return a success boolean of false
if (!empty($errors)) {
// if there are items in our errors array, return those errors
$data['success'] = false;
$data['errors'] = $errors;
} else {
// if there are no errors process our form, then return a message
// DO ALL YOUR FORM PROCESSING HERE
// THIS CAN BE WHATEVER YOU WANT TO DO (LOGIN, SAVE, UPDATE, WHATEVER)
$conn = MySQL::open_conn();
//Fetching Values from URL
//Insert query
$query = "UPDATE c_posts SET tags = CONCAT(tags, '.{$tag}') WHERE ID = {$id}";
$res = $conn->query($query);
//dbQueryCheck($res, $conn);
if (!$res) {
$title = $_POST['new_post_title'];
$author_id = Users::getIDBySeassion();
if (Language == 'fa') {
$date = $_POST['new_post_date'];
// separate date from time
$time = explode(" ", $date);
$get_time = $time[1];
// joining date and time
$date = dateToGregDB($date) . ' ' . $get_time;
} else {
$date = $_POST['new_post_date'];
}
$desc = $_POST['new_post_desc'];
$status = $_POST['new_post_status'];
$comment_status = $_POST['new_post_comment_status'];
$link_title = escapeSingleQuotes($_POST['new_post_link_title']);
$link_title = urlencode(str_replace(' ', '-', $link_title));
$type = $_POST['post_type'];
// clearing all cache files so that they will rebuilt
clearAllCache();
$res = $post->updatePost($id, $date, $title, $link_title, $content, $excerpt, $desc, $status, $comment_status);
if (!$res) {
goToError('?switch=new_post', _e('cant_make_new_post_or_page', '', '', true));
}
$conn = MySQL::open_conn();
if (isset($_POST['category'])) {
$post_id = $id;
foreach ($_POST['category'] as $cat_id) {
if (is_numeric($cat_id)) {
$values[] = "({$post_id}, " . (int) $cat_id . ')';
}
$res = $conn->query($query);
if (!$res) {
goToError('index.php?switch=utilities&tab=email_templates&sub=new_template', _e('cant_make_or_update_new_template', '', '', true));
}
$maxid = 0;
$row = $conn->query("SELECT MAX(ID) AS max FROM c_emails")->fetch_array();
if ($row) {
$maxid = $row['max'];
ob_end_clean();
redirectTo('index.php?switch=utilities&tab=email_templates&sub=new_template&id=' . $maxid);
} else {
redirectTo('index.php?switch=utilities&tab=email_templates');
}
}
if (isset($_POST['update_template_submit'])) {
$name = escapeSingleQuotes($_POST['email_template_name']);
$content_html = $_POST['email_template_html'];
$content_plain = $_POST['email_template_plain'];
$query = "UPDATE c_emails SET name = '{$name}', template_html = '{$content_html}', template_plain = '{$content_plain}'";
$res = MySQL::open_conn()->query($query);
if (!$res) {
goToError('?switch=utilities&tab=email_templates&sub=new_template', _e('cant_make_or_update_new_template', '', '', true));
}
}
if (isset($_GET['id'])) {
$id = $_GET['id'];
$query = "SELECT * FROM c_emails WHERE ID = {$id} LIMIT 1";
$row = MySQL::open_conn()->query($query)->fetch_assoc();
$template_name = $row['name'];
$template_html = $row['template_html'];
$template_plain = $row['template_plain'];