Exemple #1
0
function sanitize($data)
{
    return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}
Exemple #2
0
 // Insert news
 if ($action === 'i') {
     echo '<font color="green"><b>News created successfully!</b></font>';
     list($charid, $title, $text) = array((int) $_POST['selected_char'], mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
     $date = time();
     mysql_insert("INSERT INTO `znote_news` (`title`, `text`, `date`, `pid`) VALUES ('{$title}', '{$text}', '{$date}', '{$charid}');");
     // Reload the cache.
     $cache = new Cache('engine/cache/news');
     $news = fetchAllNews();
     $cache->setContent($news);
     $cache->save();
 }
 // Save
 if ($action === 's') {
     echo '<font color="green"><b>News successfully updated!</b></font>';
     list($title, $text) = array(mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
     mysql_update("UPDATE `znote_news` SET `title`='{$title}',`text`='{$text}' WHERE `id`='{$id}';");
     $cache = new Cache('engine/cache/news');
     $news = fetchAllNews();
     $cache->setContent($news);
     $cache->save();
 }
 // Edit
 if ($action === 'e') {
     $news = fetchAllNews();
     $edit = array();
     foreach ($news as $n) {
         if ($n['id'] == $id) {
             $edit = $n;
         }
     }