/** * clean data */ function clean(&$data) { foreach ($data as $key => $post) { if (is_array($post)) { clean($post); } else { $clean[$key] = strip_tags(clean_sql($post)); } } $data = $clean; }
if (!($connection = @mysql_connect(DB_HOST . ":" . DB_PORT, DB_USER, DB_PW))) { display_error(); } // if database can not be selected, then show error if (!mysql_select_db('winestore', $connection)) { display_error(); } // get all required inputs from the form $region = clean_sql($_GET, "region", 4, $connection); $startyear = clean_sql($_GET, "startyear", 4, $connection); $mincost = clean_sql($_GET, "mincost", 50, $connection); $maxcost = clean_sql($_GET, "maxcost", 50, $connection); $wine = clean_sql($_GET, "wine", 50, $connection); $winery = clean_sql($_GET, "winery", 100, $connection); $endyear = clean_sql($_GET, "endyear", 4, $connection); $stocknum = clean_sql($_GET, "stocknum", 5, $connection); $errordisplay = ''; /* perform some basic validations to ensure that at least some records will be returned to the user */ // validation 1 - start year must be after the end year if ($startyear > $endyear) { $errordisplay .= "Start year must be same as or before the end year"; $errordisplay .= "<br/>"; } // make sure the stock number is a valid number if it has been supplied if ($stocknum != '') { if (!is_numeric($stocknum)) { $errordisplay .= "The value entered for minimum stock is not valid"; $errordisplay .= "<br/>"; } }