/** * Prevents SQL injection from any ARRAY, at the same time serialize the var into save_name. This uses check_single_incomming_var() on each array item. Is recursive. * @param array $request_array * @param string $save_name * @return array checked values ready to work */ function check_all_incomming_vars($request_array, $save_name = null) { //checks all the incomming vars // V0.8 forces the use of an non empty array // if (empty($request_array)) { // $request_array = $_REQUEST; // } else { if (!is_array($request_array)) { die(__FUNCTION__ . " need an array to work"); } // } $form = array(); foreach ($request_array as $index => $value) { if (!is_array($value)) { $form[$index] = \k1lib\forms\check_single_incomming_var($value); } else { $form[$index] = check_all_incomming_vars($value); } } if (!empty($save_name)) { \k1lib\common\serialize_var($form, $save_name); } return $form; }
function array_to_sql_values($array) { if (is_array($array) && count($array) > 1) { $first = TRUE; $data_string = ""; // construct the field row $headers_count = count($array[0]); if ($headers_count > 0) { $data_string .= "("; foreach ($array[0] as $field_name) { //put the , to the string if (!$first) { $data_string .= ", "; } else { $first = FALSE; } $data_string .= trim($field_name); } $data_string .= ") VALUES "; } else { \trigger_error("wrong format in array", E_USER_ERROR); } // remove the headers to only work with the values - lazzy code :P unset($array[0]); // build the data $first_group = TRUE; foreach ($array as $values_array) { $values_count = count($values_array); if (!$first_group) { $data_string .= ", "; } else { $first_group = FALSE; } if ($values_count == $headers_count) { $data_string .= "("; $first = TRUE; foreach ($values_array as $value) { //put the , to the string if (!$first) { $data_string .= ", "; } else { $first = FALSE; } $value = \k1lib\forms\check_single_incomming_var($value); if ($value === NULL) { $data_string .= "NULL"; } elseif (!is_int($value) && !is_float($value)) { $data_string .= "'{$value}'"; } else { $data_string .= "{$value}"; } // $data_string .= ( is_numeric($value) ? $value : "'$value'"); } $data_string .= ") "; } else { \trigger_error("wrong values count of array" . print_r($array, true), E_USER_ERROR); exit; } } // join to return return $data_string; } else { trigger_error("Bad formated array in " . __FUNCTION__, E_USER_ERROR); exit; } }