public function testCleanString() { $this->assertEquals('', PU_CleanString('')); $this->assertEquals('a', PU_CleanString('a')); $this->assertEquals('a', PU_CleanString('a"')); $this->assertEquals('ab', PU_CleanString('a"\'\\\\b"')); }
/** * Deal with constraints given as parameters of the query: * - a single numeric parameter is considered as a user_id * - a single string is considered as a user_name (ie login) * - an array is searched for keys: 'id' (id or name, as above), 'group' (numerical group id) * * @see stable/phpdevshell/includes/PHPDS_query#check_parameters($parameters) */ public function checkParameters(&$parameters = null) { $this->where = ' 1 '; $main_group = ''; if (!empty($parameters)) { if (!is_array($parameters)) { $parameters = array('id' => $parameters); } elseif (is_array($parameters)) { if (isset($parameters[0]) && is_array($parameters[0])) { $parameters = $parameters[0]; } } foreach ($parameters as $key => $value) { switch ($key) { case 'id': if (is_numeric($value)) { $this->where .= ' AND user_id = ' . intval($value); } else { $this->where .= ' AND user_name = "' . PU_CleanString($value) . '"'; } break; case 'user_name': $this->where .= ' AND user_name = "' . PU_CleanString($value) . '"'; break; case 'group': $main_group = intval($value); $this->where .= $this->primary_script ? " AND user_group = {$main_group} " : " AND (user_group = {$main_group} OR user_group_id = {$main_group}) "; break; } } } $this->where .= $this->sql_group(); return true; }