function Query_AddUserInput($match) { global $args; $match = $match[1]; $format = 's'; if (preg_match("/^\\d+\\D\$/", $match)) { $format = substr($match, strlen($match) - 1, 1); $match = substr($match, 0, strlen($match) - 1); } $var = $args[$match + 1]; if ($var === NULL) { return 'NULL'; } if ($format == 'c') { if (empty($var)) { return 'NULL'; } $final = ''; foreach ($var as $v) { $final .= '\'' . SqlEscape($v) . '\','; } return substr($final, 0, -1); } if ($format == "i") { return (string) (int) $var; } if ($format == "u") { return (string) max((int) $var, 0); } return '\'' . SqlEscape($var) . '\''; }
function Query_AddUserInput($match) { global $args; $match = $match[1]; $format = 's'; if (preg_match("/^\\d+\\D\$/", $match)) { $format = substr($match, strlen($match) - 1, 1); $match = substr($match, 0, strlen($match) - 1); } $var = $args[$match + 1]; if ($var === NULL) { return 'NULL'; } if ($format == 'c') { $final = ''; foreach ($var as $v) { $final .= '\'' . SqlEscape($v) . '\','; } return substr($final, 0, -1); } if ($format == "i") { return (string) (int) $var; } if ($format == "u") { return (string) max((int) $var, 0); } if ($format == "l") { //This is used for storing integers using the full 32bit range. //TODO: add code to emulate the 32bit overflow on 64bit. return (string) (int) $var; } return '\'' . SqlEscape($var) . '\''; }
function HandleUsername($field, $item) { global $user; if (IsReallyEmpty($_POST[$field])) { $_POST[$field] = $user[$field]; } $dispCheck = FetchResult("select count(*) from {users} where id != {0} and (name = {1} or displayname = {1})", $user['id'], $_POST[$field]); if ($dispCheck) { return format(__("The login name you entered, \"{0}\", is already taken."), SqlEscape($_POST[$field])); } else { if ($_POST[$field] !== ($_POST[$field] = preg_replace('/(?! )[\\pC\\pZ]/u', '', $_POST[$field]))) { return __("The login name you entered cannot contain control characters."); } } }