public static function escape_str($db, $y_string) { //-- self::check_connection($db); //-- $y_string = (string) SmartUnicode::fix_charset((string) $y_string); // Fix //-- $y_string = (string) @$db->escapeString((string) $y_string); //-- return (string) $y_string; //-- }
/** * Escape a string to be compliant and Safe (against SQL Injection) with MySQL standards. * This function WILL NOT ADD the SINGLE QUOTES (') arround the string, but just will just escape it to be safe. * * @param STRING $y_string :: A String or a Number to be Escaped * @param RESOURCE $y_connection :: the connection * @return STRING :: The Escaped String / Number * */ public static function escape_str($y_string, $y_connection = 'DEFAULT') { //== $y_connection = self::check_connection($y_connection, 'ESCAPE-STR'); //== //-- Fix $y_string = (string) SmartUnicode::fix_charset((string) $y_string); //-- //-- $y_string = (string) @mysqli_real_escape_string($y_connection, (string) $y_string); //-- //-- return $y_string; //-- }
/** * Set a Key into the persistent Cache * * @param STRING $y_realm The Cache Realm * @param STRING $y_key The Cache Key * @param MIXED $y_value The value to be stored * @param INTEGER+ $y_expiration Key Expiration in seconds (zero if key does not expire) * * @return BOOLEAN Returns True if the key was set or false if not */ public static function setKey($y_realm, $y_key, $y_value, $y_expiration = 0) { //-- if (!self::isActive()) { return false; } //end if //-- if (!self::validateRealm((string) $y_realm)) { Smart::log_warning('Persistent Cache / Invalid Realm: ' . $y_realm); return false; } //end if if (!self::validateKey((string) $y_key)) { Smart::log_warning('Persistent Cache / Invalid Key: ' . $y_key); return false; } //end if //-- self::initCacheManager(); //-- $y_value = (string) SmartUnicode::fix_charset((string) $y_value); // fix $y_expiration = Smart::format_number_int($y_expiration, '+'); //-- $resexp = 1; if ((string) $y_realm == '') { $result = self::$redis->set((string) $y_key, (string) $y_value); if ($y_expiration > 0) { $resexp = self::$redis->expire((string) $y_key, (int) $y_expiration); } //end if } else { $result = self::$redis->set((string) $y_realm . ':' . $y_key, (string) $y_value); if ($y_expiration > 0) { $resexp = self::$redis->expire((string) $y_realm . ':' . $y_key, (int) $y_expiration); } //end if } //end if else //-- if (strtoupper(trim((string) $result)) == 'OK' and $resexp == 1) { return true; } else { return false; } //end if else //-- }
private function standardize_html() { //-- STANDARDIZE THE HTML CODE // * protect against client-side scripting and html denied tags :: the < ? ? > or < % % > tag(s) will be detected and if present, will be replaced with dummy tags to prevent code injection // * remove all weird / unsafe characters (ex: non-utf8) // * replace multiple spaces with just one space //-- //-- if ($this->is_std != false) { return; // avoid to re-parse } //end if //-- $this->is_std = true; //-- //-- remove all non utf8 characters $this->html = (string) preg_replace((string) Smart::lower_unsafe_characters(), '', (string) $this->html); //-- standardize new lines, tabs and line ends $this->html = (string) str_replace(array("", "\r\n", "\r", ' />', '/>'), array('', "\n", "\n", '>', '>'), (string) $this->html); //-- protect against server-side tags $this->html = (string) str_replace(array('<' . '?', '?' . '>', '<' . '%', '%' . '>'), array('<tag-question:start', 'tag-question:end>', '<tag-percent:start', 'tag-percent:end>'), (string) $this->html); //-- //-- standardize spaces and new lines $arr_spaces_cleanup = array('/([\\t ])+/si' => ' ', '/^([\\t ])+/mi' => '', '/([\\t ])+$/mi' => '', '/[\\r\\n]+([\\t ]?[\\r\\n]+)+/si' => "\n"); //-- $this->html = (string) preg_replace((array) array_keys((array) $arr_spaces_cleanup), (array) array_values((array) $arr_spaces_cleanup), (string) $this->html); $this->html = (string) SmartUnicode::fix_charset($this->html); //-- }
/** * Fix charset for param queries * Used for: pg_query_params() * * @param ARRAY $arr_params :: A mixed variable * @return STRING :: JSON string * */ private static function escape_arr_params($arr_params) { //-- if (is_array($arr_params)) { foreach ($arr_params as $k => $v) { $arr_params[$k] = (string) SmartUnicode::fix_charset((string) $v); // fix } //end foreach } //end if //-- //-- return $arr_params; // this should not be enforced to a type ... must remain as it is //-- }