function anti_inject($campo) { foreach ($campo as $key => $val) { $val = mysql_real_escape_string($val); // store it back into the array $campo[$key] = $val; } return $campo; //Returns the the var clean //the next two lines make sure all post and get vars are filtered through this function $_POST = anti_inject($_POST); $_GET = anti_inject($_GET); }
public function update_customer_detail($id_customer, $photo = '') { parent::model('update'); $values = array('fullname' => anti_inject($_POST['fullname']), 'sex' => anti_inject($_POST['sex']), 'photo' => $photo, 'address' => anti_inject($_POST['address']), 'state' => anti_inject($_POST['state']), 'city' => anti_inject($_POST['city']), 'postal_code' => anti_inject($_POST['postal_code']), 'phone_number' => anti_inject($_POST['phone_number']), 'email' => anti_inject($_POST['email'])); $this->db->table('customer_detail'); $this->db->update($values); $this->db->where('id_customer = "' . $id_customer . '"'); return $this->db->build(); }
//remove words that contains syntax sql $val = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $val); //Remove empty spaces $val = trim($val); //Removes tags html/php $val = strip_tags($val); //Add inverted bars to a string $val = addslashes($val); // store it back into the array $campo[$key] = $val; } return $campo; //Returns the the var clean } $_GET = anti_inject($_GET); $_POST = anti_inject($_POST); require "global_func.php"; if ($_SESSION['loggedin'] == 0) { header("Location: login.php"); exit; } $userid = $_SESSION['userid']; require "header.php"; include "config.php"; include "language.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db = new database(); $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect();