function anti_inject($campo)
{
foreach ($campo as $key => $val) {
$val = mysql_real_escape_string($val);
// store it back into the array
$campo[$key] = $val;
}
return $campo;
//Returns the the var clean
//the next two lines make sure all post and get vars are filtered through this function
$_POST = anti_inject($_POST);
$_GET = anti_inject($_GET);
}
public function update_customer_detail($id_customer, $photo = '')
{
parent::model('update');
$values = array('fullname' => anti_inject($_POST['fullname']), 'sex' => anti_inject($_POST['sex']), 'photo' => $photo, 'address' => anti_inject($_POST['address']), 'state' => anti_inject($_POST['state']), 'city' => anti_inject($_POST['city']), 'postal_code' => anti_inject($_POST['postal_code']), 'phone_number' => anti_inject($_POST['phone_number']), 'email' => anti_inject($_POST['email']));
$this->db->table('customer_detail');
$this->db->update($values);
$this->db->where('id_customer = "' . $id_customer . '"');
return $this->db->build();
}
//remove words that contains syntax sql
$val = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\\*|--|\\\\)/"), "", $val);
//Remove empty spaces
$val = trim($val);
//Removes tags html/php
$val = strip_tags($val);
//Add inverted bars to a string
$val = addslashes($val);
// store it back into the array
$campo[$key] = $val;
}
return $campo;
//Returns the the var clean
}
$_GET = anti_inject($_GET);
$_POST = anti_inject($_POST);
require "global_func.php";
if ($_SESSION['loggedin'] == 0) {
header("Location: login.php");
exit;
}
$userid = $_SESSION['userid'];
require "header.php";
include "config.php";
include "language.php";
global $_CONFIG;
define("MONO_ON", 1);
require "class/class_db_{$_CONFIG['driver']}.php";
$db = new database();
$db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']);
$db->connect();
