function filterData($data)
{
foreach ($data as $index => $item) {
if ($item == 'red' && is_object($data)) {
return array();
}
if (is_object($item) || is_array($item)) {
if (is_object($data)) {
$data->{$index} = filterData($item);
} elseif (is_array($data)) {
$data[$index] = filterData($item);
}
}
}
return $data;
}
This file:
Process the forms from the index.php. Calls
to the APIs.
================================================
*/
include 'admin.class.php';
include 'treatment.class.php';
include 'billing.class.php';
include 'common.php';
include 'header.php';
// Decide which form we're processing
if (array_key_exists('submit', $_POST)) {
$action = $_POST['form_action'];
$data = filterData($_POST);
switch ($action) {
// Admin Module 1
case 'addPatient':
$a = new Admin();
if ($a->addPatient($data)) {
header('Location: index.php?admin&success=a');
} else {
printError("Failed to add a new patient.");
}
break;
case 'updatePatient':
$a = new Admin();
if ($a->updatePatient($data)) {
header('Location: index.php?admin&success=a');
} else {
<?php
header('Location: update-record.php');
require '../mysqli_connect.php';
// basic form input sanitazation
function filterData($data)
{
$data = trim(strip_tags($data));
return $data;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!empty($_POST['title'])) {
$title = filterData($_POST['title']);
} else {
$title = null;
}
if (!empty($_POST['article'])) {
$article = filterData($_POST['article']);
} else {
$article = null;
}
}
$query = "INSERT INTO article_info (title, article) VALUES ('{$title}', '{$article}')";
$respond = mysqli_query($dbc, $query);
if ($respond) {
echo "wihu";
} else {
echo "error :/";
}
mysqli_close($dbc);
$rows = GetUsers($config);
switch ($config['adapter']) {
case 'Mysql':
foreach ($rows as $val) {
$keys[] = $val['iduser'];
}
$content = RenderView($router, array('rows' => $rows, 'ids' => $keys));
break;
case 'Txt':
$content = RenderView($router, array('rows' => $rows, 'ids' => array_keys($rows)));
break;
}
break;
case 'insert':
if ($_POST) {
$data = filterData($_POST, $formdef);
$validate = validateData($data, $formdef);
if ($validate['result'] === true) {
InsertUser($config, $_POST, $userfilename);
// saltar a tabla
header("Location: /user/select");
} else {
$content = RenderView($router, array('data' => $_POST, 'config' => $config, 'validation' => $validate));
}
} else {
$rows = GetUsers($config);
$content = RenderView($router, array('rows' => $rows, 'config' => $config));
}
break;
case 'update':
if ($_POST) {
<?php
define('PERPAGE', 10);
//rewiew: 检查是否去掉
define('RUN_IN', 'FRONT_END');
error_reporting(E_ALL & ~(E_STRICT | E_NOTICE | E_WARNING));
ob_start();
if (!file_exists('config/config.php') || !(require 'config/config.php')) {
header('Location: install/');
exit;
}
ob_end_clean();
define('CORE_INCLUDE_DIR', CORE_DIR . ((!defined('SHOP_DEVELOPER') || !constant('SHOP_DEVELOPER')) && version_compare(PHP_VERSION, '5.0', '>=') ? '/include_v5' : '/include'));
if (isset($_GET['cron']) && $_GET['cron']) {
require CORE_INCLUDE_DIR . '/crontab.php';
$_GET['action'] = $_GET['cron'];
return new crontab();
}
filterData($_POST);
require CORE_INCLUDE_DIR . '/shopCore.php';
return new shopCore();
//过滤字段
function filterData(&$data)
{
static $black_list = array('order_num', 'advance', 'advance_freeze', 'point_freeze', 'point_history', 'member_lv_id', 'point', 'score_rate', 'state', 'role_type', 'advance_total', 'advance_consume', 'experience', 'login_count');
foreach ($black_list as $v) {
unset($data[$v]);
}
}
