public function EditImg()
{
$data = file_get_contents($_FILES['imagen']['tmp_name']);
$tipo = file_get_contents($_FILES['imagen']['type']);
$this->id_user = intval($_GET['id_user']);
$this->imagen = real_escape_string($data);
$this->tipo_imagen = real_escape_string($tipo);
$this->con->query("UPDATE user SET imagen='{$this->imagen}', tipo_imagen='{$this->tipo_imagen}' WHERE id_user='******';");
/*$permitidos = array("image/jpg", "image/jpeg", "image/gif", "image/png");
$limite_kb = 163840;
if (in_array($_FILES['imagen']['type'], $permitidos) && $_FILES['imagen']['size'] <= $limite_kb * 1024)
{
$this->con->query("UPDATE user SET imagen='$this->imagen', tipo_imagen='$this->tipo_imagen'
WHERE id_user='******';");
}*/
}
public function san_sqli($indexEscFunc, $input)
{
/*
* 0 - mysql_real_escape_string
* 1 - mysqli_real_escape_string
* 2 - real_escape_string (mysqli oo)
* ---- DB2
* 3 - db2_escape_string
* ---- PostgreSQL
* 4 - pg_escape_string
*/
$dec = base64_decode($input);
$value = strcmp($input, $dec);
if ($value !== 0) {
$final = $dec;
} else {
if (strpos($input, '/*') && strpos($input, '*/')) {
$final = str_replace('/*', '', $input);
$final = str_replace('*/', '', $final);
} else {
if (preg_match("/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>(.*)/i", $input) > 0 || preg_match("/<(.*)S(.*)C(.*)R(.*)I(.*)P(.*)T(.*)>(.*)/i", $input) > 0) {
$final = htmlentities($input);
} else {
$final = $input;
}
}
}
if ($indexEscFunc == 0) {
return mysql_real_escape_string($final);
}
if ($indexEscFunc == 1) {
return mysqli_real_escape_string($final);
}
if ($indexEscFunc == 2) {
return real_escape_string($final);
}
if ($indexEscFunc == 3) {
return db2_escape_string($final);
}
if ($indexEscFunc == 4) {
return pg_escape_string($final);
}
}
