public function EditImg() { $data = file_get_contents($_FILES['imagen']['tmp_name']); $tipo = file_get_contents($_FILES['imagen']['type']); $this->id_user = intval($_GET['id_user']); $this->imagen = real_escape_string($data); $this->tipo_imagen = real_escape_string($tipo); $this->con->query("UPDATE user SET imagen='{$this->imagen}', tipo_imagen='{$this->tipo_imagen}' WHERE id_user='******';"); /*$permitidos = array("image/jpg", "image/jpeg", "image/gif", "image/png"); $limite_kb = 163840; if (in_array($_FILES['imagen']['type'], $permitidos) && $_FILES['imagen']['size'] <= $limite_kb * 1024) { $this->con->query("UPDATE user SET imagen='$this->imagen', tipo_imagen='$this->tipo_imagen' WHERE id_user='******';"); }*/ }
public function san_sqli($indexEscFunc, $input) { /* * 0 - mysql_real_escape_string * 1 - mysqli_real_escape_string * 2 - real_escape_string (mysqli oo) * ---- DB2 * 3 - db2_escape_string * ---- PostgreSQL * 4 - pg_escape_string */ $dec = base64_decode($input); $value = strcmp($input, $dec); if ($value !== 0) { $final = $dec; } else { if (strpos($input, '/*') && strpos($input, '*/')) { $final = str_replace('/*', '', $input); $final = str_replace('*/', '', $final); } else { if (preg_match("/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>(.*)/i", $input) > 0 || preg_match("/<(.*)S(.*)C(.*)R(.*)I(.*)P(.*)T(.*)>(.*)/i", $input) > 0) { $final = htmlentities($input); } else { $final = $input; } } } if ($indexEscFunc == 0) { return mysql_real_escape_string($final); } if ($indexEscFunc == 1) { return mysqli_real_escape_string($final); } if ($indexEscFunc == 2) { return real_escape_string($final); } if ($indexEscFunc == 3) { return db2_escape_string($final); } if ($indexEscFunc == 4) { return pg_escape_string($final); } }