function sql_escapeArray($arr = array()) { $rs = array(); if ($arr && is_array($arr)) { foreach ($arr as $key => $val) { if (is_array($val)) { $rs[$key] = sql_escapeArray($val); } else { $rs[$key] = sql_escapeStr($val); } } } return $rs; }
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; switch ($action) { case 'save': $_POST['settings'] = array_map("encrypt", $_POST['settings']); foreach ($_POST['settings'] as $id => $value) { sql_query('UPDATE settings SET value="' . sql_escapeStr($value) . '" WHERE id="' . intval($id) . '"'); } location($_SERVER['PHP_SELF'], '<p class=imp>Settings has beed saved!</p>'); break; case 'add': sql_query(' INSERT INTO settings SET id=0, name="' . sql_escapeStr($_POST['name']) . '", value="' . sql_escapeStr(encrypt($_POST['value'])) . '", custom=1 '); location($_SERVER['PHP_SELF'], '<p class=imp>Setting <u>' . htmlspecialchars($_POST['name']) . '</u> has beed added!</p>'); break; case 'delete': sql_query(' DELETE FROM settings WHERE id="' . intval($_REQUEST['id']) . ' AND custom=1" '); location($_SERVER['PHP_SELF'], '<p class=imp>Setting has beed deleted!</p>'); break; } if (isset($_GET['set'])) { $_POST['name'] = $_GET['set']; } Project::getInstance()->getSmarty()->assign('settings', Project::getInstance()->getSettings());