function SaveCompanyTemplates($company_id, $templates) { foreach ($templates as $key => $template) { $escaped_template = EscapeString($template); ExecuteQuery("UPDATE\n\t\t\t\t\tcompany_templates\n\t\t\t\tSET \n\t\t\t\t\tcopy = '{$escaped_template}'\n\t\t\t\tWHERE\n\t\t\t\t\tcompany_id = {$company_id}\n\t\t\t\t\tAND id = {$key}"); } }
static function EscapeString($len, $scheme = null) { switch (func_num_args()) { case 1: $r = EscapeString($len); break; default: $r = EscapeString($len, $scheme); } return $r; }
public static function getRequest($key, $type, $default = '', $method = '') { if ($method == 'post') { $value = empty($_POST[$key]) || empty($_POST[$key]) && $_POST[$key] != 0 ? $default : $_POST[$key]; } elseif ($method == 'get') { $value = empty($_GET[$key]) || empty($_GET[$key]) && $_GET[$key] != 0 ? $default : $_GET[$key]; } else { $value = empty($_REQUEST[$key]) || empty($_REQUEST[$key]) && $_REQUEST[$key] != 0 ? $default : $_REQUEST[$key]; } if ($type == 'str') { $value = EscapeString($value); } elseif ($type == 'int') { $value = intval($value); } elseif ($type == 'array') { $value = is_array($value) ? $value : array(); } return $value; }
function intercom_add($message, $to, $from = 0, $duration = 120) { $to = idstring($to); $from = idstring($from); $duration = idstring($duration); $message = EscapeString($message); doquery("INSERT INTO {{table}} (`to`,`from`,`time`,`expires`,`message`) VALUES ('" . $to . "', '" . $from . "', '" . time() . "', '" . (time() + $duration) . "', '" . $message . "');", 'im'); }
function ClearArrays() { foreach ($_POST as $key => $value) { $_POST[$key] = EscapeString($value); } foreach ($_GET as $key => $value) { $_GET[$key] = EscapeString($value); } foreach ($_REQUEST as $key => $value) { $_REQUEST[$key] = EscapeString($value); } foreach ($_COOKIE as $key => $value) { $_COOKIE[$key] = EscapeString($value); } }
function GetFieldContent($str, $bakdatatype, $i, $tbstrf) { if ($bakdatatype == 1 && !empty($str) && strstr($tbstrf, ',' . $i . ',')) { $restr = '0x' . bin2hex($str); } else { $restr = '\'' . EscapeString($str) . '\''; } return $restr; }
/** * im.php * * @version 1.0 * @copyright 2009 by MadnessRed for XNova Redesigned */ if ($user['id'] < 1) { die("Not logged in"); } if ($_GET['mode'] == 'post') { $message = EscapeString(stripslashes(htmlentities($_GET['message']))); $to = idstring($_GET['to']); intercom_add($message, $to, $user['id'], 300); echo "Sent: " . date("H:i:s"); } elseif ($_GET['mode'] == 'close') { $message = EscapeString(stripslashes(htmlentities($_GET['message']))); $to = idstring($_GET['to']); doquery("DELETE FROM {{table}} WHERE `to` = " . $user['id'] . " OR `from` = " . $user['id'] . " ;", 'im'); } else { //Get messages $qry = doquery("SELECT * FROM {{table}} WHERE (`to` = " . $user['id'] . " OR `from` = " . $user['id'] . ") AND `expires` > " . time() . " ORDER BY `time` ASC LIMIT 15 ;", 'im'); $likelyids = array($user['id'] => $user['username'], 0 => $lang['System']); $mess = 0; while ($row = FetchArray($qry)) { //1 more message $mess++; //Who sent? if (strlen($likelyids[$row['from']]) > 0) { $from = $likelyids[$row['from']]; } else { $from = doquery("SELECT `username` FROM {{table}} WHERE `id` = " . $row['from'] . " LIMIT 1 ", 'users', true);