public function __construct($municipio) { parent::__construct(); if ($municipio == null || $municipio == "") { } $divisao = explode('_', $this->retira_acentos($municipio)); $this->nomeCru = $divisao[0]; $stringTratada = cidade_anti_sql_injection(str_replace('-', ' ', $divisao[0])); $this->UrlNome = $stringTratada; if (sizeof($divisao) > 1) { $this->ufCru = $divisao[1]; $stringUfTratada = cidade_anti_sql_injection(str_replace('-', ' ', $divisao[1])); $this->UrlUf = $stringUfTratada; } $this->read(); }
public function __construct($municipio1Arvore, $municipio2Arvore) { if ($municipio1Arvore == 'nulo' || $municipio2Arvore != 'nulo') { $this->divisao2 = explode('/', $municipio2Arvore); $this->espac2 = $this->divisao2[0]; $this->divisaoMun2 = explode('_', $this->divisao2[1]); //Explode Municipio 2 $stringTratada2 = cidade_anti_sql_injection(str_replace('-', ' ', $this->divisaoMun2[0])); $this->nomeTratadoMun2 = $stringTratada2; $this->uf2Cru = $this->divisaoMun2[1]; $stringUf2Tratada = cidade_anti_sql_injection(str_replace('-', ' ', $this->divisaoMun2[1])); $this->UrlUf2 = $stringUf2Tratada; $this->Ano2 = $this->divisaoMun2[2]; if (isset($this->divisaoMun2[3])) { $this->Ideal2 = $this->divisaoMun2[3]; } else { $this->Ideal2 = false; } } if ($municipio1Arvore != 'nulo' || $municipio2Arvore == 'nulo') { $this->divisao1 = explode('/', $municipio1Arvore); $this->espac1 = $this->divisao1[0]; $this->divisaoMun1 = explode('_', $this->divisao1[1]); //Explode Municipio 1 $stringTratada1 = cidade_anti_sql_injection(str_replace('-', ' ', $this->divisaoMun1[0])); $this->nomeTratadoMun1 = $stringTratada1; $this->uf1Cru = $this->divisaoMun1[1]; $stringUf1Tratada = cidade_anti_sql_injection(str_replace('-', ' ', $this->divisaoMun1[1])); $this->UrlUf1 = $stringUf1Tratada; $this->Ano1 = $this->divisaoMun1[2]; if (isset($this->divisaoMun1[3])) { $this->Ideal1 = $this->divisaoMun1[3]; } else { $this->Ideal1 = false; } } $this->idAnos(); $this->read(); }
//========================================================================== //Load variables //========================================================================== $db = new bd(); $search = $_POST['s']; $tabela = $_POST['_in']; //========================================================================== //Unset globals variables //========================================================================== unset($_POST); //========================================================================== //Tramento anti sql injection //========================================================================== $stringTratada = ""; $search = replaceTags(" (", ")", "", $search); $stringTratada = retira_acentos(cidade_anti_sql_injection($search)); //========================================================================== //Consulta //========================================================================== switch ($tabela) { case TABELA_MUNICIPIO: $SQL1 = "SELECT municipio.nome,estado.uf,municipio.id FROM municipio\n INNER JOIN estado ON (estado.id = municipio.fk_estado)\n WHERE sem_acento(municipio.nome) ILIKE '{$stringTratada}%' ORDER BY municipio.nome LIMIT 9"; break; case TABELA_REGIAOMETROPOLITANA: // $SQL1 = "SELECT rm.nome, estado.uf, rm.id FROM rm // INNER JOIN estado ON (estado.id = rm.fk_estado) // WHERE sem_acento(rm.nome) ILIKE '$stringTratada%' ORDER BY rm.nome LIMIT 9"; $SQL1 = "SELECT rm.nome as nome, 0 as uf, rm.id FROM rm\n WHERE sem_acento(rm.nome) ILIKE '{$stringTratada}%' AND rm.ativo = TRUE ORDER BY rm.nome LIMIT 9"; break; case TABELA_ESTADO: $SQL1 = "SELECT nome, 0 as uf, id FROM estado\n WHERE sem_acento(nome) ILIKE '{$stringTratada}%' ORDER BY nome LIMIT 9";
function anti_sql_injection_bool($str) { return mb_convert_case($str, MB_CASE_LOWER, "UTF-8") != cidade_anti_sql_injection($str); }
<?php if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') { header("Location: {$path_dir}404"); } require_once '../../../config/config_path.php'; require_once '../../../config/config_gerais.php'; require_once '../util/protect_sql_injection.php'; ini_set("display_errors", 0); ob_start("ob_gzhandler"); function retira_acentos($texto) { $array1 = array("á", "à", "â", "ã", "ä", "é", "è", "ê", "ë", "í", "ì", "î", "ï", "ó", "ò", "ô", "õ", "ö", "ú", "ù", "û", "ü", "ç", "Á", "À", "Â", "Ã", "Ä", "É", "È", "Ê", "Ë", "Í", "Ì", "Î", "Ï", "Ó", "Ò", "Ô", "Õ", "Ö", "Ú", "Ù", "Û", "Ü", "Ç"); $array2 = array("a", "a", "a", "a", "a", "e", "e", "e", "e", "i", "i", "i", "i", "o", "o", "o", "o", "o", "u", "u", "u", "u", "c", "A", "A", "A", "A", "A", "E", "E", "E", "E", "I", "I", "I", "I", "O", "O", "O", "O", "O", "U", "U", "U", "U", "C"); return str_replace($array1, $array2, $texto); } $consulta = $_POST["consulta"]; //========================================================================== //Tramento anti sql injection //========================================================================== $stringTratada = ""; $stringTratada = retira_acentos(cidade_anti_sql_injection($consulta)); //========================================================================== //Consulta //========================================================================== $sql_lugares = ""; $sql_indicadores = ""; if (file_exists("../preconsultas/{$stringTratada}.json")) { include "../preconsultas/{$stringTratada}.json"; }