library/formdata.inc.php

   1 <?php
   2 /**
   3  * Copyright (C) 2009 Rod Roark <rod@sunsetsystems.com>
   4  *
   5  * This program is free software; you can redistribute it and/or
   6  * modify it under the terms of the GNU General Public License
   7  * as published by the Free Software Foundation; either version 2
   8  * of the License, or (at your option) any later version.
   9  *
  10  * These functions should be used to globally validate and prepare
  11  * data for sql database insertion.
  12  *
  13  */
  14
  15 /** Main function that will manage POST, GET, and REQUEST variables
  16  *
  17  * @param string $name name of the variable requested.
  18  * @param string $type 'P', 'G' for post or get data, otherwise uses request.
  19  * @param bool $istrim whether to use trim() on the data.
  20  * @return string variable requested, or empty string
  21  */
  22 function formData($name, $type='P', $isTrim=false) {
  23   if ($type == 'P')
  24     $s = isset($_POST[$name]) ? $_POST[$name] : '';
  25   else if ($type == 'G')
  26     $s = isset($_GET[$name]) ? $_GET[$name] : '';
  27   else
  28     $s = isset($_REQUEST[$name]) ? $_REQUEST[$name] : '';
  29
  30   return formDataCore($s,$isTrim);
  31 }
  32
  33 // Core function that will be called by formData.
  34 // Note it can also be called directly if preparing
  35 // normal variables (not GET,POST, or REQUEST)
  36 function formDataCore($s, $isTrim=false) {
  37       //trim if selected
  38       if ($isTrim) {$s = trim($s);}
  39       //strip escapes
  40       $s = strip_escape_custom($s);
  41       //add escapes for safe database insertion
  42       $s = add_escape_custom($s);
  43       return $s;
  44 }
  45
  46 // Will remove escapes if needed (ie magic quotes turned on) from string
  47 // Called by above formDataCore() function to prepare for database insertion.
  48 // Can also be called directly if simply need to remove escaped characters
  49 //  from a string before processing.
  50 function strip_escape_custom($s) {
  51       //strip slashes if magic quotes turned on
  52       if (get_magic_quotes_gpc()) {$s = stripslashes($s);}
  53       return $s;
  54 }
  55
  56 // Will add escapes as needed onto a string
  57 // Called by above formDataCore() function to prepare for database insertion.
  58 // Can also be called directly if need to escape an already process string (ie.
  59 //  escapes were already removed, then processed, and now want to insert into
  60 //  database)
  61 function add_escape_custom($s) {
  62       //prepare for safe mysql insertion
  63       $s = mysql_real_escape_string($s);
  64       return $s;
  65 }
  66
  67 // This function is only being kept to support
  68 // previous functionality. If you want to trim
  69 // variables, this should be done using above
  70 // functions.
  71 function formTrim($s) {
  72   return formDataCore($s,true);
  73 }
  74 ?>