From ebffbf853709303b7a2fbd0707ee0da86baa45cd Mon Sep 17 00:00:00 2001
From: bradymiller <bradymiller>
Date: Tue, 1 Dec 2009 23:55:36 +0000
Subject: [PATCH] support for standardization of input and mysql string
 preparation

---
 library/formdata.inc.php | 34 +++++++++++++++++++++++++++-------
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/library/formdata.inc.php b/library/formdata.inc.php
index 348e5e251..f8103ee60 100644
--- a/library/formdata.inc.php
+++ b/library/formdata.inc.php
@@ -5,22 +5,42 @@
 // modify it under the terms of the GNU General Public License
 // as published by the Free Software Foundation; either version 2
 // of the License, or (at your option) any later version.
+//
+// These functions will be used to globally validate and prepare
+// data for sql database insertion.
+//
 
-function formData($name, $type='P') {
+// Main function that will manage POST, GET, and 
+// REQUEST variables 
+function formData($name, $type='P', $isTrim=false) {
   if ($type == 'P')
     $s = isset($_POST[$name]) ? $_POST[$name] : '';
   else if ($type == 'G')
     $s = isset($_GET[$name]) ? $_GET[$name] : '';
   else
     $s = isset($_REQUEST[$name]) ? $_REQUEST[$name] : '';
-  if (get_magic_quotes_gpc()) {$s = stripslashes($s);}
-  $s = mysql_real_escape_string($s);
-  return $s;
+  
+  return formDataCore($s,$isTrim);
+}
+
+// Core function that will be called by formData.
+// Note it can also be called directly if preparing
+// normal variables (not GET,POST, or REQUEST)
+function formDataCore($s, $isTrim=false) {
+      //trim if selected
+      if ($isTrim) {$s = trim($s);}
+      //strip slashes if magic quotes turned on
+      if (get_magic_quotes_gpc()) {$s = stripslashes($s);}
+      //prepare for safe mysql insertion
+      $s = mysql_real_escape_string($s);
+      return $s;
 }
 
+// This function is only being kept to support
+// previous functionality. If you want to trim
+// variables, this should be done using above
+// functions.
 function formTrim($s) {
-  if (get_magic_quotes_gpc()) {$s = stripslashes($s);}
-  $s = mysql_real_escape_string($s);
-  return trim($s);
+  return formDataCore($s,true);
 }
 ?>
-- 
2.11.4.GIT