3 * Copyright (C) 2009 Rod Roark <rod@sunsetsystems.com>
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
10 * These functions should be used to globally validate and prepare
11 * data for sql database insertion.
15 /** Main function that will manage POST, GET, and REQUEST variables
17 * @param string $name name of the variable requested.
18 * @param string $type 'P', 'G' for post or get data, otherwise uses request.
19 * @param bool $istrim whether to use trim() on the data.
20 * @return string variable requested, or empty string
22 function formData($name, $type='P', $isTrim=false) {
24 $s = isset($_POST[$name]) ?
$_POST[$name] : '';
25 else if ($type == 'G')
26 $s = isset($_GET[$name]) ?
$_GET[$name] : '';
28 $s = isset($_REQUEST[$name]) ?
$_REQUEST[$name] : '';
30 return formDataCore($s,$isTrim);
33 // Core function that will be called by formData.
34 // Note it can also be called directly if preparing
35 // normal variables (not GET,POST, or REQUEST)
36 function formDataCore($s, $isTrim=false) {
38 if ($isTrim) {$s = trim($s);}
40 $s = strip_escape_custom($s);
41 //add escapes for safe database insertion
42 $s = add_escape_custom($s);
46 // Will remove escapes if needed (ie magic quotes turned on) from string
47 // Called by above formDataCore() function to prepare for database insertion.
48 // Can also be called directly if simply need to remove escaped characters
49 // from a string before processing.
50 function strip_escape_custom($s) {
51 //strip slashes if magic quotes turned on
52 if (get_magic_quotes_gpc()) {$s = stripslashes($s);}
56 // Will add escapes as needed onto a string
57 // Called by above formDataCore() function to prepare for database insertion.
58 // Can also be called directly if need to escape an already process string (ie.
59 // escapes were already removed, then processed, and now want to insert into
61 function add_escape_custom($s) {
62 //prepare for safe mysql insertion
63 $s = mysql_real_escape_string($s);
67 // This function is only being kept to support
68 // previous functionality. If you want to trim
69 // variables, this should be done using above
71 function formTrim($s) {
72 return formDataCore($s,true);