Integrate adodb binding functionality to allow sql queries with binding to prevent...
[openemr.git] / library / formdata.inc.php
blobbab5966feb12c43ed686b8df6206e0ebbd021f85
1 <?php
2 // Copyright (C) 2009 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8 //
9 // These functions will be used to globally validate and prepare
10 // data for sql database insertion.
13 // Main function that will manage POST, GET, and
14 // REQUEST variables
15 function formData($name, $type='P', $isTrim=false) {
16 if ($type == 'P')
17 $s = isset($_POST[$name]) ? $_POST[$name] : '';
18 else if ($type == 'G')
19 $s = isset($_GET[$name]) ? $_GET[$name] : '';
20 else
21 $s = isset($_REQUEST[$name]) ? $_REQUEST[$name] : '';
23 return formDataCore($s,$isTrim);
26 // Core function that will be called by formData.
27 // Note it can also be called directly if preparing
28 // normal variables (not GET,POST, or REQUEST)
29 function formDataCore($s, $isTrim=false) {
30 //trim if selected
31 if ($isTrim) {$s = trim($s);}
32 //strip escapes
33 $s = strip_escape_custom($s);
34 //add escapes for safe database insertion
35 $s = add_escape_custom($s);
36 return $s;
39 // Will remove escapes if needed (ie magic quotes turned on) from string
40 // Called by above formDataCore() function to prepare for database insertion.
41 // Can also be called directly if simply need to remove escaped characters
42 // from a string before processing.
43 function strip_escape_custom($s) {
44 //strip slashes if magic quotes turned on
45 if (get_magic_quotes_gpc()) {$s = stripslashes($s);}
46 return $s;
49 // Will add escapes as needed onto a string
50 // Called by above formDataCore() function to prepare for database insertion.
51 // Can also be called directly if need to escape an already process string (ie.
52 // escapes were already removed, then processed, and now want to insert into
53 // database)
54 function add_escape_custom($s) {
55 //prepare for safe mysql insertion
56 $s = mysql_real_escape_string($s);
57 return $s;
60 // This function is only being kept to support
61 // previous functionality. If you want to trim
62 // variables, this should be done using above
63 // functions.
64 function formTrim($s) {
65 return formDataCore($s,true);