library/formdata.inc.php

   1 <?php
   2 // Copyright (C) 2009 Rod Roark <rod@sunsetsystems.com>
   3 //
   4 // This program is free software; you can redistribute it and/or
   5 // modify it under the terms of the GNU General Public License
   6 // as published by the Free Software Foundation; either version 2
   7 // of the License, or (at your option) any later version.
   8 //
   9 // These functions will be used to globally validate and prepare
  10 // data for sql database insertion.
  11 //
  12
  13 // Main function that will manage POST, GET, and
  14 // REQUEST variables
  15 function formData($name, $type='P', $isTrim=false) {
  16   if ($type == 'P')
  17     $s = isset($_POST[$name]) ? $_POST[$name] : '';
  18   else if ($type == 'G')
  19     $s = isset($_GET[$name]) ? $_GET[$name] : '';
  20   else
  21     $s = isset($_REQUEST[$name]) ? $_REQUEST[$name] : '';
  22
  23   return formDataCore($s,$isTrim);
  24 }
  25
  26 // Core function that will be called by formData.
  27 // Note it can also be called directly if preparing
  28 // normal variables (not GET,POST, or REQUEST)
  29 function formDataCore($s, $isTrim=false) {
  30       //trim if selected
  31       if ($isTrim) {$s = trim($s);}
  32       //strip escapes
  33       $s = strip_escape_custom($s);
  34       //add escapes for safe database insertion
  35       $s = add_escape_custom($s);
  36       return $s;
  37 }
  38
  39 // Will remove escapes if needed (ie magic quotes turned on) from string
  40 // Called by above formDataCore() function to prepare for database insertion.
  41 // Can also be called directly if simply need to remove escaped characters
  42 //  from a string before processing.
  43 function strip_escape_custom($s) {
  44       //strip slashes if magic quotes turned on
  45       if (get_magic_quotes_gpc()) {$s = stripslashes($s);}
  46       return $s;
  47 }
  48
  49 // Will add escapes as needed onto a string
  50 // Called by above formDataCore() function to prepare for database insertion.
  51 // Can also be called directly if need to escape an already process string (ie.
  52 //  escapes were already removed, then processed, and now want to insert into
  53 //  database)
  54 function add_escape_custom($s) {
  55       //prepare for safe mysql insertion
  56       $s = mysql_real_escape_string($s);
  57       return $s;
  58 }
  59
  60 // This function is only being kept to support
  61 // previous functionality. If you want to trim
  62 // variables, this should be done using above
  63 // functions.
  64 function formTrim($s) {
  65   return formDataCore($s,true);
  66 }
  67 ?>