本文整理汇总了PHP中strip_escape_custom函数的典型用法代码示例。如果您正苦于以下问题:PHP strip_escape_custom函数的具体用法?PHP strip_escape_custom怎么用?PHP strip_escape_custom使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了strip_escape_custom函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: formDataCore
function formDataCore($s, $isTrim = false)
{
//trim if selected
if ($isTrim) {
$s = trim($s);
}
//strip escapes
$s = strip_escape_custom($s);
//add escapes for safe database insertion
$s = add_escape_custom($s);
return $s;
}示例2: find_action
/**
* Function that will display a patient finder widged, allowing
* the user to input search parameters to find a patient id.
*/
function find_action($form_id, $form_name, $pid)
{
$isPid = false;
//fix any magic quotes meddling
$form_id = strip_escape_custom($form_id);
$form_name = strip_escape_custom($form_name);
$pid = strip_escape_custom($pid);
//prevent javascript injection, whitespace and semi-colons are the worry
$form_id = preg_replace("/[^A-Za-z0-9\\[\\]\\_\\']/iS", "", urldecode($form_id));
$form_name = preg_replace("/[^A-Za-z0-9\\[\\]\\_\\']/iS", "", urldecode($form_name));
$this->assign('form_id', $form_id);
$this->assign('form_name', $form_name);
if (!empty($pid)) {
$isPid = true;
}
$this->assign('hidden_ispid', $isPid);
return $this->fetch($GLOBALS['template_dir'] . "patient_finder/" . $this->template_mod . "_find.html");
}示例3: persist
function persist()
{
$sql = "REPLACE INTO " . $_prefix . $this->_table . " SET ";
//echo "<br><br>";
$fields = sqlListFields($this->_table);
$db = get_db();
$pkeys = $db->MetaPrimaryKeys($this->_table);
foreach ($fields as $field) {
$func = "get_" . $field;
//echo "f: $field m: $func status: " . (is_callable(array($this,$func))? "yes" : "no") . "<br>";
if (is_callable(array($this, $func))) {
$val = call_user_func(array($this, $func));
//modified 01-2010 by BGM to centralize to formdata.inc.php
// have place several debug statements to allow standardized testing over next several months
if (!is_array($val)) {
//DEBUG LINE - error_log("ORDataObject persist before strip: ".$val, 0);
$val = strip_escape_custom($val);
//DEBUG LINE - error_log("ORDataObject persist after strip: ".$val, 0);
}
if (in_array($field, $pkeys) && empty($val)) {
$last_id = generate_id();
call_user_func(array(&$this, "set_" . $field), $last_id);
$val = $last_id;
}
if (!empty($val)) {
//echo "s: $field to: $val <br>";
//modified 01-2010 by BGM to centralize to formdata.inc.php
// have place several debug statements to allow standardized testing over next several months
$sql .= " `" . $field . "` = '" . add_escape_custom(strval($val)) . "',";
//DEBUG LINE - error_log("ORDataObject persist after escape: ".add_escape_custom(strval($val)), 0);
//DEBUG LINE - error_log("ORDataObject persist after escape and then stripslashes test: ".stripslashes(add_escape_custom(strval($val))), 0);
//DEBUG LINE - error_log("ORDataObject original before the escape and then stripslashes test: ".strval($val), 0);
}
}
}
if (strrpos($sql, ",") == strlen($sql) - 1) {
$sql = substr($sql, 0, strlen($sql) - 1);
}
//echo "<br>sql is: " . $sql . "<br /><br>";
sqlQuery($sql);
return true;
}示例4: populate_object
function populate_object(&$obj)
{
if (!is_object($obj)) {
$this->function_argument_error();
}
foreach ($_POST as $varname => $var) {
$varname = preg_replace("/[^A-Za-z0-9_]/", "", $varname);
$func = "set_" . $varname;
if (!(strpos("_", $varname) === 0) && is_callable(array($obj, $func))) {
//echo "c: $func on w: " . $var . "<br />";
//modified 01-2010 by BGM to centralize to formdata.inc.php
// have place several debug statements to allow standardized testing over next several months
if (!is_array($var)) {
//DEBUG LINE - error_log("Controller populate before strip: ".$var, 0);
$var = strip_escape_custom($var);
//DEBUG LINE - error_log("Controller populate after strip: ".$var, 0);
}
call_user_func_array(array(&$obj, $func), array($var, $_POST));
}
}
return true;
}示例5: die
$plid = $_REQUEST['plid'] + 0;
// pid
$ymd = $_REQUEST['date'];
if (empty($ymd)) {
die("Internal error: date parameter is missing");
}
$date = substr($ymd, 0, 4) . '-' . substr($ymd, 4, 2) . '-' . substr($ymd, 6, 2);
$form_fitness = formData('form_fitness');
$form_issue = formData('form_issue') + 0;
$form_to = formData('form_to');
$form_note = empty($_POST['form_note']) ? '' : $_POST['form_note'];
$form_note = strip_escape_custom($form_note);
$form_am = empty($_POST['form_am']) ? '' : $_POST['form_am'];
$form_am = strip_escape_custom($form_am);
$form_pm = empty($_POST['form_pm']) ? '' : $_POST['form_pm'];
$form_pm = strip_escape_custom($form_pm);
function gen_list_options($list_id, $default = '')
{
$res = sqlStatement("SELECT * FROM list_options WHERE " . "list_id = '{$list_id}' ORDER BY seq");
while ($row = sqlFetchArray($res)) {
$key = $row['option_id'];
echo " <option value='{$key}'";
if ($key == $default) {
echo " selected";
}
echo ">" . $row['title'] . "</option>\n";
}
}
$alertmsg = '';
// anything here pops up in an alert box
// Get player info.示例6: form2real
function form2real($fldval)
{
$fldval = trim($fldval);
$fldval = strip_escape_custom($fldval);
return $fldval;
}示例7: xl
} else {
echo "<a href='" . $GLOBALS['webroot'] . "/interface/main/main.php' target='Main' class='menu' onclick='top.restoreSession()'>";
}
xl('Return to calendar', 'e');
?>
</a>
<div id="calsearch_params">
<form name="theform" id="theform" action="<?php
echo $this->_tpl_vars['FORM_ACTION'];
?>
" method="POST"> <!-- onsubmit="return top.restoreSession()"> -->
<?php
xl('Keywords', 'e');
?>
: <input type="text" name="pc_keywords" id="pc_keywords" value="<?php
echo htmlspecialchars(strip_escape_custom($_POST['pc_keywords']), ENT_QUOTES);
?>
" />
<select name="pc_keywords_andor">
<option value="AND"><?php
xl('AND', 'e');
?>
</option>
<option value="OR"><?php
xl('OR', 'e');
?>
</option>
</select>
<?php
xl('IN', 'e');
?>示例8: substr
// Tag style for stuff to hide if not an LBF layout. Currently just for the Source column.
$lbfonly = substr($layout_id, 0, 3) == 'LBF' ? "" : "style='display:none;'";
// Handle the Form actions
if ($_POST['formaction'] == "save" && $layout_id) {
// If we are saving, then save.
$fld = $_POST['fld'];
for ($lino = 1; isset($fld[$lino]['id']); ++$lino) {
$iter = $fld[$lino];
$field_id = formTrim($iter['id']);
$data_type = formTrim($iter['data_type']);
$listval = $data_type == 34 ? formTrim($iter['contextName']) : formTrim($iter['list_id']);
// Skip conditions for the line are stored as a serialized array.
$condarr = array();
for ($cix = 0; !empty($iter['condition_id'][$cix]); ++$cix) {
$andor = empty($iter['condition_andor'][$cix]) ? '' : $iter['condition_andor'][$cix];
$condarr[$cix] = array('id' => strip_escape_custom($iter['condition_id'][$cix]), 'itemid' => strip_escape_custom($iter['condition_itemid'][$cix]), 'operator' => strip_escape_custom($iter['condition_operator'][$cix]), 'value' => strip_escape_custom($iter['condition_value'][$cix]), 'andor' => strip_escape_custom($andor));
}
$conditions = empty($condarr) ? '' : serialize($condarr);
if ($field_id) {
sqlStatement("UPDATE layout_options SET " . "source = '" . formTrim($iter['source']) . "', " . "title = '" . formTrim($iter['title']) . "', " . "group_name = '" . formTrim($iter['group']) . "', " . "seq = '" . formTrim($iter['seq']) . "', " . "uor = '" . formTrim($iter['uor']) . "', " . "fld_length = '" . formTrim($iter['lengthWidth']) . "', " . "fld_rows = '" . formTrim($iter['lengthHeight']) . "', " . "max_length = '" . formTrim($iter['maxSize']) . "', " . "titlecols = '" . formTrim($iter['titlecols']) . "', " . "datacols = '" . formTrim($iter['datacols']) . "', " . "data_type= '{$data_type}', " . "list_id= '" . $listval . "', " . "list_backup_id= '" . formTrim($iter['list_backup_id']) . "', " . "edit_options = '" . formTrim($iter['edit_options']) . "', " . "default_value = '" . formTrim($iter['default']) . "', " . "description = '" . formTrim($iter['desc']) . "', " . "conditions = '" . add_escape_custom($conditions) . "', " . "validation = '" . formTrim($iter['validation']) . "' " . "WHERE form_id = '{$layout_id}' AND field_id = '{$field_id}'");
}
}
} else {
if ($_POST['formaction'] == "addfield" && $layout_id) {
// Add a new field to a specific group
$data_type = formTrim($_POST['newdatatype']);
$max_length = $data_type == 3 ? 3 : 255;
$listval = $data_type == 34 ? formTrim($_POST['contextName']) : formTrim($_POST['newlistid']);
sqlStatement("INSERT INTO layout_options (" . " form_id, source, field_id, title, group_name, seq, uor, fld_length, fld_rows" . ", titlecols, datacols, data_type, edit_options, default_value, description" . ", max_length, list_id, list_backup_id " . ") VALUES ( " . "'" . formTrim($_POST['layout_id']) . "'" . ",'" . formTrim($_POST['newsource']) . "'" . ",'" . formTrim($_POST['newid']) . "'" . ",'" . formTrim($_POST['newtitle']) . "'" . ",'" . formTrim($_POST['newfieldgroupid']) . "'" . ",'" . formTrim($_POST['newseq']) . "'" . ",'" . formTrim($_POST['newuor']) . "'" . ",'" . formTrim($_POST['newlengthWidth']) . "'" . ",'" . formTrim($_POST['newlengthHeight']) . "'" . ",'" . formTrim($_POST['newtitlecols']) . "'" . ",'" . formTrim($_POST['newdatacols']) . "'" . ",'{$data_type}'" . ",'" . formTrim($_POST['newedit_options']) . "'" . ",'" . formTrim($_POST['newdefault']) . "'" . ",'" . formTrim($_POST['newdesc']) . "'" . ",'" . formTrim($_POST['newmaxSize']) . "'" . ",'" . $listval . "'" . ",'" . formTrim($_POST['newbackuplistid']) . "'" . " )");
addOrDeleteColumn($layout_id, formTrim($_POST['newid']), TRUE);
} else {示例9: alert
echo "<script language='JavaScript'>\n";
if ($info_msg) {
echo " alert('{$info_msg}');\n";
}
echo " window.close();\n";
echo " if (opener.refreshme) opener.refreshme();\n";
echo "</script></body></html>\n";
exit;
}
if ($userid) {
$row = sqlQuery("SELECT * FROM users WHERE id = '{$userid}'");
}
if ($type) {
// note this only happens when its new
// Set up type
$row['abook_type'] = strip_escape_custom($type);
}
?>
<script language="JavaScript">
$(document).ready(function() {
// customize the form via the type options
typeSelect("<?php
echo $row['abook_type'];
?>
");
});
</script>
<form method='post' name='theform' action='addrbook_edit.php?userid=<?php
echo $userid;示例10: sqlQuery
}
}
}
// End if { character found.
return $s;
}
// if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
// Get patient demographic info.
$ptrow = sqlQuery("SELECT pd.*, " . "ur.fname AS ur_fname, ur.mname AS ur_mname, ur.lname AS ur_lname " . "FROM patient_data AS pd " . "LEFT JOIN users AS ur ON ur.id = pd.ref_providerID " . "WHERE pd.pid = ?", array($pid));
$hisrow = sqlQuery("SELECT * FROM history_data WHERE pid = ? " . "ORDER BY date DESC LIMIT 1", array($pid));
$enrow = array();
// Get some info for the currently selected encounter.
if ($encounter) {
$enrow = sqlQuery("SELECT * FROM form_encounter WHERE pid = ? AND " . "encounter = ?", array($pid, $encounter));
}
$form_filename = strip_escape_custom($_REQUEST['form_filename']);
$templatedir = "{$OE_SITE_DIR}/documents/doctemplates";
$templatepath = "{$templatedir}/{$form_filename}";
// Create a temporary file to hold the output.
$fname = tempnam($GLOBALS['temporary_files_dir'], 'OED');
// Get mime type in a way that works with old and new PHP releases.
$mimetype = 'application/octet-stream';
$ext = strtolower(array_pop(explode('.', $filename)));
if ('dotx' == $ext) {
// PHP does not seem to recognize this type.
$mimetype = 'application/msword';
} else {
if (function_exists('finfo_open')) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimetype = finfo_file($finfo, $templatepath);
finfo_close($finfo);示例11: foreach
include_once "../../globals.php";
include_once "../../../library/api.inc";
include_once "../../../library/forms.inc";
include_once "../../../library/sql.inc";
include_once "./content_parser.php";
include_once "../../../library/formdata.inc.php";
if ($_GET["mode"] == "delete") {
foreach ($_POST as $key => $val) {
if (substr($key, 0, 3) == 'ch_' and $val = 'on') {
$id = substr($key, 3);
if ($_POST['delete']) {
sqlInsert("delete from " . mitigateSqlTableUpperCase("form_CAMOS") . " where id={$id}");
sqlInsert("delete from forms where form_name like 'CAMOS%' and form_id={$id}");
}
if ($_POST['update']) {
// Replace the placeholders before saving the form. This was changed in version 4.0. Previous to this, placeholders
// were submitted into the database and converted when viewing. All new notes will now have placeholders converted
// before being submitted to the database. Will also continue to support placeholder conversion on report
// views to support notes within database that still contain placeholders (ie. notes that were created previous to
// version 4.0).
$content = strip_escape_custom($_POST['textarea_' . ${id}]);
$content = add_escape_custom(replace($pid, $encounter, $content));
sqlInsert("update " . mitigateSqlTableUpperCase("form_CAMOS") . " set content='{$content}' where id={$id}");
}
}
}
}
$_SESSION["encounter"] = $encounter;
formHeader("Redirecting....");
formJump();
formFooter();示例12: addPnote
addPnote($patient_id, $note, $userauthorized, '1', $_POST['form_note_type'], $_POST['form_note_to']);
}
// end post patient note
}
$action_taken = true;
}
// end copy to chart
if ($_POST['form_cb_forward']) {
$form_from = trim($_POST['form_from']);
$form_to = trim($_POST['form_to']);
$form_fax = trim($_POST['form_fax']);
$form_message = trim($_POST['form_message']);
$form_finemode = $_POST['form_finemode'] ? '-m' : '-l';
$form_from = strip_escape_custom($form_from);
$form_to = strip_escape_custom($form_to);
$form_message = strip_escape_custom($form_message);
// Generate a cover page using enscript. This can be a cool thing
// to do, as enscript is very powerful.
//
$tmp1 = array();
$tmp2 = 0;
$tmpfn1 = tempnam("/tmp", "fax1");
$tmpfn2 = tempnam("/tmp", "fax2");
$tmph = fopen($tmpfn1, "w");
$cpstring = '';
$fh = fopen($GLOBALS['OE_SITE_DIR'] . "/faxcover.txt", 'r');
while (!feof($fh)) {
$cpstring .= fread($fh, 8192);
}
fclose($fh);
$cpstring = str_replace('{CURRENT_DATE}', date('F j, Y'), $cpstring);示例13: trim
// skip if it came from the database
if ($iter["del"]) {
continue;
}
// skip if Delete was checked
$ndc_info = '';
if ($iter['ndcnum']) {
$ndc_info = 'N4' . trim($iter['ndcnum']) . ' ' . $iter['ndcuom'] . trim($iter['ndcqty']);
}
// $fee = 0 + trim($iter['fee']);
$units = max(1, intval(trim($iter['units'])));
$fee = sprintf('%01.2f', (0 + trim($iter['price'])) * $units);
if ($iter['code_type'] == 'COPAY' && $fee > 0) {
$fee = 0 - $fee;
}
echoLine(++$bill_lino, $iter["code_type"], $iter["code"], trim($iter["mod"]), $ndc_info, $iter["auth"], $iter["del"], $units, $fee, NULL, FALSE, NULL, $iter["justify"], 0 + $iter['provid'], strip_escape_custom($iter['notecodes']));
}
}
// Generate lines for items already in the drug_sales table for this encounter.
//
$query = "SELECT * FROM drug_sales WHERE " . "pid = '{$pid}' AND encounter = '{$encounter}' " . "ORDER BY sale_id";
$sres = sqlStatement($query);
$prod_lino = 0;
while ($srow = sqlFetchArray($sres)) {
++$prod_lino;
$pline = $_POST['prod']["{$prod_lino}"];
$del = $pline['del'];
// preserve Delete if checked
$sale_id = $srow['sale_id'];
$drug_id = $srow['drug_id'];
$units = $srow['quantity'];示例14: xl
<form method='post' name='theform' id='theform' action='encounters_report.php'>
<div id="report_parameters">
<table>
<tr>
<td width='550px'>
<div style='float:left'>
<table class='text'>
<tr>
<td class='label'>
<?php xl('Facility','e'); ?>:
</td>
<td>
<?php dropdown_facility(strip_escape_custom($form_facility), 'form_facility', true); ?>
</td>
<td class='label'>
<?php xl('Provider','e'); ?>:
</td>
<td>
<?php
// Build a drop-down list of providers.
//
$query = "SELECT id, lname, fname FROM users WHERE ".
"authorized = 1 $provider_facility_filter ORDER BY lname, fname"; //(CHEMED) facility filter
$ures = sqlStatement($query);
示例15: xl
<?php
xl('Specialty', 'e');
?>
:
<input type='text' name='form_specialty' size='10' value='<?php
echo htmlspecialchars(strip_escape_custom($_POST['form_specialty']), ENT_QUOTES);
?>
'
class='inputtext' title='<?php
xl("Any part of the desired specialty", "e");
?>
' />
<?php
echo xl('Type') . ": ";
// Generates a select list named form_abook_type:
echo generate_select_list("form_abook_type", "abook_type", strip_escape_custom($_REQUEST['form_abook_type']), '', 'All');
?>
<input type='checkbox' name='form_external' value='1'<?php
if ($form_external) {
echo ' checked';
}
?>
title='<?php
xl("Omit internal users?", "e");
?>
' />
<?php
xl('External Only', 'e');
?>
<input type='submit' class='button' name='form_search' value='<?php