#17 undefined_function

open
nobody
None
5
2006-04-12
2006-04-12
Simone C.
No

I've correct the bug of register_gobals ...

In check_ldap_string() function there's a call to a
sanitize_string() that is not defined.

Maybe should be sanitize_ldap_string()...
I've aded in any case sanitize_string()

Then nice_addslashes() is called only in
sanitize_sql_string() so it could be more efficnt for
specific DB_TYPE. I' ve added this line on top ...

define('DB_TYPE','mysql'); // - sc

and rewrite the function as follow:

// addslashes wrapper to check for gpc_magic_quotes - gz
function nice_addslashes($string)
{
// if magic quotes is on the string is already
quoted, just return it
// else it use the correct escape function for
DB_TYPE value
if(!MAGIC_QUOTES)
{
switch (DB_TYPE)
{
// each dbtype can have own escape functions - sc
case 'mysql': $string =
mysql_real_escape_string($string); break;
case 'mssql': $string =
str_replace('"','""',$string); break;
default: $string = addslashes($string); break;
}
}
return $string;
}

Finally I've added this usefull function for
escape/unescape quoted and dblquoted strings.

// Usefull function for IO operations - sc
function slash_quotes($string){ return
str_replace("'","\'",$string); }
function unslash_quotes($string){ return
str_replace("\'","'",$string); }
// Usefull representing doublequotes into input fields
es. $out = '<input type="text"
value="'.slash_dblquotes($string).'">' - sc
function slash_dblquotes($string){ return
str_replace('"','\"',$string); }
function unslash_dblquotes($string){ return
str_replace('\"','"',$string); }

Simone C. <fsockopen_AT_yahoo.it>

Discussion

  • Simone C.
    Simone C.
    2006-04-12

    BugFixed version of the original (with some more stuff)

     
    Attachments