- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
//...
$_GET = safe_data ($_GET, 'query');
// Ниже по коду
$_GET = safe_data ($_GET, 'query');
$result = mysql_query ('SELECT * FROM ' . $dblist . ' WHERE id=\'' . $_GET['id'] . '\' LIMIT 1', $link);
$_POST = mysql_fetch_array ($result);
$_POST = safe_data ($_POST, 'display');
// safe_data, убраны пустые строки и лишние {}
function safe_data ($firste, $second)
{
if ($second == 'query')
{
if (is_array ($firste))
{
foreach ($firste as $safedatafor => $safedatasry)
{
if (get_magic_quotes_gpc ())
$safedatasry = stripslashes ($safedatasry);
$firste[$safedatafor] = addslashes ($safedatasry);
}
return $firste;
}
if (get_magic_quotes_gpc ())
$safedatasry = stripslashes ($safedatasry);
$firste = addslashes (stripslashes ($firste));
return $firste;
}
if ($second == 'display')
{
if (is_array ($firste))
{
foreach ($firste as $safedatafor => $safedatasry)
$firste[$safedatafor] = htmlspecialchars (stripslashes ($safedatasry), ENT_QUOTES);
return $firste;
}
$firste = htmlspecialchars (stripslashes ($firste), ENT_QUOTES);
}
return $firste;
}