Yep, you put this stuff right before the code that you pasted:
$w = mysql_real_escape_string($w);
$cat = intval($cat);
$district = intval($district);
$type = intval($type);
Then you find this line:
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
..and insert one line afterwards:
$p = intval($p);
I'd put the magic in a function and do this:
if (a csv file) {
while(($data = fgetscv($handle, 0, ",")) != FALSE) {
magic($data);
}
} else if (an xls file) {
while ($data = parseXLS()) {
magic($data);
}
} else die("unknown type\n");
If the theory of the field annoys you, it's a good idea to be more practical. Read up on the following types of webapp attacks and protect against them:
* SQL Injection
* Cross-Site Scripting
* Command Line Injection
* Remote/Local File Inclusion
* Directory Traversal
There are of course others, but I'd say that those are among the most important in PHP.
$url = preg_replace('%/index\.php\?%', '/admin.php?', $url);
This changes one URL or string. If you want to do that over a whole file, you'll need to put it in a loop.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.