i am getting this error, "Notice: Undefined offset: 2048" on line 164 and line 179, i have posted the file below thats giving the error, thanks.
<?php
error_reporting(E_ALL & ~E_NOTICE);
class SafeSQL
{
// values that determine dropping bracketed sections
var $_drop_values = array('');
function SafeSQL() { }
function query($query_string, $query_vars)
{
if(is_array($query_vars)) {
$_var_count = count($query_vars);
if($_var_count != preg_match_all('!%[sSiIfFcClLqQ]!', $query_string, $_match)) {
$this->_error_msg('unmatched number of vars and % placeholders: ' . $query_string);
}
// get string position for each element
$_var_pos = array();
$_curr_pos = 0;
for( $_x = 0; $_x < $_var_count; $_x++ ) {
$_var_pos[$_x] = strpos($query_string, $_match[0][$_x], $_curr_pos);
$_curr_pos = $_var_pos[$_x] + 1;
}
// build query from passed in variables, escape them
// start from end of query and work backwards so string
// positions are not altered during replacement
$_last_removed_pos = null;
$_last_var_pos = null;
for( $_x = $_var_count-1; $_x >= 0; $_x-- ) {
if(isset($_last_removed_pos) && $_last_removed_pos < $_var_pos[$_x]) {
// already removed, skip
continue;
}
// escape string
$query_vars[$_x] = $this->_sql_escape($query_vars[$_x]);
if(in_array($_match[0][$_x], array('%S','%I','%F','%C','%L','%Q'))) {
// get positions of [ and ]
if(isset($_last_var_pos))
$_right_pos = strpos($query_string, ']', $_last_var_pos);
else
$_right_pos = strpos($query_string, ']', $_var_pos[$_x]);
// no way to get strpos from the right side starting in the middle
// of the string, so slice the first part out then find it
$_str_slice = substr($query_string, 0, $_var_pos[$_x]);
$_left_pos = strrpos($_str_slice, '[');
if($_right_pos === false || $_left_pos === false) {
$this->_error_msg('missing or unmatched brackets: ' . $query_string);
}
if(in_array($query_vars[$_x], $this->_drop_values, true)) {
$_last_removed_pos = $_left_pos;
// remove entire part of string
$query_string = substr_replace($query_string, '', $_left_pos, $_right_pos - $_left_pos + 1);
$_last_var_pos = null;
} else if ($_x > 0 && $_var_pos[$_x-1] > $_left_pos) {
// still variables left in brackets, leave them and just replace var
$_convert_var = $this->_convert_var($query_vars[$_x], $_match[0][$_x]);
$query_string = substr_replace($query_string, $_convert_var, $_var_pos[$_x], 2);
$_last_var_pos = $_var_pos[$_x] + strlen($_convert_var);
} else {
// remove the brackets only, and replace %S
$query_string = substr_replace($query_string, '', $_right_pos, 1);
$query_string = substr_replace($query_string, $this->_convert_var($query_vars[$_x], $_match[0][$_x]), $_var_pos[$_x], 2);
$query_string = substr_replace($query_string, '', $_left_pos, 1);
$_last_var_pos = null;
}
} else {
$query_string = substr_replace($query_string, $this->_convert_var($query_vars[$_x], $_match[0][$_x]), $_var_pos[$_x], 2);
}
}
}
return $query_string;
}
function _convert_var($var, $type) {
switch($type) {
case '%i':
case '%I':
// cast to integer
settype($var, 'integer');
break;
case '%f':
case '%F':
// cast to float
settype($var, 'float');
break;
case '%c':
case '%C':
// comma separate
settype($var, 'array');
for($_x = 0 , $_y = count($var); $_x < $_y; $_x++) {
// cast to integers
settype($var[$_x], 'integer');
}
$var = implode(',', $var);
if($var == '') {
// force 0, keep syntax from breaking
$var = '0';
}
break;
case '%l':
case '%L':
// comma separate
settype($var, 'array');
$var = implode(',', $var);
break;
case '%q':
case '%Q':
settype($var, 'array');
// quote comma separate
$var = "'" . implode("','", $var) . "'";
break;
}
return $var;
}
function _error_msg($error_msg) {
trigger_error('SafeSQL: ' . $error_msg);
}
function set_drop_values($drop_values) {
if(is_array($drop_values)) {
$this->_drop_values = $drop_values;
} else {
$this->_error_msg('drop values must be an array');
}
}
function get_drop_values() {
return $this->_drop_values;
}
function _sql_escape() { }
}
class SafeSQL_MySQL extends SafeSQL {
var $_link_id;
function SafeSQL_MySQL($link_id = null) {
$this->_link_id = $link_id;
}
function _sql_escape($var) {
if(is_array($var)) {
foreach($var as $_element) {
$_newvar[] = $this->_sql_escape($_element);
}
return $_newvar;
}
if(function_exists('mysql_real_escape_string')) {
if(!isset($this->_link_id)) {
return mysql_real_escape_string($var);
} else {
return mysql_real_escape_string($var, $this->_link_id);
}
} elseif(function_exists('mysql_escape_string')) {
return mysql_escape_string($var);
} else {
return addslashes($var);
}
break;
}
}
class SafeSQL_ANSI extends SafeSQL {
function SafeSQL_ANSI() { }
function _sql_escape($var) {
if(is_array($var)) {
foreach($var as $_element) {
$_newvar[] = $this->_sql_escape($_element);
}
return $_newvar;
}
return str_replace("'", "''", $var);
break;
}
}
?>