POST input deduplication/'models'

- Ongoing deduplication/conversion of post.php to use re-usable 'models' for input
- Also converting file upload checks to use a function instead

models/category.php

@@ -0,0 +1,4 @@
+<?php
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name'])));
+$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['type'])));
+$color = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['color'])));

models/contact.php

@@ -0,0 +1,16 @@
+<?php
+$client_id = intval($_POST['client_id']);
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name'])));
+$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['title'])));
+$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['department'])));
+$phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
+$extension = preg_replace("/[^0-9]/", '',$_POST['extension']);
+$mobile = preg_replace("/[^0-9]/", '',$_POST['mobile']);
+$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])));
+$primary_contact = intval($_POST['primary_contact']);
+$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));
+$contact_important = intval($_POST['contact_important']);
+$contact_billing = intval($_POST['contact_billing']);
+$contact_technical = intval($_POST['contact_technical']);
+$location_id = intval($_POST['location']);
+$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['auth_method'])));

models/event.php

@@ -0,0 +1,9 @@
+<?php
+$calendar_id = intval($_POST['calendar']);
+$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['title'])));
+$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description'])));
+$start = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['start'])));
+$end = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['end'])));
+$repeat = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['repeat'])));
+$client = intval($_POST['client']);
+$email_event = intval($_POST['email_event']);

models/expense.php

@@ -0,0 +1,8 @@
+<?php
+$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date'])));
+$amount = floatval($_POST['amount']);
+$account = intval($_POST['account']);
+$vendor = intval($_POST['vendor']);
+$category = intval($_POST['category']);
+$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description'])));
+$reference = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['reference'])));

models/invoice.php

@@ -0,0 +1,4 @@
+<?php
+$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date'])));
+$category = intval($_POST['category']);
+$scope = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['scope'])));

models/product.php

@@ -0,0 +1,6 @@
+<?php
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name'])));
+$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description'])));
+$price = floatval($_POST['price']);
+$category = intval($_POST['category']);
+$tax = intval($_POST['tax']);

models/quote.php

@@ -0,0 +1,4 @@
+<?php
+$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date'])));
+$category = intval($_POST['category']);
+$scope = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['scope'])));

models/tag.php

@@ -0,0 +1,5 @@
+<?php
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name'])));
+$type = intval($_POST['type']);
+$color = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['color'])));
+$icon = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['icon'])));

models/transfer.php

@@ -0,0 +1,6 @@
+<?php
+$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date'])));
+$amount = floatval($_POST['amount']);
+$account_from = intval($_POST['account_from']);
+$account_to = intval($_POST['account_to']);
+$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));

models/trip.php

@@ -0,0 +1,9 @@
+<?php
+$date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['date'])));
+$source = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['source'])));
+$destination = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['destination'])));
+$miles = floatval($_POST['miles']);
+$roundtrip = intval($_POST['roundtrip']);
+$purpose = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['purpose'])));
+$user_id = intval($_POST['user']);
+$client_id = intval($_POST['client']);

models/vendor.php

@@ -0,0 +1,13 @@
+<?php
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['name'])));
+$description = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['description'])));
+$account_number = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['account_number'])));
+$contact_name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
+$phone = preg_replace("/[^0-9]/", '', $_POST['phone']);
+$extension = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['extension'])));
+$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])));
+$website = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['website'])));
+$hours = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['hours'])));
+$sla = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['sla'])));
+$code = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['code'])));
+$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));