PHP - Moved: Anti - Cheat Help

Using MVC, the controller does some logic, gets data from the model, and the view presents the content.   Where should the reverse be performed?   For instance, I have an edit page which is pre-populated with values from the model, and the view changes 1000 to $1,000, 0.4 to 40%, and 2014-10-09 09:31:41 to 10/09/2014 09:31:41 AM.   Now I need to save the values, and must convert them back to their original format before doing so.  Should this functionality be performed in the controller, model, or view?   Thanks      

i am using a Anti MySQL Injection my friend made for me

config.php
//Anti MySQL Injection
function anti_injection($sql) {
   // removes words that contain sql syntax
   $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
   $sql = trim($sql); // strip whitespace
   $sql = strip_tags($sql); // strip HTML and PHP tags
   $sql = addslashes($sql); // quote string with slashes
   return $sql;
}

<?php 
include "./config.php";
$title = $_POST[title];
$type = $_POST[type];
$episode = $_POST[episode];
$year = $_POST[year];
$genre = $_POST[genre];
$status = $_POST[status];
$summary = $_POST[summary];
$pictures = $_POST[pictures];
$title = anti_injection($title);
$type = anti_injection($type);
$episode = anti_injection($episode);
$year = anti_injection($year);
$genre = anti_injection($genre);
$status = anti_injection($status);
$summary = anti_injection($summary);
$pictures = anti_injection($pictures); ?>
When i enter the data from the text box and click submit

it still puts the data in to the date base but it shows

]Notice: Use of undefined constant title - assumed 'title' in C:\wamp\www\studying\take 2\addin11.php on line 41

Notice: Use of undefined constant type - assumed 'type' in C:\wamp\www\studying\take 2\addin11.php on line 42

Notice: Use of undefined constant episode - assumed 'episode' in C:\wamp\www\studying\take 2\addin11.php on line 43

Notice: Use of undefined constant year - assumed 'year' in C:\wamp\www\studying\take 2\addin11.php on line 44

Notice: Use of undefined constant genre - assumed 'genre' in C:\wamp\www\studying\take 2\addin11.php on line 45

Notice: Use of undefined constant status - assumed 'status' in C:\wamp\www\studying\take 2\addin11.php on line 46

Notice: Use of undefined constant summary - assumed 'summary' in C:\wamp\www\studying\take 2\addin11.php on line 47

Notice: Use of undefined constant pictures - assumed 'pictures' in C:\wamp\www\studying\take 2\addin11.php on line 48

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30

And thanks to the Anti MySQL Injection my Primary key in my database dont work :s
can you help? thank you

Below is my contact from - and I have set anti spam question as I don't like captcha. How to I code the post/human bit so it is case insensitive?
I am a designer so I don't know what I am doing ☹️.

 

<div class="one-half-column-right" id="contactform">
 <form method="post" action="index.php#contactform">
<label>Name*</label>
<div class="clear"></div>
<input name="name" placeholder="Type Here">
 <label>Email*</label>
 <div class="clear"></div>
      <input name="email" type="email" placeholder="Type Here">
<label>Message</label>
<textarea name="message" placeholder="Type Here"></textarea>
 <label>*If today is Tuesday, what is tomorrow? <br> [lowercase answer please]<br> (Anti-spam)</label>
<input name="human" placeholder="Type Here">
<input id="submit" name="submit" type="submit" value="Submit">
</form>
 <?php
    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $from = 'From: Website Form'; 
    $to = ‘name@name.com’; 
    $subject = 'website form enquiry';
    $human = $_POST['human'];


$headers .= 'From: '.$from."\r\n".
    'Reply-To: '.$from."\r\n" .
    'X-Mailer: PHP/' . phpversion();
    $body = "From: $name\n E-Mail: $email\n Message:\n $message";
                
    if ($_POST['submit'] && $human == ‘wednesday’) {    
        if (mail ($to, $subject, $body, $from)) { 
        echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700"> 

     
      Request has been sent. We will get back to within 48 hours!<br></p>';

    } else { 
        echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700"> 

       Something went wrong, go back and try again!</p>'; 
    } 
    } else if ($_POST['submit'] && $human != '') {
    echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700"> 
    You answered the anti-spam question incorrectly!</p>';
    }
?>
    <!--// form //-->

    

Hi guys, I wrote this speck of code to prevent directory transversal. However, I'm not that great with security issues, so I would like some of the gurus to offer pointers/tips/hints as to whether my code is safe or not and how to improve it.
$pageID = $_GET["pageid"];
$pageNewIDLower = strtolower($pageID);
$pageNewID = ereg_replace("[^A-Za-z0-9]","",$pageNewIDLower);
if (strstr($pageNewID,"../") || strstr($pageNewID,"%") != true) {
// do stuff
}
else {
include("pages/home.htm");
}

If this looks wrong, let me know. I didn't take it directly from my php code as I'm on a cell phone at the moment.

Hello guys, i have a problem that i am trying to solve myself for the entire past week. I am not a php programmer and i wish you can help me.
There is a russian project called Crot Anti-Plagiarism, it is a open source moodle plugin. I started to use it and it is a really nice feature. The problem is that there are quite few people that are developing it and new features are coming once a year...
I see a big "hole" in this project (at least for me) : The plugin checks for plagiarism in the file that you submit only once, if a student resubmits the file it doesn't see that and you need to start the plugin's test again for all the files which is time consuming if you have a lot of submitted files to check.
I would like to add a function that will check if a file changed his modified date , if yes - mark for checking, if no - skip the checking.
I already added a similar function that checks if the name has changed, but it seems harder to check it by uploaded time(modified time).
Things i have already done:
I added a new column "assignment_submissions_timemodified" in database.
I added a new function that records the "time modified" of the file in the database.
But i can't add and i cannot make the comparison between the date of the first time the file submitted versus the date of the second time the same file was resubmitted.
Alright no more bullsh**t here is the code: (there are 3 comments that shows what i've changed, starting with  //my job...)
Thanks a lot!
Code: [Select]
$apath= $CFG->dataroot."/$assignment->course/moddata/assignment/$asubmission->assignment/$asubmission->userid";
        $timemodified= filemtime($apath);    //my job... it checks the file's modified time.
$files = scandir($apath, 1);
if (! $unprocessedsubm = get_record("crot_submissions", "submissionid", $asubmission->id, "crot_submission_file_name", $files[0], "assignment_submissions_timemodified", $timemodified))  //my job...now i guess here is the problem ( "assignment_submissions_timemodified", $timemodified)
{
        echo "$timemodified";
        echo "$unprocessedsubm";
print_r($unprocessedsubm);
echo "\nsubmission $asubmission->id was not processed yet. start processing now ... \n" ;
$atime = microtime();
$atime = explode(" ",$atime);
$atime = $atime[1] + $atime[0];
$astarttime = $atime;
if(!count($files))break;
//TODO we should verify if filename changed
//TODO add loop on the documents folder as well as loop for unzipping
$apath = $apath."/$files[0]";
// call tokenizer to get plain text and store it in crot_submissions
$atext = tokenizer ($apath);
// update the crot_submissions table
// delete if exists
delete_records("crot_submissions", "submissionid", $asubmission->id);
// insert the new record
$record->submissionid=$asubmission->id;
$record->updated = time();
$record->crot_submission_file_name = $files[0];                                   
$record->assignment_submissions_timemodified = $timemodified;        //this is my job.... it is recording the date as it has to.
$submid = insert_record("crot_submissions", $record);
// insert into documents
$docrecord->crot_submission_id = $submid;
Also i have attached the whole file crot_crone.php.