Changeset 110
- Timestamp:
- Apr 27, 2006 12:17:00 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/DBSessionHandler.inc.php
r42 r110 132 132 { 133 133 // Select the data belonging to session $session_id from the session table 134 $qid = $this->db->query("SELECT session_data FROM " . $this->_params['db_table'] . " WHERE session_id = '" . addslashes($session_id) . "'");134 $qid = $this->db->query("SELECT session_data FROM " . $this->_params['db_table'] . " WHERE session_id = '" . $this->db->escapeString($session_id) . "'"); 135 135 136 136 // Return the session data that was found … … 147 147 { 148 148 // Write the serialized session data ($session_data) to the session table 149 $this->db->query("REPLACE INTO " . $this->_params['db_table'] . "(session_id, session_data, last_access) VALUES ('" . addslashes($session_id) . "', '" . addslashes($session_data) . "', null)");149 $this->db->query("REPLACE INTO " . $this->_params['db_table'] . "(session_id, session_data, last_access) VALUES ('" . $this->db->escapeString($session_id) . "', '" . $this->db->escapeString($session_data) . "', null)"); 150 150 151 151 return true; … … 155 155 { 156 156 // Delete from the table all data for the session $session_id 157 $this->db->query("DELETE FROM " . $this->_params['db_table'] . " WHERE session_id = '" . addslashes($session_id) . "'");157 $this->db->query("DELETE FROM " . $this->_params['db_table'] . " WHERE session_id = '" . $this->db->escapeString($session_id) . "'"); 158 158 159 159 return true;
Note: See TracChangeset
for help on using the changeset viewer.