Changeset 110

Timestamp:

Apr 27, 2006 12:17:00 AM (18 years ago)

Author:

scdev

Message:

Q - Changed all addslashes to use unicode-safe DB::escapeString() instead.

File:

• trunk/lib/DBSessionHandler.inc.php (modified) (3 diffs)

trunk/lib/DBSessionHandler.inc.php

@@ -132 +132 @@
     {
         // Select the data belonging to session $session_id from the session table
-        $qid = $this->db->query("SELECT session_data FROM " . $this->_params['db_table'] . " WHERE session_id = '" . addslashes($session_id) . "'");
+        $qid = $this->db->query("SELECT session_data FROM " . $this->_params['db_table'] . " WHERE session_id = '" . $this->db->escapeString($session_id) . "'");
 
         // Return the session data that was found
@@ -147 +147 @@
     {
         // Write the serialized session data ($session_data) to the session table
-        $this->db->query("REPLACE INTO " . $this->_params['db_table'] . "(session_id, session_data, last_access) VALUES ('" . addslashes($session_id) . "', '" . addslashes($session_data) . "', null)");
+        $this->db->query("REPLACE INTO " . $this->_params['db_table'] . "(session_id, session_data, last_access) VALUES ('" . $this->db->escapeString($session_id) . "', '" . $this->db->escapeString($session_data) . "', null)");
 
         return true;
@@ -155 +155 @@
     {
         // Delete from the table all data for the session $session_id
-        $this->db->query("DELETE FROM " . $this->_params['db_table'] . " WHERE session_id = '" . addslashes($session_id) . "'");
+        $this->db->query("DELETE FROM " . $this->_params['db_table'] . " WHERE session_id = '" . $this->db->escapeString($session_id) . "'");
 
         return true;