- Timestamp:
- Apr 27, 2006 1:49:54 AM (18 years ago)
- Location:
- trunk/bin
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bin/file_importer.php
r42 r111 43 43 // added_datetime 44 44 // ) VALUES ( 45 // '" . addslashes(0) . "',46 // '" . addslashes('hosting') . "',47 // '" . addslashes($file_date) . "',48 // '" . addslashes($amt[1]) . "',49 // '" . addslashes('Paid') . "',50 // '" . addslashes('') . "',51 // '" . addslashes($file_text) . "',52 // '" . addslashes($file_date) . "',45 // '" . DB::escapeString(0) . "', 46 // '" . DB::escapeString('hosting') . "', 47 // '" . DB::escapeString($file_date) . "', 48 // '" . DB::escapeString($amt[1]) . "', 49 // '" . DB::escapeString('Paid') . "', 50 // '" . DB::escapeString('') . "', 51 // '" . DB::escapeString($file_text) . "', 52 // '" . DB::escapeString($file_date) . "', 53 53 // NOW() 54 54 // ) -
trunk/bin/module_maker/form_template.cli.php
r106 r111 28 28 29 29 // Get DB table column info. 30 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));30 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl)); 31 31 while ($row = mysql_fetch_row($qid)) { 32 32 $cols[] = $row; -
trunk/bin/module_maker/list_template.cli.php
r51 r111 41 41 42 42 // Get DB table column info. 43 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));43 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl)); 44 44 while ($row = mysql_fetch_row($qid)) { 45 45 $cols[] = $row; -
trunk/bin/module_maker/module.cli.php
r87 r111 141 141 // Ensure requested table contains columns. 142 142 // Get DB table column info. 143 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));143 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl)); 144 144 while ($row = mysql_fetch_row($qid)) { 145 145 $cols[] = $row; -
trunk/bin/module_maker/skel/admin.php
r42 r111 146 146 if (getFormdata('repeat', false)) { 147 147 // Display edit function with next available ID. 148 $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . addslashes(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");148 $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); 149 149 if (list($next_id) = mysql_fetch_row($qid)) { 150 150 App::dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); … … 217 217 SELECT * 218 218 FROM %DB_TBL% 219 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'219 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "' 220 220 "); 221 221 if (!$frm = mysql_fetch_assoc($qid)) { … … 259 259 SELECT <##> 260 260 FROM %DB_TBL% 261 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'261 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "' 262 262 "); 263 263 if (! list($name) = mysql_fetch_row($qid)) { … … 268 268 269 269 // Delete the record. 270 DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'");270 DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'"); 271 271 272 272 App::raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); … … 336 336 if (getFormData('filter_<##>', false)) { 337 337 // Limit by filter. 338 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . addslashes(getFormData('filter_<##>')) . "'";338 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . DB::escapeString(getFormData('filter_<##>')) . "'"; 339 339 } 340 340 … … 418 418 DB::query(" 419 419 UPDATE %DB_TBL% SET 420 rank = '" . addslashes($new_rank) . "'421 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'420 rank = '" . DB::escapeString($new_rank) . "' 421 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "' 422 422 "); 423 423 } -
trunk/bin/module_maker/skel/public.php
r42 r111 36 36 $qid = DB::query(" 37 37 SELECT * FROM %DB_TBL% 38 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'38 WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' 39 39 AND publish = 'true' 40 40 <##>AND (publish_date <= CURDATE() OR publish_date = '0000-00-00') … … 50 50 UPDATE %DB_TBL% 51 51 SET hit_count = hit_count + 1 52 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'52 WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' 53 53 "); 54 54 -
trunk/bin/module_maker/sql.cli.php
r44 r111 46 46 47 47 // Get DB table column info. 48 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));48 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl)); 49 49 while ($row = mysql_fetch_row($qid)) { 50 50 $cols[] = $row; … … 70 70 } else if ('set' == $type) { 71 71 // Set types usually need to be converted to comma-delimited lists. 72 $c[$field] = "'\" . dbArrayToList(\$frm['$field']) . \"'";72 $c[$field] = "'\" . escapedList(array_keys(\$frm['$field'])) . \"'"; 73 73 } else if ('featured' == $field || 'publish' == $field || preg_match("/enum\('true'\)/", $col[1])) { 74 74 // Toggle types. … … 76 76 } else if ('added_by_user_id' == $field || 'modified_by_user_id' == $field) { 77 77 // Toggle types. 78 $c[$field] = "'\" . addslashes(\$auth->getVal('user_id')) . \"'";78 $c[$field] = "'\" . DB::escapeString(\$auth->getVal('user_id')) . \"'"; 79 79 } else if ('added_datetime' == $field || 'modified_datetime' == $field) { 80 80 // DB record insertion datetime. … … 82 82 } else { 83 83 // Default. Just insert data. 84 $c[$field] = "'\" . addslashes(\$frm['$field']) . \"'";84 $c[$field] = "'\" . DB::escapeString(\$frm['$field']) . \"'"; 85 85 } 86 86 } … … 135 135 DB::query(" 136 136 UPDATE $db_tbl SET$key_eq_val 137 WHERE $primary_key = '" . addslashes(\$frm['$primary_key']) . "'137 WHERE $primary_key = '" . DB::escapeString(\$frm['$primary_key']) . "' 138 138 "); 139 139 E_O_F; … … 148 148 $delim = 'WHERE'; 149 149 if (!empty($primary_key)) { 150 $where_clause = " $delim $primary_key = '\" . addslashes(\$frm['$primary_key']) . \"'\n";150 $where_clause = " $delim $primary_key = '\" . DB::escapeString(\$frm['$primary_key']) . \"'\n"; 151 151 $delim = 'AND'; 152 152 } … … 155 155 continue; 156 156 } 157 $where_clause .= " $delim $k = '\" . addslashes(\$frm['$k']) . \"'\n";157 $where_clause .= " $delim $k = '\" . DB::escapeString(\$frm['$k']) . \"'\n"; 158 158 $delim = 'AND'; 159 159 } … … 183 183 if (!isset($op) || 'search' == $op) { 184 184 $search_skip_columns = array('added_datetime', 'added_by_user_id', 'modified_datetime', 'modified_by_user_id', 'publish', 'featured'); 185 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . addslashes(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));185 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . DB::escapeString(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns)); 186 186 echo <<<E_O_F 187 187 \$where_clause .= (empty(\$where_clause) ? 'WHERE' : 'AND') . " 188 188 ( 189 $search_columns LIKE '%" . addslashes(\$qry_words[\$i]) . "%'189 $search_columns LIKE '%" . DB::escapeString(\$qry_words[\$i]) . "%' 190 190 ) 191 191 "; -
trunk/bin/module_maker/validation.cli.php
r42 r111 28 28 29 29 // Get DB table column info. 30 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));30 $qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl)); 31 31 while ($row = mysql_fetch_row($qid)) { 32 32 $cols[] = $row;
Note: See TracChangeset
for help on using the changeset viewer.