Changeset 111 for trunk/bin


Ignore:
Timestamp:
Apr 27, 2006 1:49:54 AM (18 years ago)
Author:
scdev
Message:

Q - Finished depreciating addslashes. array_map instances need to use array('DB', 'escapeString') as first argument.

Location:
trunk/bin
Files:
8 edited

Legend:

Unmodified
Added
Removed

  • trunk/bin/file_importer.php

    r42 r111  
    4343//                     added_datetime
    4444//                 ) VALUES (
    45 //                     '" . addslashes(0) . "',
    46 //                     '" . addslashes('hosting') . "',
    47 //                     '" . addslashes($file_date) . "',
    48 //                     '" . addslashes($amt[1]) . "',
    49 //                     '" . addslashes('Paid') . "',
    50 //                     '" . addslashes('') . "',
    51 //                     '" . addslashes($file_text) . "',
    52 //                     '" . addslashes($file_date) . "',
     45//                     '" . DB::escapeString(0) . "',
     46//                     '" . DB::escapeString('hosting') . "',
     47//                     '" . DB::escapeString($file_date) . "',
     48//                     '" . DB::escapeString($amt[1]) . "',
     49//                     '" . DB::escapeString('Paid') . "',
     50//                     '" . DB::escapeString('') . "',
     51//                     '" . DB::escapeString($file_text) . "',
     52//                     '" . DB::escapeString($file_date) . "',
    5353//                     NOW()
    5454//                 )

  • trunk/bin/module_maker/form_template.cli.php

    r106 r111  
    2828
    2929// Get DB table column info.
    30 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));
     30$qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));
    3131while ($row = mysql_fetch_row($qid)) {
    3232    $cols[] = $row;

  • trunk/bin/module_maker/list_template.cli.php

    r51 r111  
    4141
    4242// Get DB table column info.
    43 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));
     43$qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));
    4444while ($row = mysql_fetch_row($qid)) {
    4545    $cols[] = $row;

  • trunk/bin/module_maker/module.cli.php

    r87 r111  
    141141// Ensure requested table contains columns.
    142142// Get DB table column info.
    143 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));
     143$qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));
    144144while ($row = mysql_fetch_row($qid)) {
    145145    $cols[] = $row;

  • trunk/bin/module_maker/skel/admin.php

    r42 r111  
    146146        if (getFormdata('repeat', false)) {
    147147            // Display edit function with next available ID.
    148             $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . addslashes(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");
     148            $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");
    149149            if (list($next_id) = mysql_fetch_row($qid)) {
    150150                App::dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id);
     
    217217        SELECT *
    218218        FROM %DB_TBL%
    219         WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'
     219        WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'
    220220    ");
    221221    if (!$frm = mysql_fetch_assoc($qid)) {
     
    259259        SELECT <##>
    260260        FROM %DB_TBL%
    261         WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'
     261        WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'
    262262    ");
    263263    if (! list($name) = mysql_fetch_row($qid)) {
     
    268268
    269269    // Delete the record.
    270     DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'");
     270    DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'");
    271271
    272272    App::raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);
     
    336336    if (getFormData('filter_<##>', false)) {
    337337        // Limit by filter.
    338         $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . addslashes(getFormData('filter_<##>')) . "'";
     338        $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . DB::escapeString(getFormData('filter_<##>')) . "'";
    339339    }
    340340
     
    418418        DB::query("
    419419            UPDATE %DB_TBL% SET
    420                 rank = '" . addslashes($new_rank) . "'
    421             WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'
     420                rank = '" . DB::escapeString($new_rank) . "'
     421            WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'
    422422        ");
    423423    }

  • trunk/bin/module_maker/skel/public.php

    r42 r111  
    3636    $qid = DB::query("
    3737        SELECT * FROM %DB_TBL%
    38         WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'
     38        WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "'
    3939        AND publish = 'true'
    4040        <##>AND (publish_date <= CURDATE() OR publish_date = '0000-00-00')
     
    5050        UPDATE %DB_TBL%
    5151        SET hit_count = hit_count + 1
    52         WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'
     52        WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "'
    5353    ");
    5454

  • trunk/bin/module_maker/sql.cli.php

    r44 r111  
    4646
    4747// Get DB table column info.
    48 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));
     48$qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));
    4949while ($row = mysql_fetch_row($qid)) {
    5050    $cols[] = $row;
     
    7070        } else if ('set' == $type) {
    7171            // Set types usually need to be converted to comma-delimited lists.
    72             $c[$field] = "'\" . dbArrayToList(\$frm['$field']) . \"'";
     72            $c[$field] = "'\" . escapedList(array_keys(\$frm['$field'])) . \"'";
    7373        } else if ('featured' == $field || 'publish' == $field || preg_match("/enum\('true'\)/", $col[1])) {
    7474            // Toggle types.
     
    7676        } else if ('added_by_user_id' == $field || 'modified_by_user_id' == $field) {
    7777            // Toggle types.
    78             $c[$field] = "'\" . addslashes(\$auth->getVal('user_id')) . \"'";
     78            $c[$field] = "'\" . DB::escapeString(\$auth->getVal('user_id')) . \"'";
    7979        } else if ('added_datetime' == $field || 'modified_datetime' == $field) {
    8080            // DB record insertion datetime.
     
    8282        } else {
    8383            // Default. Just insert data.
    84             $c[$field] = "'\" . addslashes(\$frm['$field']) . \"'";
     84            $c[$field] = "'\" . DB::escapeString(\$frm['$field']) . \"'";
    8585        }
    8686    }
     
    135135    DB::query("
    136136        UPDATE $db_tbl SET$key_eq_val
    137         WHERE $primary_key = '" . addslashes(\$frm['$primary_key']) . "'
     137        WHERE $primary_key = '" . DB::escapeString(\$frm['$primary_key']) . "'
    138138    ");
    139139E_O_F;
     
    148148$delim = 'WHERE';
    149149if (!empty($primary_key)) {
    150     $where_clause = "            $delim $primary_key = '\" . addslashes(\$frm['$primary_key']) . \"'\n";
     150    $where_clause = "            $delim $primary_key = '\" . DB::escapeString(\$frm['$primary_key']) . \"'\n";
    151151    $delim = 'AND';
    152152}
     
    155155        continue;
    156156    }
    157     $where_clause .= "            $delim $k = '\" . addslashes(\$frm['$k']) . \"'\n";
     157    $where_clause .= "            $delim $k = '\" . DB::escapeString(\$frm['$k']) . \"'\n";
    158158    $delim = 'AND';
    159159}
     
    183183if (!isset($op) || 'search' == $op) {
    184184$search_skip_columns = array('added_datetime', 'added_by_user_id', 'modified_datetime', 'modified_by_user_id', 'publish', 'featured');
    185 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . addslashes(\$qry_words[\$i]) . \"%'\n                    OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));
     185$search_columns = $db_tbl . '.' . join(" LIKE '%\" . DB::escapeString(\$qry_words[\$i]) . \"%'\n                    OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));
    186186echo <<<E_O_F
    187187            \$where_clause .= (empty(\$where_clause) ? 'WHERE' : 'AND') . "
    188188                (
    189                     $search_columns LIKE '%" . addslashes(\$qry_words[\$i]) . "%'
     189                    $search_columns LIKE '%" . DB::escapeString(\$qry_words[\$i]) . "%'
    190190                )
    191191            ";

  • trunk/bin/module_maker/validation.cli.php

    r42 r111  
    2828
    2929// Get DB table column info.
    30 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));
     30$qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));
    3131while ($row = mysql_fetch_row($qid)) {
    3232    $cols[] = $row;
Note: See TracChangeset for help on using the changeset viewer.