Changeset 111 for trunk/bin/module_maker/skel
- Timestamp:
- Apr 27, 2006 1:49:54 AM (18 years ago)
- Location:
- trunk/bin/module_maker/skel
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bin/module_maker/skel/admin.php
r42 r111 146 146 if (getFormdata('repeat', false)) { 147 147 // Display edit function with next available ID. 148 $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . addslashes(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");148 $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); 149 149 if (list($next_id) = mysql_fetch_row($qid)) { 150 150 App::dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); … … 217 217 SELECT * 218 218 FROM %DB_TBL% 219 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'219 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "' 220 220 "); 221 221 if (!$frm = mysql_fetch_assoc($qid)) { … … 259 259 SELECT <##> 260 260 FROM %DB_TBL% 261 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'261 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "' 262 262 "); 263 263 if (! list($name) = mysql_fetch_row($qid)) { … … 268 268 269 269 // Delete the record. 270 DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'");270 DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'"); 271 271 272 272 App::raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); … … 336 336 if (getFormData('filter_<##>', false)) { 337 337 // Limit by filter. 338 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . addslashes(getFormData('filter_<##>')) . "'";338 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . DB::escapeString(getFormData('filter_<##>')) . "'"; 339 339 } 340 340 … … 418 418 DB::query(" 419 419 UPDATE %DB_TBL% SET 420 rank = '" . addslashes($new_rank) . "'421 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'420 rank = '" . DB::escapeString($new_rank) . "' 421 WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "' 422 422 "); 423 423 } -
trunk/bin/module_maker/skel/public.php
r42 r111 36 36 $qid = DB::query(" 37 37 SELECT * FROM %DB_TBL% 38 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'38 WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' 39 39 AND publish = 'true' 40 40 <##>AND (publish_date <= CURDATE() OR publish_date = '0000-00-00') … … 50 50 UPDATE %DB_TBL% 51 51 SET hit_count = hit_count + 1 52 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'52 WHERE %PRIMARY_KEY% = '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' 53 53 "); 54 54
Note: See TracChangeset
for help on using the changeset viewer.