Ignore:
Timestamp:
Apr 27, 2006 1:49:54 AM (18 years ago)
Author:
scdev
Message:

Q - Finished depreciating addslashes. array_map instances need to use array('DB', 'escapeString') as first argument.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/bin/module_maker/skel/admin.php

    r42 r111  
    146146        if (getFormdata('repeat', false)) {
    147147            // Display edit function with next available ID.
    148             $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . addslashes(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");
     148            $qid = DB::query("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . DB::escapeString(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");
    149149            if (list($next_id) = mysql_fetch_row($qid)) {
    150150                App::dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id);
     
    217217        SELECT *
    218218        FROM %DB_TBL%
    219         WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'
     219        WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'
    220220    ");
    221221    if (!$frm = mysql_fetch_assoc($qid)) {
     
    259259        SELECT <##>
    260260        FROM %DB_TBL%
    261         WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'
     261        WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'
    262262    ");
    263263    if (! list($name) = mysql_fetch_row($qid)) {
     
    268268
    269269    // Delete the record.
    270     DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'");
     270    DB::query("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'");
    271271
    272272    App::raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);
     
    336336    if (getFormData('filter_<##>', false)) {
    337337        // Limit by filter.
    338         $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . addslashes(getFormData('filter_<##>')) . "'";
     338        $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . DB::escapeString(getFormData('filter_<##>')) . "'";
    339339    }
    340340
     
    418418        DB::query("
    419419            UPDATE %DB_TBL% SET
    420                 rank = '" . addslashes($new_rank) . "'
    421             WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'
     420                rank = '" . DB::escapeString($new_rank) . "'
     421            WHERE %PRIMARY_KEY% = '" . DB::escapeString($id) . "'
    422422        ");
    423423    }
Note: See TracChangeset for help on using the changeset viewer.