Ignore:
Timestamp:
Apr 27, 2006 1:49:54 AM (18 years ago)
Author:
scdev
Message:

Q - Finished depreciating addslashes. array_map instances need to use array('DB', 'escapeString') as first argument.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/bin/module_maker/sql.cli.php

    r44 r111  
    4646
    4747// Get DB table column info.
    48 $qid = DB::query("DESCRIBE " . addslashes($db_tbl));
     48$qid = DB::query("DESCRIBE " . DB::escapeString($db_tbl));
    4949while ($row = mysql_fetch_row($qid)) {
    5050    $cols[] = $row;
     
    7070        } else if ('set' == $type) {
    7171            // Set types usually need to be converted to comma-delimited lists.
    72             $c[$field] = "'\" . dbArrayToList(\$frm['$field']) . \"'";
     72            $c[$field] = "'\" . escapedList(array_keys(\$frm['$field'])) . \"'";
    7373        } else if ('featured' == $field || 'publish' == $field || preg_match("/enum\('true'\)/", $col[1])) {
    7474            // Toggle types.
     
    7676        } else if ('added_by_user_id' == $field || 'modified_by_user_id' == $field) {
    7777            // Toggle types.
    78             $c[$field] = "'\" . addslashes(\$auth->getVal('user_id')) . \"'";
     78            $c[$field] = "'\" . DB::escapeString(\$auth->getVal('user_id')) . \"'";
    7979        } else if ('added_datetime' == $field || 'modified_datetime' == $field) {
    8080            // DB record insertion datetime.
     
    8282        } else {
    8383            // Default. Just insert data.
    84             $c[$field] = "'\" . addslashes(\$frm['$field']) . \"'";
     84            $c[$field] = "'\" . DB::escapeString(\$frm['$field']) . \"'";
    8585        }
    8686    }
     
    135135    DB::query("
    136136        UPDATE $db_tbl SET$key_eq_val
    137         WHERE $primary_key = '" . addslashes(\$frm['$primary_key']) . "'
     137        WHERE $primary_key = '" . DB::escapeString(\$frm['$primary_key']) . "'
    138138    ");
    139139E_O_F;
     
    148148$delim = 'WHERE';
    149149if (!empty($primary_key)) {
    150     $where_clause = "            $delim $primary_key = '\" . addslashes(\$frm['$primary_key']) . \"'\n";
     150    $where_clause = "            $delim $primary_key = '\" . DB::escapeString(\$frm['$primary_key']) . \"'\n";
    151151    $delim = 'AND';
    152152}
     
    155155        continue;
    156156    }
    157     $where_clause .= "            $delim $k = '\" . addslashes(\$frm['$k']) . \"'\n";
     157    $where_clause .= "            $delim $k = '\" . DB::escapeString(\$frm['$k']) . \"'\n";
    158158    $delim = 'AND';
    159159}
     
    183183if (!isset($op) || 'search' == $op) {
    184184$search_skip_columns = array('added_datetime', 'added_by_user_id', 'modified_datetime', 'modified_by_user_id', 'publish', 'featured');
    185 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . addslashes(\$qry_words[\$i]) . \"%'\n                    OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));
     185$search_columns = $db_tbl . '.' . join(" LIKE '%\" . DB::escapeString(\$qry_words[\$i]) . \"%'\n                    OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));
    186186echo <<<E_O_F
    187187            \$where_clause .= (empty(\$where_clause) ? 'WHERE' : 'AND') . "
    188188                (
    189                     $search_columns LIKE '%" . addslashes(\$qry_words[\$i]) . "%'
     189                    $search_columns LIKE '%" . DB::escapeString(\$qry_words[\$i]) . "%'
    190190                )
    191191            ";
Note: See TracChangeset for help on using the changeset viewer.