Ignore:
Timestamp:
Apr 27, 2006 1:49:54 AM (18 years ago)
Author:
scdev
Message:

Q - Finished depreciating addslashes. array_map instances need to use array('DB', 'escapeString') as first argument.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/Auth_SQL.inc.php

    r103 r111  
    305305            SELECT *, " . $this->_params['db_primary_key'] . " AS user_id
    306306            FROM " . $this->_params['db_table'] . "
    307             WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'
    308             AND BINARY userpass = '" . addslashes($this->encryptPassword($password)) . "'
     307            WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "'
     308            AND BINARY userpass = '" . DB::escapeString($this->encryptPassword($password)) . "'
    309309        ");
    310310
     
    453453            $qid = DB::query("
    454454                SELECT 1 FROM " . $this->_params['db_table'] . "
    455                 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
     455                WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'
    456456                AND DATE_ADD(last_login_datetime, INTERVAL '" . $this->_params['login_timeout'] . "' SECOND) > NOW()
    457457                AND DATE_ADD(last_access_datetime, INTERVAL '" . $this->_params['idle_timeout'] . "' SECOND) > NOW()
     
    572572
    573573        if ($this->getParam('blocking')) {
    574             if (strlen(addslashes($reason)) > 255) {
     574            if (strlen(DB::escapeString($reason)) > 255) {
    575575                // blocked_reason field is varchar(255).
    576576                App::logMsg(sprintf('Blocked reason provided is greater than 255 characters: %s', $reason), LOG_WARNING, __FILE__, __LINE__);
     
    582582                UPDATE " . $this->_params['db_table'] . " SET
    583583                blocked = 'true',
    584                 blocked_reason = '" . addslashes($reason) . "'
    585                 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
     584                blocked_reason = '" . DB::escapeString($reason) . "'
     585                WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'
    586586            ");
    587587        }
     
    602602                blocked = '',
    603603                blocked_reason = ''
    604                 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
     604                WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'
    605605            ");
    606606        }
     
    620620            SELECT 1
    621621            FROM " . $this->_params['db_table'] . "
    622             WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'
     622            WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "'
    623623        ");
    624624        return (mysql_num_rows($qid) > 0);
     
    638638            SELECT " . $this->_params['db_username_column'] . "
    639639            FROM " . $this->_params['db_table'] . "
    640             WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
     640            WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'
    641641        ");
    642642        if (list($username) = mysql_fetch_row($qid)) {
     
    717717        DB::query("
    718718            UPDATE " . $this->_params['db_table'] . "
    719             SET userpass = '" . addslashes($this->encryptPassword($password)) . "'
    720             WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
     719            SET userpass = '" . DB::escapeString($this->encryptPassword($password)) . "'
     720            WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'
    721721        ");
    722722    }
     
    739739        $qid = DB::query("
    740740            SELECT * FROM " . $this->_params['db_table'] . "
    741             WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
     741            WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "'
    742742        ");
    743743        if (!$user_data = mysql_fetch_assoc($qid)) {
Note: See TracChangeset for help on using the changeset viewer.