Changeset 111 for trunk/lib/Hierarchy.inc.php
- Timestamp:
- Apr 27, 2006 1:49:54 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Hierarchy.inc.php
r92 r111 197 197 title 198 198 ) VALUES ( 199 '" . addslashes($parent['node_type']) . "',200 '" . addslashes($parent['node_id']) . "',201 '" . addslashes($child_type) . "',202 '" . addslashes($child_id) . "',203 " . (is_null($relationship_type) ? "NULL" : "'" . addslashes($relationship_type) . "'") . ",204 '" . addslashes($title) . "'199 '" . DB::escapeString($parent['node_type']) . "', 200 '" . DB::escapeString($parent['node_id']) . "', 201 '" . DB::escapeString($child_type) . "', 202 '" . DB::escapeString($child_id) . "', 203 " . (is_null($relationship_type) ? "NULL" : "'" . DB::escapeString($relationship_type) . "'") . ", 204 '" . DB::escapeString($title) . "' 205 205 ) 206 206 "); … … 245 245 DB::query(" 246 246 DELETE FROM node_tbl 247 WHERE child_type = '" . addslashes($child_type) . "'248 AND child_id = '" . addslashes($child_id) . "'247 WHERE child_type = '" . DB::escapeString($child_type) . "' 248 AND child_id = '" . DB::escapeString($child_id) . "' 249 249 "); 250 250 App::logMsg(sprintf('deleteNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 311 311 $qid = DB::query(" 312 312 SELECT title FROM node_tbl 313 WHERE child_type = '" . addslashes($child_type) . "'314 AND child_id = '" . addslashes($child_id) . "'315 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . addslashes($relationship_type) . "'") . "313 WHERE child_type = '" . DB::escapeString($child_type) . "' 314 AND child_id = '" . DB::escapeString($child_id) . "' 315 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . " 316 316 "); 317 317 list($title) = mysql_fetch_row($qid); … … 321 321 DB::query(" 322 322 DELETE FROM node_tbl 323 WHERE child_type = '" . addslashes($child_type) . "'324 AND child_id = '" . addslashes($child_id) . "'325 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . addslashes($relationship_type) . "'") . "323 WHERE child_type = '" . DB::escapeString($child_type) . "' 324 AND child_id = '" . DB::escapeString($child_id) . "' 325 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . " 326 326 "); 327 327 App::logMsg(sprintf('moveNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 359 359 $type_constraint = array($type_constraint); 360 360 } 361 $in_clause = "AND parent_type IN ('" . join("','", array_map( 'addslashes', $type_constraint)) . "')";361 $in_clause = "AND parent_type IN ('" . join("','", array_map(array('DB', 'escapeString'), $type_constraint)) . "')"; 362 362 } 363 363 … … 365 365 SELECT parent_type, parent_id 366 366 FROM node_tbl 367 WHERE child_type = '" . addslashes($child_type) . "'368 AND child_id = '" . addslashes($child_id) . "'367 WHERE child_type = '" . DB::escapeString($child_type) . "' 368 AND child_id = '" . DB::escapeString($child_id) . "' 369 369 $in_clause 370 " . addslashes($order) . "370 " . DB::escapeString($order) . " 371 371 "); 372 372 … … 405 405 SELECT child_type, child_id, title, subnode_quantity 406 406 FROM node_tbl 407 WHERE child_type = '" . addslashes($child_type) . "'408 AND child_id = '" . addslashes($child_id) . "'407 WHERE child_type = '" . DB::escapeString($child_type) . "' 408 AND child_id = '" . DB::escapeString($child_id) . "' 409 409 "); 410 410 … … 448 448 $type_constraint = array($type_constraint); 449 449 } 450 $in_clause = "AND child_type IN ('" . join("','", array_map( 'addslashes', $type_constraint)) . "')";450 $in_clause = "AND child_type IN ('" . join("','", array_map(array('DB', 'escapeString'), $type_constraint)) . "')"; 451 451 } 452 452 … … 454 454 SELECT * 455 455 FROM node_tbl 456 WHERE parent_type = '" . addslashes($child_type) . "'457 AND parent_id = '" . addslashes($child_id) . "'456 WHERE parent_type = '" . DB::escapeString($child_type) . "' 457 AND parent_id = '" . DB::escapeString($child_id) . "' 458 458 $in_clause 459 " . addslashes($order) . "459 " . DB::escapeString($order) . " 460 460 "); 461 461 … … 497 497 $type_constraint = array($type_constraint); 498 498 } 499 $in_clause = "AND child_type IN ('" . join("','", array_map( 'addslashes', $type_constraint)) . "')";499 $in_clause = "AND child_type IN ('" . join("','", array_map(array('DB', 'escapeString'), $type_constraint)) . "')"; 500 500 } 501 501 … … 503 503 SELECT COUNT(*) 504 504 FROM node_tbl 505 WHERE parent_type = '" . addslashes($child_type) . "'506 AND parent_id = '" . addslashes($child_id) . "'505 WHERE parent_type = '" . DB::escapeString($child_type) . "' 506 AND parent_id = '" . DB::escapeString($child_id) . "' 507 507 $in_clause 508 508 "); … … 585 585 SELECT parent_type, parent_id, child_type, child_id, title, subnode_quantity 586 586 FROM node_tbl 587 WHERE child_type = '" . addslashes($child_type) . "'588 AND child_id = '" . addslashes($child_id) . "'587 WHERE child_type = '" . DB::escapeString($child_type) . "' 588 AND child_id = '" . DB::escapeString($child_id) . "' 589 589 "); 590 590 while ($row = mysql_fetch_assoc($qid)) { … … 644 644 $qid = DB::query(" 645 645 SELECT 1 FROM node_tbl 646 WHERE parent_type = '" . addslashes($parent_type) . "'647 AND parent_id = '" . addslashes($parent_id) . "'648 AND child_type = '" . addslashes($child_type) . "'649 AND child_id = '" . addslashes($child_id) . "'650 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . addslashes($relationship_type) . "'") . "646 WHERE parent_type = '" . DB::escapeString($parent_type) . "' 647 AND parent_id = '" . DB::escapeString($parent_id) . "' 648 AND child_type = '" . DB::escapeString($child_type) . "' 649 AND child_id = '" . DB::escapeString($child_id) . "' 650 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . DB::escapeString($relationship_type) . "'") . " 651 651 "); 652 652 } else { 653 653 $qid = DB::query(" 654 654 SELECT 1 FROM node_tbl 655 WHERE child_type = '" . addslashes($child_type) . "'656 AND child_id = '" . addslashes($child_id) . "'655 WHERE child_type = '" . DB::escapeString($child_type) . "' 656 AND child_id = '" . DB::escapeString($child_id) . "' 657 657 "); 658 658 } … … 775 775 DB::query(" 776 776 UPDATE node_tbl 777 SET subnode_quantity = subnode_quantity + '" . addslashes($num_children) . "'778 WHERE child_type = '" . addslashes($child_type) . "'779 AND child_id = '" . addslashes($child_id) . "'777 SET subnode_quantity = subnode_quantity + '" . DB::escapeString($num_children) . "' 778 WHERE child_type = '" . DB::escapeString($child_type) . "' 779 AND child_id = '" . DB::escapeString($child_id) . "' 780 780 ",false); 781 781 $qid = DB::query(" 782 782 SELECT parent_type, parent_id 783 783 FROM node_tbl 784 WHERE child_type = '" . addslashes($child_type) . "'785 AND child_id = '" . addslashes($child_id) . "'784 WHERE child_type = '" . DB::escapeString($child_type) . "' 785 AND child_id = '" . DB::escapeString($child_id) . "' 786 786 ",false); 787 787 while ((list($parent_type, $parent_id) = mysql_fetch_row($qid)) && $parent_id > 0) {
Note: See TracChangeset
for help on using the changeset viewer.