Changeset 111 for trunk/lib/RecordLock.inc.php

Timestamp:

Apr 27, 2006 1:49:54 AM (18 years ago)

Author:

scdev

Message:

Q - Finished depreciating addslashes. array_map instances need to use array('DB', 'escapeString') as first argument.

File:

• trunk/lib/RecordLock.inc.php (modified) (7 diffs)

trunk/lib/RecordLock.inc.php

@@ -156 +156 @@
             $qid = DB::query("
                 SELECT * FROM " . $this->getParam('db_table') . "
-                WHERE lock_id = '" . addslashes($record_table_or_lock_id) . "'
+                WHERE lock_id = '" . DB::escapeString($record_table_or_lock_id) . "'
             ");
         } else {
@@ -162 +162 @@
             $qid = DB::query("
                 SELECT * FROM " . $this->getParam('db_table') . "
-                WHERE record_table = '" . addslashes($record_table_or_lock_id) . "'
-                AND record_key = '" . addslashes($record_key) . "'
-                AND record_val = '" . addslashes($record_val) . "'
+                WHERE record_table = '" . DB::escapeString($record_table_or_lock_id) . "'
+                AND record_key = '" . DB::escapeString($record_key) . "'
+                AND record_val = '" . DB::escapeString($record_val) . "'
             ");
         }
@@ -199 +199 @@
 
         if (isset($this->data['lock_id'])) {
-            $qid = DB::query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . addslashes($this->data['lock_id']) . "'");
+            $qid = DB::query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "'");
             if ($lock = mysql_fetch_assoc($qid)) {
                 return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id'));
@@ -230 +230 @@
         DB::query("
             DELETE FROM " . $this->getParam('db_table') . "
-            WHERE record_table = '" . addslashes($record_table) . "'
-            AND record_key = '" . addslashes($record_key) . "'
-            AND record_val = '" . addslashes($record_val) . "'
+            WHERE record_table = '" . DB::escapeString($record_table) . "'
+            AND record_key = '" . DB::escapeString($record_key) . "'
+            AND record_val = '" . DB::escapeString($record_val) . "'
         ");
 
@@ -245 +245 @@
                 lock_datetime
             ) VALUES (
-                '" . addslashes($record_table) . "',
-                '" . addslashes($record_key) . "',
-                '" . addslashes($record_val) . "',
-                '" . addslashes($title) . "',
-                '" . addslashes($this->_auth->getVal('user_id')) . "',
+                '" . DB::escapeString($record_table) . "',
+                '" . DB::escapeString($record_key) . "',
+                '" . DB::escapeString($record_val) . "',
+                '" . DB::escapeString($title) . "',
+                '" . DB::escapeString($this->_auth->getVal('user_id')) . "',
                 NOW()
             )
@@ -274 +274 @@
         DB::query("
             DELETE FROM " . $this->getParam('db_table') . "
-            WHERE lock_id = '" . addslashes($this->data['lock_id']) . "'
+            WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "'
         ");
 
@@ -292 +292 @@
         if (isset($user_id)) {
             // Delete specific user's locks.
-            DB::query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . addslashes($user_id) . "'");
+            DB::query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . DB::escapeString($user_id) . "'");
             App::logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_DEBUG, __FILE__, __LINE__);
         } else {