Changeset 111 for trunk/lib/RecordLock.inc.php
- Timestamp:
- Apr 27, 2006 1:49:54 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/RecordLock.inc.php
r71 r111 156 156 $qid = DB::query(" 157 157 SELECT * FROM " . $this->getParam('db_table') . " 158 WHERE lock_id = '" . addslashes($record_table_or_lock_id) . "'158 WHERE lock_id = '" . DB::escapeString($record_table_or_lock_id) . "' 159 159 "); 160 160 } else { … … 162 162 $qid = DB::query(" 163 163 SELECT * FROM " . $this->getParam('db_table') . " 164 WHERE record_table = '" . addslashes($record_table_or_lock_id) . "'165 AND record_key = '" . addslashes($record_key) . "'166 AND record_val = '" . addslashes($record_val) . "'164 WHERE record_table = '" . DB::escapeString($record_table_or_lock_id) . "' 165 AND record_key = '" . DB::escapeString($record_key) . "' 166 AND record_val = '" . DB::escapeString($record_val) . "' 167 167 "); 168 168 } … … 199 199 200 200 if (isset($this->data['lock_id'])) { 201 $qid = DB::query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . addslashes($this->data['lock_id']) . "'");201 $qid = DB::query("SELECT * FROM " . $this->getParam('db_table') . " WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "'"); 202 202 if ($lock = mysql_fetch_assoc($qid)) { 203 203 return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id')); … … 230 230 DB::query(" 231 231 DELETE FROM " . $this->getParam('db_table') . " 232 WHERE record_table = '" . addslashes($record_table) . "'233 AND record_key = '" . addslashes($record_key) . "'234 AND record_val = '" . addslashes($record_val) . "'232 WHERE record_table = '" . DB::escapeString($record_table) . "' 233 AND record_key = '" . DB::escapeString($record_key) . "' 234 AND record_val = '" . DB::escapeString($record_val) . "' 235 235 "); 236 236 … … 245 245 lock_datetime 246 246 ) VALUES ( 247 '" . addslashes($record_table) . "',248 '" . addslashes($record_key) . "',249 '" . addslashes($record_val) . "',250 '" . addslashes($title) . "',251 '" . addslashes($this->_auth->getVal('user_id')) . "',247 '" . DB::escapeString($record_table) . "', 248 '" . DB::escapeString($record_key) . "', 249 '" . DB::escapeString($record_val) . "', 250 '" . DB::escapeString($title) . "', 251 '" . DB::escapeString($this->_auth->getVal('user_id')) . "', 252 252 NOW() 253 253 ) … … 274 274 DB::query(" 275 275 DELETE FROM " . $this->getParam('db_table') . " 276 WHERE lock_id = '" . addslashes($this->data['lock_id']) . "'276 WHERE lock_id = '" . DB::escapeString($this->data['lock_id']) . "' 277 277 "); 278 278 … … 292 292 if (isset($user_id)) { 293 293 // Delete specific user's locks. 294 DB::query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . addslashes($user_id) . "'");294 DB::query("DELETE FROM " . $this->getParam('db_table') . " WHERE set_by_admin_id = '" . DB::escapeString($user_id) . "'"); 295 295 App::logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_DEBUG, __FILE__, __LINE__); 296 296 } else {
Note: See TracChangeset
for help on using the changeset viewer.