Changeset 111 for trunk/lib/RecordVersion.inc.php

Timestamp:

Apr 27, 2006 1:49:54 AM (18 years ago)

Author:

scdev

Message:

Q - Finished depreciating addslashes. array_map instances need to use array('DB', 'escapeString') as first argument.

File:

• trunk/lib/RecordVersion.inc.php (modified) (11 diffs)

trunk/lib/RecordVersion.inc.php

@@ -182 +182 @@
                 version_datetime
             ) VALUES (
-                '" . addslashes($record_table) . "',
-                '" . addslashes($record_key) . "',
-                '" . addslashes($record_val) . "',
-                '" . addslashes(gzcompress(serialize($record), 9)) . "',
-                '" . addslashes($title) . "',
-                '" . addslashes($notes) . "',
-                '" . addslashes($this->_auth->getVal('user_id')) . "',
+                '" . DB::escapeString($record_table) . "',
+                '" . DB::escapeString($record_key) . "',
+                '" . DB::escapeString($record_val) . "',
+                '" . DB::escapeString(gzcompress(serialize($record), 9)) . "',
+                '" . DB::escapeString($title) . "',
+                '" . DB::escapeString($notes) . "',
+                '" . DB::escapeString($this->_auth->getVal('user_id')) . "',
                 NOW()
             )
@@ -210 +210 @@
         $qid = DB::query("
             SELECT * FROM " . $this->getParam('db_table') . "
-            WHERE version_id = '" . addslashes($version_id) . "'
+            WHERE version_id = '" . DB::escapeString($version_id) . "'
         ");
         if (!$record = mysql_fetch_assoc($qid)) {
@@ -227 +227 @@
 
         // SQLize the keys of the specified versioned record.
-        $replace_keys = join(",\n", array_map('addslashes', array_keys($data)));
+        $replace_keys = join(",\n", array_map(array('DB', 'escapeString'), array_keys($data)));
 
         // SQLize the keys of the values of the specified versioned record. (These are more complex because we need to account for SQL null values.)
@@ -233 +233 @@
         $comma = '';
         foreach ($data as $v) {
-            $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . addslashes($v) . "'";
+            $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . DB::escapeString($v) . "'";
             $comma = ',';
         }
@@ -268 +268 @@
         $qid = DB::query("
             SELECT COUNT(*) FROM " . $this->getParam('db_table') . "
-            WHERE record_table = '" . addslashes($record_table) . "'
-            AND record_key = '" . addslashes($record_key) . "'
-            AND record_val = '" . addslashes($record_val) . "'
+            WHERE record_table = '" . DB::escapeString($record_table) . "'
+            AND record_key = '" . DB::escapeString($record_key) . "'
+            AND record_val = '" . DB::escapeString($record_val) . "'
         ");
         list($v_count) = mysql_fetch_row($qid);
@@ -280 +280 @@
                 $qid = DB::query("
                     SELECT version_id FROM " . $this->getParam('db_table') . "
-                    WHERE record_table = '" . addslashes($record_table) . "'
-                    AND record_key = '" . addslashes($record_key) . "'
-                    AND record_val = '" . addslashes($record_val) . "'
+                    WHERE record_table = '" . DB::escapeString($record_table) . "'
+                    AND record_key = '" . DB::escapeString($record_key) . "'
+                    AND record_val = '" . DB::escapeString($record_val) . "'
                     ORDER BY version_datetime ASC
                     LIMIT " . ($v_count - $this->getParam('min_qty')) . "
@@ -297 +297 @@
                 $qid = DB::query("
                     SELECT version_id FROM " . $this->getParam('db_table') . "
-                    WHERE record_table = '" . addslashes($record_table) . "'
-                    AND record_key = '" . addslashes($record_key) . "'
-                    AND record_val = '" . addslashes($record_val) . "'
+                    WHERE record_table = '" . DB::escapeString($record_table) . "'
+                    AND record_key = '" . DB::escapeString($record_key) . "'
+                    AND record_val = '" . DB::escapeString($record_val) . "'
                     AND DATE_ADD(version_datetime, INTERVAL '" . $this->getParam('min_days') . "' DAY) < NOW()
                     ORDER BY version_datetime ASC
@@ -334 +334 @@
             SELECT version_id, saved_by_admin_id, version_datetime, version_title
             FROM " . $this->getParam('db_table') . "
-            WHERE record_table = '" . addslashes($record_table) . "'
-            AND record_key = '" . addslashes($record_key) . "'
-            AND record_val = '" . addslashes($record_val) . "'
+            WHERE record_table = '" . DB::escapeString($record_table) . "'
+            AND record_key = '" . DB::escapeString($record_key) . "'
+            AND record_val = '" . DB::escapeString($record_val) . "'
             ORDER BY version_datetime DESC
         ");
@@ -362 +362 @@
         $qid = DB::query("
             SELECT * FROM " . $this->getParam('db_table') . "
-            WHERE version_id = '" . addslashes($version_id) . "'
+            WHERE version_id = '" . DB::escapeString($version_id) . "'
         ");
         return mysql_fetch_assoc($qid);
@@ -381 +381 @@
         $qid = DB::query("
             SELECT * FROM " . $this->getParam('db_table') . "
-            WHERE version_id = '" . addslashes($version_id) . "'
+            WHERE version_id = '" . DB::escapeString($version_id) . "'
         ");
         $record = mysql_fetch_assoc($qid);
@@ -403 +403 @@
 
         $qid = DB::query("
-            SELECT * FROM " . addslashes($record_table) . "
-            WHERE " . addslashes($record_key) . " = '" . addslashes($record_val) . "'
+            SELECT * FROM " . DB::escapeString($record_table) . "
+            WHERE " . DB::escapeString($record_key) . " = '" . DB::escapeString($record_val) . "'
         ");
         if ($record = mysql_fetch_assoc($qid)) {