Changeset 111 for trunk/lib/RecordVersion.inc.php
- Timestamp:
- Apr 27, 2006 1:49:54 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/RecordVersion.inc.php
r49 r111 182 182 version_datetime 183 183 ) VALUES ( 184 '" . addslashes($record_table) . "',185 '" . addslashes($record_key) . "',186 '" . addslashes($record_val) . "',187 '" . addslashes(gzcompress(serialize($record), 9)) . "',188 '" . addslashes($title) . "',189 '" . addslashes($notes) . "',190 '" . addslashes($this->_auth->getVal('user_id')) . "',184 '" . DB::escapeString($record_table) . "', 185 '" . DB::escapeString($record_key) . "', 186 '" . DB::escapeString($record_val) . "', 187 '" . DB::escapeString(gzcompress(serialize($record), 9)) . "', 188 '" . DB::escapeString($title) . "', 189 '" . DB::escapeString($notes) . "', 190 '" . DB::escapeString($this->_auth->getVal('user_id')) . "', 191 191 NOW() 192 192 ) … … 210 210 $qid = DB::query(" 211 211 SELECT * FROM " . $this->getParam('db_table') . " 212 WHERE version_id = '" . addslashes($version_id) . "'212 WHERE version_id = '" . DB::escapeString($version_id) . "' 213 213 "); 214 214 if (!$record = mysql_fetch_assoc($qid)) { … … 227 227 228 228 // SQLize the keys of the specified versioned record. 229 $replace_keys = join(",\n", array_map( 'addslashes', array_keys($data)));229 $replace_keys = join(",\n", array_map(array('DB', 'escapeString'), array_keys($data))); 230 230 231 231 // SQLize the keys of the values of the specified versioned record. (These are more complex because we need to account for SQL null values.) … … 233 233 $comma = ''; 234 234 foreach ($data as $v) { 235 $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . addslashes($v) . "'";235 $replace_values .= is_null($v) ? "$comma\nNULL" : "$comma\n'" . DB::escapeString($v) . "'"; 236 236 $comma = ','; 237 237 } … … 268 268 $qid = DB::query(" 269 269 SELECT COUNT(*) FROM " . $this->getParam('db_table') . " 270 WHERE record_table = '" . addslashes($record_table) . "'271 AND record_key = '" . addslashes($record_key) . "'272 AND record_val = '" . addslashes($record_val) . "'270 WHERE record_table = '" . DB::escapeString($record_table) . "' 271 AND record_key = '" . DB::escapeString($record_key) . "' 272 AND record_val = '" . DB::escapeString($record_val) . "' 273 273 "); 274 274 list($v_count) = mysql_fetch_row($qid); … … 280 280 $qid = DB::query(" 281 281 SELECT version_id FROM " . $this->getParam('db_table') . " 282 WHERE record_table = '" . addslashes($record_table) . "'283 AND record_key = '" . addslashes($record_key) . "'284 AND record_val = '" . addslashes($record_val) . "'282 WHERE record_table = '" . DB::escapeString($record_table) . "' 283 AND record_key = '" . DB::escapeString($record_key) . "' 284 AND record_val = '" . DB::escapeString($record_val) . "' 285 285 ORDER BY version_datetime ASC 286 286 LIMIT " . ($v_count - $this->getParam('min_qty')) . " … … 297 297 $qid = DB::query(" 298 298 SELECT version_id FROM " . $this->getParam('db_table') . " 299 WHERE record_table = '" . addslashes($record_table) . "'300 AND record_key = '" . addslashes($record_key) . "'301 AND record_val = '" . addslashes($record_val) . "'299 WHERE record_table = '" . DB::escapeString($record_table) . "' 300 AND record_key = '" . DB::escapeString($record_key) . "' 301 AND record_val = '" . DB::escapeString($record_val) . "' 302 302 AND DATE_ADD(version_datetime, INTERVAL '" . $this->getParam('min_days') . "' DAY) < NOW() 303 303 ORDER BY version_datetime ASC … … 334 334 SELECT version_id, saved_by_admin_id, version_datetime, version_title 335 335 FROM " . $this->getParam('db_table') . " 336 WHERE record_table = '" . addslashes($record_table) . "'337 AND record_key = '" . addslashes($record_key) . "'338 AND record_val = '" . addslashes($record_val) . "'336 WHERE record_table = '" . DB::escapeString($record_table) . "' 337 AND record_key = '" . DB::escapeString($record_key) . "' 338 AND record_val = '" . DB::escapeString($record_val) . "' 339 339 ORDER BY version_datetime DESC 340 340 "); … … 362 362 $qid = DB::query(" 363 363 SELECT * FROM " . $this->getParam('db_table') . " 364 WHERE version_id = '" . addslashes($version_id) . "'364 WHERE version_id = '" . DB::escapeString($version_id) . "' 365 365 "); 366 366 return mysql_fetch_assoc($qid); … … 381 381 $qid = DB::query(" 382 382 SELECT * FROM " . $this->getParam('db_table') . " 383 WHERE version_id = '" . addslashes($version_id) . "'383 WHERE version_id = '" . DB::escapeString($version_id) . "' 384 384 "); 385 385 $record = mysql_fetch_assoc($qid); … … 403 403 404 404 $qid = DB::query(" 405 SELECT * FROM " . addslashes($record_table) . "406 WHERE " . addslashes($record_key) . " = '" . addslashes($record_val) . "'405 SELECT * FROM " . DB::escapeString($record_table) . " 406 WHERE " . DB::escapeString($record_key) . " = '" . DB::escapeString($record_val) . "' 407 407 "); 408 408 if ($record = mysql_fetch_assoc($qid)) {
Note: See TracChangeset
for help on using the changeset viewer.