Changeset 111 for trunk/services
- Timestamp:
- Apr 27, 2006 1:49:54 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/services/admins.php
r72 r111 154 154 if (getFormdata('repeat', false)) { 155 155 // Display edit function with next available ID. 156 $qid = DB::query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . addslashes(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1");156 $qid = DB::query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . DB::escapeString(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1"); 157 157 if (list($next_id) = mysql_fetch_row($qid)) { 158 158 App::dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id); … … 268 268 SELECT * 269 269 FROM admin_tbl 270 WHERE admin_id = '" . addslashes($id) . "'270 WHERE admin_id = '" . DB::escapeString($id) . "' 271 271 "); 272 272 if (!$frm = mysql_fetch_assoc($qid)) { … … 325 325 $qid = DB::query(" 326 326 SELECT username, user_type from admin_tbl 327 WHERE admin_id = '" . addslashes($id) . "'327 WHERE admin_id = '" . DB::escapeString($id) . "' 328 328 "); 329 329 if (! list($name, $user_type) = mysql_fetch_row($qid)) { … … 347 347 } else { 348 348 // Delete the record. 349 DB::query("DELETE FROM admin_tbl WHERE admin_id = '" . addslashes($id) . "'");349 DB::query("DELETE FROM admin_tbl WHERE admin_id = '" . DB::escapeString($id) . "'"); 350 350 App::raiseMsg(sprintf(_("The admin <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); 351 351 } … … 373 373 added_datetime 374 374 ) VALUES ( 375 '" . addslashes($frm['username']) . "',376 '" . addslashes($frm['first_name']) . "',377 '" . addslashes($frm['last_name']) . "',378 '" . addslashes($frm['email']) . "',379 '" . addslashes($frm['user_type']) . "',380 '" . addslashes($auth->getVal('user_id')) . "',375 '" . DB::escapeString($frm['username']) . "', 376 '" . DB::escapeString($frm['first_name']) . "', 377 '" . DB::escapeString($frm['last_name']) . "', 378 '" . DB::escapeString($frm['email']) . "', 379 '" . DB::escapeString($frm['user_type']) . "', 380 '" . DB::escapeString($auth->getVal('user_id')) . "', 381 381 NOW() 382 382 ) … … 417 417 DB::query(" 418 418 UPDATE admin_tbl SET 419 username = '" . addslashes($frm['username']) . "',420 first_name = '" . addslashes($frm['first_name']) . "',421 last_name = '" . addslashes($frm['last_name']) . "',422 email = '" . addslashes($frm['email']) . "',423 user_type = '" . addslashes($frm['user_type']) . "',424 modified_by_user_id = '" . addslashes($auth->getVal('user_id')) . "',419 username = '" . DB::escapeString($frm['username']) . "', 420 first_name = '" . DB::escapeString($frm['first_name']) . "', 421 last_name = '" . DB::escapeString($frm['last_name']) . "', 422 email = '" . DB::escapeString($frm['email']) . "', 423 user_type = '" . DB::escapeString($frm['user_type']) . "', 424 modified_by_user_id = '" . DB::escapeString($auth->getVal('user_id')) . "', 425 425 modified_datetime = NOW() 426 WHERE admin_id = '" . addslashes($frm['admin_id']) . "'426 WHERE admin_id = '" . DB::escapeString($frm['admin_id']) . "' 427 427 "); 428 428 … … 450 450 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " 451 451 ( 452 admin_tbl.username LIKE '%" . addslashes($qry_words[$i]) . "%'453 OR admin_tbl.first_name LIKE '%" . addslashes($qry_words[$i]) . "%'454 OR admin_tbl.last_name LIKE '%" . addslashes($qry_words[$i]) . "%'455 OR admin_tbl.email LIKE '%" . addslashes($qry_words[$i]) . "%'452 admin_tbl.username LIKE '%" . DB::escapeString($qry_words[$i]) . "%' 453 OR admin_tbl.first_name LIKE '%" . DB::escapeString($qry_words[$i]) . "%' 454 OR admin_tbl.last_name LIKE '%" . DB::escapeString($qry_words[$i]) . "%' 455 OR admin_tbl.email LIKE '%" . DB::escapeString($qry_words[$i]) . "%' 456 456 ) 457 457 ";
Note: See TracChangeset
for help on using the changeset viewer.