Changeset 81 for branches/1.1dev/lib
- Timestamp:
- Apr 8, 2006 12:26:27 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/lib/RecordVersion.inc.php
r80 r81 58 58 version_datetime 59 59 ) VALUES ( 60 '" . addslashes($record_table) . "',61 '" . addslashes($record_key) . "',62 '" . addslashes($record_val) . "',63 '" . addslashes(gzcompress(serialize($record), 9)) . "',64 '" . addslashes($title) . "',65 '" . addslashes($_admin->getVal('user_id')) . "',60 '" . mysql_real_escape_string($record_table) . "', 61 '" . mysql_real_escape_string($record_key) . "', 62 '" . mysql_real_escape_string($record_val) . "', 63 '" . mysql_real_escape_string(gzcompress(serialize($record), 9)) . "', 64 '" . mysql_real_escape_string($title) . "', 65 '" . mysql_real_escape_string($_admin->getVal('user_id')) . "', 66 66 NOW() 67 67 ) … … 83 83 $qid = dbQuery(" 84 84 SELECT * FROM version_tbl 85 WHERE version_id = '" . addslashes($version_id) . "'85 WHERE version_id = '" . mysql_real_escape_string($version_id) . "' 86 86 "); 87 87 $record = mysql_fetch_assoc($qid); 88 88 $data = unserialize(gzuncompress($record['version_data'])); 89 89 90 $qid = dbQuery("SHOW COLUMNS FROM " . addslashes($record['record_table']));90 $qid = dbQuery("SHOW COLUMNS FROM " . mysql_real_escape_string($record['record_table'])); 91 91 while ($row = mysql_fetch_assoc($qid)) { 92 92 $fields[] = $row['Field']; … … 102 102 dbQuery(" 103 103 REPLACE INTO " . $record['record_table'] . " ( 104 " . join(",\n", array_map(' addslashes', array_keys($data))) . "104 " . join(",\n", array_map('mysql_real_escape_string', array_keys($data))) . " 105 105 ) VALUES ( 106 '" . join("',\n'", array_map(' addslashes', $data)) . "'106 '" . join("',\n'", array_map('mysql_real_escape_string', $data)) . "' 107 107 ) 108 108 "); … … 128 128 $qid = dbQuery(" 129 129 SELECT COUNT(*) FROM version_tbl 130 WHERE record_table = '" . addslashes($record_table) . "'131 AND record_key = '" . addslashes($record_key) . "'132 AND record_val = '" . addslashes($record_val) . "'130 WHERE record_table = '" . mysql_real_escape_string($record_table) . "' 131 AND record_key = '" . mysql_real_escape_string($record_key) . "' 132 AND record_val = '" . mysql_real_escape_string($record_val) . "' 133 133 "); 134 134 list($v_count) = mysql_fetch_row($qid); … … 139 139 $qid = dbQuery(" 140 140 SELECT version_id FROM version_tbl 141 WHERE record_table = '" . addslashes($record_table) . "'142 AND record_key = '" . addslashes($record_key) . "'143 AND record_val = '" . addslashes($record_val) . "'141 WHERE record_table = '" . mysql_real_escape_string($record_table) . "' 142 AND record_key = '" . mysql_real_escape_string($record_key) . "' 143 AND record_val = '" . mysql_real_escape_string($record_val) . "' 144 144 ORDER BY version_datetime ASC 145 145 LIMIT " . ($v_count - $this->record_version_min_qty) . " … … 156 156 $qid = dbQuery(" 157 157 SELECT version_id FROM version_tbl 158 WHERE record_table = '" . addslashes($record_table) . "'159 AND record_key = '" . addslashes($record_key) . "'160 AND record_val = '" . addslashes($record_val) . "'158 WHERE record_table = '" . mysql_real_escape_string($record_table) . "' 159 AND record_key = '" . mysql_real_escape_string($record_key) . "' 160 AND record_val = '" . mysql_real_escape_string($record_val) . "' 161 161 AND DATE_ADD(version_datetime, INTERVAL '" . $this->record_version_min_days . "' DAY) < NOW() 162 162 ORDER BY version_datetime ASC … … 191 191 SELECT version_id, saved_by_admin_id, version_datetime, version_title 192 192 FROM version_tbl 193 WHERE record_table = '" . addslashes($record_table) . "'194 AND record_key = '" . addslashes($record_key) . "'195 AND record_val = '" . addslashes($record_val) . "'193 WHERE record_table = '" . mysql_real_escape_string($record_table) . "' 194 AND record_key = '" . mysql_real_escape_string($record_key) . "' 195 AND record_val = '" . mysql_real_escape_string($record_val) . "' 196 196 ORDER BY version_datetime DESC 197 197 "); 198 198 while ($row = mysql_fetch_assoc($qid)) { 199 199 // Get admin usernames. 200 $qid2 = dbQuery("SELECT username FROM admin_tbl WHERE admin_id = '" . addslashes($row['saved_by_admin_id']) . "'");200 $qid2 = dbQuery("SELECT username FROM admin_tbl WHERE admin_id = '" . mysql_real_escape_string($row['saved_by_admin_id']) . "'"); 201 201 list($row['editor']) = mysql_fetch_row($qid2); 202 202 $versions[] = $row; … … 221 221 $qid = dbQuery(" 222 222 SELECT * FROM version_tbl 223 WHERE version_id = '" . addslashes($version_id) . "'223 WHERE version_id = '" . mysql_real_escape_string($version_id) . "' 224 224 "); 225 225 return mysql_fetch_assoc($qid); … … 238 238 $qid = dbQuery(" 239 239 SELECT * FROM version_tbl 240 WHERE version_id = '" . addslashes($version_id) . "'240 WHERE version_id = '" . mysql_real_escape_string($version_id) . "' 241 241 "); 242 242 $record = mysql_fetch_assoc($qid); … … 258 258 { 259 259 $qid = dbQuery(" 260 SELECT * FROM " . addslashes($record_table) . "261 WHERE " . addslashes($record_key) . " = '" . addslashes($record_val) . "'260 SELECT * FROM " . mysql_real_escape_string($record_table) . " 261 WHERE " . mysql_real_escape_string($record_key) . " = '" . mysql_real_escape_string($record_val) . "' 262 262 "); 263 263 if ($record = mysql_fetch_assoc($qid)) {
Note: See TracChangeset
for help on using the changeset viewer.