Changeset 82 for branches/1.1dev/lib/MySQLSessionHandler.inc.php

Timestamp:

Apr 8, 2006 3:07:57 AM (18 years ago)

Author:

scdev

Message:

Changed all usage of addslashes to mysql_real_escape_quotes

File:

• branches/1.1dev/lib/MySQLSessionHandler.inc.php (modified) (3 diffs)

branches/1.1dev/lib/MySQLSessionHandler.inc.php

@@ -52 +52 @@
     
     // Select the data belonging to session $session_id from the MySQL session table    
-    $qid = mysql_query("SELECT session_data FROM " . $sess_mysql['table'] . " WHERE session_id = '" . addslashes($session_id) . "'", $sess_mysql['dbh']);
+    $qid = mysql_query("SELECT session_data FROM " . $sess_mysql['table'] . " WHERE session_id = '" . mysql_real_escape_string($session_id) . "'", $sess_mysql['dbh']);
     
     // Check for errors
@@ -75 +75 @@
     
     // Write the serialized session data ($session_data) to the MySQL session table
-    mysql_query("REPLACE INTO " . $sess_mysql['table'] . "(session_id, session_data, last_access) VALUES ('" . addslashes($session_id) . "', '" . addslashes($session_data) . "', null)", $sess_mysql['dbh']);
+    mysql_query("REPLACE INTO " . $sess_mysql['table'] . "(session_id, session_data, last_access) VALUES ('" . mysql_real_escape_string($session_id) . "', '" . mysql_real_escape_string($session_data) . "', null)", $sess_mysql['dbh']);
     
     // Check for errors
@@ -91 +91 @@
 
     // Delete from the MySQL table all data for the session $session_id
-    mysql_query("DELETE FROM " . $sess_mysql['table'] . " WHERE session_id = '" . addslashes($session_id) . "'", $sess_mysql['dbh']);
+    mysql_query("DELETE FROM " . $sess_mysql['table'] . " WHERE session_id = '" . mysql_real_escape_string($session_id) . "'", $sess_mysql['dbh']);
             
     // Check for errors