Changeset 82 for branches/1.1dev/lib/NodeHeirarchy.inc.php
- Timestamp:
- Apr 8, 2006 3:07:57 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/lib/NodeHeirarchy.inc.php
r81 r82 202 202 title 203 203 ) VALUES ( 204 '" . addslashes($parent['node_type']) . "',205 '" . addslashes($parent['node_id']) . "',206 '" . addslashes($child_type) . "',207 '" . addslashes($child_id) . "',208 " . (is_null($relationship_type) ? "NULL" : "'" . addslashes($relationship_type) . "'") . ",209 '" . addslashes($title) . "'204 '" . mysql_real_escape_string($parent['node_type']) . "', 205 '" . mysql_real_escape_string($parent['node_id']) . "', 206 '" . mysql_real_escape_string($child_type) . "', 207 '" . mysql_real_escape_string($child_id) . "', 208 " . (is_null($relationship_type) ? "NULL" : "'" . mysql_real_escape_string($relationship_type) . "'") . ", 209 '" . mysql_real_escape_string($title) . "' 210 210 ) 211 211 "); … … 250 250 dbQuery(" 251 251 DELETE FROM node_tbl 252 WHERE child_type = '" . addslashes($child_type) . "'253 AND child_id = '" . addslashes($child_id) . "'252 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 253 AND child_id = '" . mysql_real_escape_string($child_id) . "' 254 254 "); 255 255 logMsg(sprintf('deleteNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 316 316 $qid = dbQuery(" 317 317 SELECT title FROM node_tbl 318 WHERE child_type = '" . addslashes($child_type) . "'319 AND child_id = '" . addslashes($child_id) . "'320 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . addslashes($relationship_type) . "'") . "318 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 319 AND child_id = '" . mysql_real_escape_string($child_id) . "' 320 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . mysql_real_escape_string($relationship_type) . "'") . " 321 321 "); 322 322 list($title) = mysql_fetch_row($qid); … … 326 326 dbQuery(" 327 327 DELETE FROM node_tbl 328 WHERE child_type = '" . addslashes($child_type) . "'329 AND child_id = '" . addslashes($child_id) . "'330 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . addslashes($relationship_type) . "'") . "328 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 329 AND child_id = '" . mysql_real_escape_string($child_id) . "' 330 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . mysql_real_escape_string($relationship_type) . "'") . " 331 331 "); 332 332 logMsg(sprintf('moveNode: Deleted node %s %s.', $child_type, $child_id), LOG_DEBUG, __FILE__, __LINE__); … … 364 364 $type_constraint = array($type_constraint); 365 365 } 366 $in_clause = "AND parent_type IN ('" . join("','", array_map(' addslashes', $type_constraint)) . "')";366 $in_clause = "AND parent_type IN ('" . join("','", array_map('mysql_real_escape_string', $type_constraint)) . "')"; 367 367 } 368 368 … … 370 370 SELECT parent_type, parent_id 371 371 FROM node_tbl 372 WHERE child_type = '" . addslashes($child_type) . "'373 AND child_id = '" . addslashes($child_id) . "'372 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 373 AND child_id = '" . mysql_real_escape_string($child_id) . "' 374 374 $in_clause 375 " . addslashes($order) . "375 " . mysql_real_escape_string($order) . " 376 376 "); 377 377 … … 410 410 SELECT child_type, child_id, title, subnode_quantity 411 411 FROM node_tbl 412 WHERE child_type = '" . addslashes($child_type) . "'413 AND child_id = '" . addslashes($child_id) . "'412 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 413 AND child_id = '" . mysql_real_escape_string($child_id) . "' 414 414 "); 415 415 … … 453 453 $type_constraint = array($type_constraint); 454 454 } 455 $in_clause = "AND child_type IN ('" . join("','", array_map(' addslashes', $type_constraint)) . "')";455 $in_clause = "AND child_type IN ('" . join("','", array_map('mysql_real_escape_string', $type_constraint)) . "')"; 456 456 } 457 457 … … 459 459 SELECT * 460 460 FROM node_tbl 461 WHERE parent_type = '" . addslashes($child_type) . "'462 AND parent_id = '" . addslashes($child_id) . "'461 WHERE parent_type = '" . mysql_real_escape_string($child_type) . "' 462 AND parent_id = '" . mysql_real_escape_string($child_id) . "' 463 463 $in_clause 464 " . addslashes($order) . "464 " . mysql_real_escape_string($order) . " 465 465 "); 466 466 … … 502 502 $type_constraint = array($type_constraint); 503 503 } 504 $in_clause = "AND child_type IN ('" . join("','", array_map(' addslashes', $type_constraint)) . "')";504 $in_clause = "AND child_type IN ('" . join("','", array_map('mysql_real_escape_string', $type_constraint)) . "')"; 505 505 } 506 506 … … 508 508 SELECT COUNT(*) 509 509 FROM node_tbl 510 WHERE parent_type = '" . addslashes($child_type) . "'511 AND parent_id = '" . addslashes($child_id) . "'510 WHERE parent_type = '" . mysql_real_escape_string($child_type) . "' 511 AND parent_id = '" . mysql_real_escape_string($child_id) . "' 512 512 $in_clause 513 513 "); … … 590 590 SELECT parent_type, parent_id, child_type, child_id, title, subnode_quantity 591 591 FROM node_tbl 592 WHERE child_type = '" . addslashes($child_type) . "'593 AND child_id = '" . addslashes($child_id) . "'592 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 593 AND child_id = '" . mysql_real_escape_string($child_id) . "' 594 594 "); 595 595 while ($row = mysql_fetch_assoc($qid)) { … … 649 649 $qid = dbQuery(" 650 650 SELECT 1 FROM node_tbl 651 WHERE parent_type = '" . addslashes($parent_type) . "'652 AND parent_id = '" . addslashes($parent_id) . "'653 AND child_type = '" . addslashes($child_type) . "'654 AND child_id = '" . addslashes($child_id) . "'655 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . addslashes($relationship_type) . "'") . "651 WHERE parent_type = '" . mysql_real_escape_string($parent_type) . "' 652 AND parent_id = '" . mysql_real_escape_string($parent_id) . "' 653 AND child_type = '" . mysql_real_escape_string($child_type) . "' 654 AND child_id = '" . mysql_real_escape_string($child_id) . "' 655 AND relationship_type " . (is_null($relationship_type) ? "IS NULL" : "= '" . mysql_real_escape_string($relationship_type) . "'") . " 656 656 "); 657 657 } else { 658 658 $qid = dbQuery(" 659 659 SELECT 1 FROM node_tbl 660 WHERE child_type = '" . addslashes($child_type) . "'661 AND child_id = '" . addslashes($child_id) . "'660 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 661 AND child_id = '" . mysql_real_escape_string($child_id) . "' 662 662 "); 663 663 } … … 781 781 dbQuery(" 782 782 UPDATE node_tbl 783 SET subnode_quantity = subnode_quantity + '" . addslashes($num_children) . "'784 WHERE child_type = '" . addslashes($child_type) . "'785 AND child_id = '" . addslashes($child_id) . "'783 SET subnode_quantity = subnode_quantity + '" . mysql_real_escape_string($num_children) . "' 784 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 785 AND child_id = '" . mysql_real_escape_string($child_id) . "' 786 786 ",false); 787 787 $qid = dbQuery(" 788 788 SELECT parent_type, parent_id 789 789 FROM node_tbl 790 WHERE child_type = '" . addslashes($child_type) . "'791 AND child_id = '" . addslashes($child_id) . "'790 WHERE child_type = '" . mysql_real_escape_string($child_type) . "' 791 AND child_id = '" . mysql_real_escape_string($child_id) . "' 792 792 ",false); 793 793 while ((list($parent_type, $parent_id) = mysql_fetch_row($qid)) && $parent_id > 0) {
Note: See TracChangeset
for help on using the changeset viewer.