Changeset 82 for branches/1.1dev/lib/RecordLock.inc.php
- Timestamp:
- Apr 8, 2006 3:07:57 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/lib/RecordLock.inc.php
r81 r82 45 45 $qid = dbQuery(" 46 46 SELECT * FROM lock_tbl 47 WHERE lock_id = '" . addslashes($record_table_or_lock_id) . "'47 WHERE lock_id = '" . mysql_real_escape_string($record_table_or_lock_id) . "' 48 48 "); 49 49 } else { … … 51 51 $qid = dbQuery(" 52 52 SELECT * FROM lock_tbl 53 WHERE record_table = '" . addslashes($record_table_or_lock_id) . "'54 AND record_key = '" . addslashes($record_key) . "'55 AND record_val = '" . addslashes($record_val) . "'53 WHERE record_table = '" . mysql_real_escape_string($record_table_or_lock_id) . "' 54 AND record_key = '" . mysql_real_escape_string($record_key) . "' 55 AND record_val = '" . mysql_real_escape_string($record_val) . "' 56 56 "); 57 57 } 58 58 if ($this->data = mysql_fetch_assoc($qid)) { 59 59 // This could be integrated into the above query, but with the new auth system, this will be a $auth-> method call. 60 // $qid = dbQuery("SELECT username FROM admin_tbl WHERE admin_id = '" . addslashes($this->data['set_by_admin_id']) . "'");60 // $qid = dbQuery("SELECT username FROM admin_tbl WHERE admin_id = '" . mysql_real_escape_string($this->data['set_by_admin_id']) . "'"); 61 61 // list($this->data['editor']) = mysql_fetch_row($qid); 62 62 $this->data['editor'] = $this->_auth->getUsername($this->data['set_by_admin_id']); … … 86 86 { 87 87 if (isset($this->data['lock_id'])) { 88 $qid = dbQuery("SELECT * FROM lock_tbl WHERE lock_id = '" . addslashes($this->data['lock_id']) . "'");88 $qid = dbQuery("SELECT * FROM lock_tbl WHERE lock_id = '" . mysql_real_escape_string($this->data['lock_id']) . "'"); 89 89 if ($lock = mysql_fetch_assoc($qid)) { 90 90 return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id')); … … 112 112 dbQuery(" 113 113 DELETE FROM lock_tbl 114 WHERE record_table = '" . addslashes($record_table) . "'115 AND record_key = '" . addslashes($record_key) . "'116 AND record_val = '" . addslashes($record_val) . "'114 WHERE record_table = '" . mysql_real_escape_string($record_table) . "' 115 AND record_key = '" . mysql_real_escape_string($record_key) . "' 116 AND record_val = '" . mysql_real_escape_string($record_val) . "' 117 117 "); 118 118 … … 127 127 lock_datetime 128 128 ) VALUES ( 129 '" . addslashes($record_table) . "',130 '" . addslashes($record_key) . "',131 '" . addslashes($record_val) . "',132 '" . addslashes($title) . "',133 '" . addslashes($this->_auth->getVal('user_id')) . "',129 '" . mysql_real_escape_string($record_table) . "', 130 '" . mysql_real_escape_string($record_key) . "', 131 '" . mysql_real_escape_string($record_val) . "', 132 '" . mysql_real_escape_string($title) . "', 133 '" . mysql_real_escape_string($this->_auth->getVal('user_id')) . "', 134 134 NOW() 135 135 ) … … 151 151 dbQuery(" 152 152 DELETE FROM lock_tbl 153 WHERE lock_id = '" . addslashes($this->data['lock_id']) . "'153 WHERE lock_id = '" . mysql_real_escape_string($this->data['lock_id']) . "' 154 154 "); 155 155 } … … 162 162 if (isset($user_id)) { 163 163 // Delete specific user's locks. 164 dbQuery("DELETE FROM lock_tbl WHERE set_by_admin_id = '" . addslashes($user_id) . "'");164 dbQuery("DELETE FROM lock_tbl WHERE set_by_admin_id = '" . mysql_real_escape_string($user_id) . "'"); 165 165 logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_INFO, __FILE__, __LINE__); 166 166 } else {
Note: See TracChangeset
for help on using the changeset viewer.