Changeset 82 for branches/1.1dev/lib/SortOrder.inc.php

Timestamp:

Apr 8, 2006 3:07:57 AM (18 years ago)

Author:

scdev

Message:

Changed all usage of addslashes to mysql_real_escape_quotes

File:

• branches/1.1dev/lib/SortOrder.inc.php (modified) (1 diff)

branches/1.1dev/lib/SortOrder.inc.php

@@ -149 +149 @@
 
         if (!empty($this->_columns[strtolower($this->sort_by)][strtolower(strtolower($this->order))])) {
-            return ' ORDER BY ' . addslashes($this->_columns[strtolower($this->sort_by)][strtolower(strtolower($this->order))]);
+            return ' ORDER BY ' . mysql_real_escape_string($this->_columns[strtolower($this->sort_by)][strtolower(strtolower($this->order))]);
         } else {
             logMsg(sprintf('Could not find SQL to sort by %s %s.', $this->sort_by, $this->order), LOG_WARNING, __FILE__, __LINE__);