Changeset 90 for branches/1.1dev/bin
- Timestamp:
- Apr 8, 2006 8:35:17 AM (18 years ago)
- Location:
- branches/1.1dev/bin
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/bin/file_importer.php
r89 r90 43 43 // added_datetime 44 44 // ) VALUES ( 45 // '" . addslashes(0) . "',46 // '" . addslashes('hosting') . "',47 // '" . addslashes($file_date) . "',48 // '" . addslashes($amt[1]) . "',49 // '" . addslashes('Paid') . "',50 // '" . addslashes('') . "',51 // '" . addslashes($file_text) . "',52 // '" . addslashes($file_date) . "',45 // '" . mysql_real_escape_string(0) . "', 46 // '" . mysql_real_escape_string('hosting') . "', 47 // '" . mysql_real_escape_string($file_date) . "', 48 // '" . mysql_real_escape_string($amt[1]) . "', 49 // '" . mysql_real_escape_string('Paid') . "', 50 // '" . mysql_real_escape_string('') . "', 51 // '" . mysql_real_escape_string($file_text) . "', 52 // '" . mysql_real_escape_string($file_date) . "', 53 53 // NOW() 54 54 // ) -
branches/1.1dev/bin/module_maker/form_template.cli.php
r89 r90 28 28 29 29 // Get DB table column info. 30 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));30 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 31 31 while ($row = mysql_fetch_row($qid)) { 32 32 $cols[] = $row; -
branches/1.1dev/bin/module_maker/list_template.cli.php
r89 r90 40 40 41 41 // Get DB table column info. 42 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));42 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 43 43 while ($row = mysql_fetch_row($qid)) { 44 44 $cols[] = $row; -
branches/1.1dev/bin/module_maker/module.cli.php
r89 r90 135 135 // Ensure requested table contains columns. 136 136 // Get DB table column info. 137 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));137 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 138 138 while ($row = mysql_fetch_row($qid)) { 139 139 $cols[] = $row; -
branches/1.1dev/bin/module_maker/skel/admin.php
r89 r90 138 138 if (getFormdata('repeat', false)) { 139 139 // Display edit function with next available ID. 140 $qid = dbQuery("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . addslashes(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");140 $qid = dbQuery("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); 141 141 if (list($next_id) = mysql_fetch_row($qid)) { 142 142 dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); … … 204 204 SELECT * 205 205 FROM %DB_TBL% 206 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'206 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 207 207 "); 208 208 if (!$frm = mysql_fetch_assoc($qid)) { … … 241 241 SELECT <##> 242 242 FROM %DB_TBL% 243 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'243 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 244 244 "); 245 245 if (! list($name) = mysql_fetch_row($qid)) { … … 250 250 251 251 // Delete the record. 252 dbQuery("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'");252 dbQuery("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "'"); 253 253 254 254 raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); … … 320 320 if (getFormData('filter_<##>', false)) { 321 321 // Limit by filter. 322 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . addslashes(getFormData('filter_<##>')) . "'";322 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . mysql_real_escape_string(getFormData('filter_<##>')) . "'"; 323 323 } 324 324 … … 400 400 dbQuery(" 401 401 UPDATE %DB_TBL% SET 402 rank = '" . addslashes($new_rank) . "'403 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'402 rank = '" . mysql_real_escape_string($new_rank) . "' 403 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 404 404 "); 405 405 } -
branches/1.1dev/bin/module_maker/skel/public.php
r89 r90 36 36 $qid = dbQuery(" 37 37 SELECT * FROM %DB_TBL% 38 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'38 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' 39 39 AND publish = 'true' 40 40 <##>AND (publish_date <= CURDATE() OR publish_date = '0000-00-00') … … 50 50 UPDATE %DB_TBL% 51 51 SET hit_count = hit_count + 1 52 WHERE %PRIMARY_KEY% = '" . addslashes(getFormData('%PRIMARY_KEY%')) . "'52 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' 53 53 "); 54 54 -
branches/1.1dev/bin/module_maker/sql.cli.php
r89 r90 39 39 40 40 // Get DB table column info. 41 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));41 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 42 42 while ($row = mysql_fetch_row($qid)) { 43 43 $cols[] = $row; … … 68 68 } else if ('added_by_admin_id' == $field || 'modified_by_admin_id' == $field) { 69 69 // Toggle types. 70 $c[$field] = "'\" . addslashes(\$_admin->getVal('user_id')) . \"'";70 $c[$field] = "'\" . mysql_real_escape_string(\$_admin->getVal('user_id')) . \"'"; 71 71 } else if ('added_datetime' == $field || 'modified_datetime' == $field) { 72 72 // DB record insertion datetime. … … 74 74 } else { 75 75 // Default. Just insert data. 76 $c[$field] = "'\" . addslashes(\$frm['$field']) . \"'";76 $c[$field] = "'\" . mysql_real_escape_string(\$frm['$field']) . \"'"; 77 77 } 78 78 } … … 127 127 dbQuery(" 128 128 UPDATE $db_tbl SET$key_eq_val 129 WHERE $primary_key = '" . addslashes(\$frm['$primary_key']) . "'129 WHERE $primary_key = '" . mysql_real_escape_string(\$frm['$primary_key']) . "' 130 130 "); 131 131 E_O_F; … … 140 140 $delim = 'WHERE'; 141 141 if (!empty($primary_key)) { 142 $where_clause = " $delim $primary_key = '\" . addslashes(\$frm['$primary_key']) . \"'\n";142 $where_clause = " $delim $primary_key = '\" . mysql_real_escape_string(\$frm['$primary_key']) . \"'\n"; 143 143 $delim = 'AND'; 144 144 } … … 147 147 continue; 148 148 } 149 $where_clause .= " $delim $k = '\" . addslashes(\$frm['$k']) . \"'\n";149 $where_clause .= " $delim $k = '\" . mysql_real_escape_string(\$frm['$k']) . \"'\n"; 150 150 $delim = 'AND'; 151 151 } … … 175 175 if (!isset($op) || 'search' == $op) { 176 176 $search_skip_columns = array('added_datetime', 'added_by_admin_id', 'modified_datetime', 'modified_by_admin_id', 'publish', 'featured'); 177 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . addslashes(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));177 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . mysql_real_escape_string(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns)); 178 178 echo <<<E_O_F 179 179 \$where_clause .= (empty(\$where_clause) ? 'WHERE' : 'AND') . " 180 180 ( 181 $search_columns LIKE '%" . addslashes(\$qry_words[\$i]) . "%'181 $search_columns LIKE '%" . mysql_real_escape_string(\$qry_words[\$i]) . "%' 182 182 ) 183 183 "; -
branches/1.1dev/bin/module_maker/validation.cli.php
r89 r90 29 29 30 30 // Get DB table column info. 31 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));31 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 32 32 while ($row = mysql_fetch_row($qid)) { 33 33 $cols[] = $row;
Note: See TracChangeset
for help on using the changeset viewer.