Changeset 90 for branches/1.1dev/bin/module_maker/skel/admin.php
- Timestamp:
- Apr 8, 2006 8:35:17 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/bin/module_maker/skel/admin.php
r89 r90 138 138 if (getFormdata('repeat', false)) { 139 139 // Display edit function with next available ID. 140 $qid = dbQuery("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . addslashes(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1");140 $qid = dbQuery("SELECT %PRIMARY_KEY% FROM %DB_TBL% WHERE %PRIMARY_KEY% > '" . mysql_real_escape_string(getFormData('%PRIMARY_KEY%')) . "' ORDER BY %PRIMARY_KEY% ASC LIMIT 1"); 141 141 if (list($next_id) = mysql_fetch_row($qid)) { 142 142 dieURL($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $next_id); … … 204 204 SELECT * 205 205 FROM %DB_TBL% 206 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'206 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 207 207 "); 208 208 if (!$frm = mysql_fetch_assoc($qid)) { … … 241 241 SELECT <##> 242 242 FROM %DB_TBL% 243 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'243 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 244 244 "); 245 245 if (! list($name) = mysql_fetch_row($qid)) { … … 250 250 251 251 // Delete the record. 252 dbQuery("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'");252 dbQuery("DELETE FROM %DB_TBL% WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "'"); 253 253 254 254 raiseMsg(sprintf(_("The %ITEM_TITLE% <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); … … 320 320 if (getFormData('filter_<##>', false)) { 321 321 // Limit by filter. 322 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . addslashes(getFormData('filter_<##>')) . "'";322 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " <##> = '" . mysql_real_escape_string(getFormData('filter_<##>')) . "'"; 323 323 } 324 324 … … 400 400 dbQuery(" 401 401 UPDATE %DB_TBL% SET 402 rank = '" . addslashes($new_rank) . "'403 WHERE %PRIMARY_KEY% = '" . addslashes($id) . "'402 rank = '" . mysql_real_escape_string($new_rank) . "' 403 WHERE %PRIMARY_KEY% = '" . mysql_real_escape_string($id) . "' 404 404 "); 405 405 }
Note: See TracChangeset
for help on using the changeset viewer.