Changeset 90 for branches/1.1dev/bin/module_maker/sql.cli.php
- Timestamp:
- Apr 8, 2006 8:35:17 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/bin/module_maker/sql.cli.php
r89 r90 39 39 40 40 // Get DB table column info. 41 $qid = dbQuery("DESCRIBE " . addslashes($db_tbl));41 $qid = dbQuery("DESCRIBE " . mysql_real_escape_string($db_tbl)); 42 42 while ($row = mysql_fetch_row($qid)) { 43 43 $cols[] = $row; … … 68 68 } else if ('added_by_admin_id' == $field || 'modified_by_admin_id' == $field) { 69 69 // Toggle types. 70 $c[$field] = "'\" . addslashes(\$_admin->getVal('user_id')) . \"'";70 $c[$field] = "'\" . mysql_real_escape_string(\$_admin->getVal('user_id')) . \"'"; 71 71 } else if ('added_datetime' == $field || 'modified_datetime' == $field) { 72 72 // DB record insertion datetime. … … 74 74 } else { 75 75 // Default. Just insert data. 76 $c[$field] = "'\" . addslashes(\$frm['$field']) . \"'";76 $c[$field] = "'\" . mysql_real_escape_string(\$frm['$field']) . \"'"; 77 77 } 78 78 } … … 127 127 dbQuery(" 128 128 UPDATE $db_tbl SET$key_eq_val 129 WHERE $primary_key = '" . addslashes(\$frm['$primary_key']) . "'129 WHERE $primary_key = '" . mysql_real_escape_string(\$frm['$primary_key']) . "' 130 130 "); 131 131 E_O_F; … … 140 140 $delim = 'WHERE'; 141 141 if (!empty($primary_key)) { 142 $where_clause = " $delim $primary_key = '\" . addslashes(\$frm['$primary_key']) . \"'\n";142 $where_clause = " $delim $primary_key = '\" . mysql_real_escape_string(\$frm['$primary_key']) . \"'\n"; 143 143 $delim = 'AND'; 144 144 } … … 147 147 continue; 148 148 } 149 $where_clause .= " $delim $k = '\" . addslashes(\$frm['$k']) . \"'\n";149 $where_clause .= " $delim $k = '\" . mysql_real_escape_string(\$frm['$k']) . \"'\n"; 150 150 $delim = 'AND'; 151 151 } … … 175 175 if (!isset($op) || 'search' == $op) { 176 176 $search_skip_columns = array('added_datetime', 'added_by_admin_id', 'modified_datetime', 'modified_by_admin_id', 'publish', 'featured'); 177 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . addslashes(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns));177 $search_columns = $db_tbl . '.' . join(" LIKE '%\" . mysql_real_escape_string(\$qry_words[\$i]) . \"%'\n OR $db_tbl.", array_diff(array_keys($c), $search_skip_columns)); 178 178 echo <<<E_O_F 179 179 \$where_clause .= (empty(\$where_clause) ? 'WHERE' : 'AND') . " 180 180 ( 181 $search_columns LIKE '%" . addslashes(\$qry_words[\$i]) . "%'181 $search_columns LIKE '%" . mysql_real_escape_string(\$qry_words[\$i]) . "%' 182 182 ) 183 183 ";
Note: See TracChangeset
for help on using the changeset viewer.