extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 09:04:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

use db_addslashes

Browse Source
This commit is contained in:
Miles Lott 2001-09-17 02:26:46 +00:00
parent a5f1abdf00
commit 7d57b31ba0
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpgwapi/inc/class.contacts_shared.inc.php
View File

@ -57,8 +57,9 @@
function loop_addslashes($fields)
{
$absf = $this->stock_contact_fields;
while ($t = each($absf)) {
$ta[] = addslashes($fields[$t[0]]);
while ($t = each($absf))
{
$ta[] = $this->db->db_addslashes($fields[$t[0]]);
}
reset($absf);
return $ta;

16
phpgwapi/inc/class.contacts_sql.inc.php
View File

@ -568,7 +568,7 @@
while (list($name,$value) = each($extra_fields))
{
$this->db->query("INSERT INTO $this->ext_table VALUES ('$id','" . $this->account_id . "','"
. addslashes($name) . "','" . addslashes($value) . "')",__LINE__,__FILE__);
. $this->db->db_addslashes($name) . "','" . $this->db->db_addslashes($value) . "')",__LINE__,__FILE__);
}
}
return $id;
@ -577,21 +577,21 @@
function field_exists($id,$field_name)
{
$this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
. addslashes($field_name) . "'",__LINE__,__FILE__);
. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
$this->db->next_record();
return $this->db->f(0);
}
function add_single_extra_field($id,$owner,$field_name,$field_value)
{
$this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . addslashes($field_name)
. "','" . addslashes($field_value) . "')",__LINE__,__FILE__);
$this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . $this->db->db_addslashes($field_name)
. "','" . $this->db->db_addslashes($field_value) . "')",__LINE__,__FILE__);
}
function delete_single_extra_field($id,$field_name)
{
$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
. addslashes($field_name) . "'",__LINE__,__FILE__);
. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
}
function update($id,$owner,$fields,$access='',$cat_id='',$tid='n')
@ -609,7 +609,7 @@
{
while (list($stock_fieldname) = each($stock_fieldnames))
{
$ta[] = $stock_fieldname . "='" . addslashes($stock_fields[$stock_fieldname]) . "'";
$ta[] = $stock_fieldname . "='" . $this->db->db_addslashes($stock_fields[$stock_fieldname]) . "'";
}
$fields_s = ',' . implode(',',$ta);
if ($field_s == ',')
@ -630,8 +630,8 @@
}
else
{
$this->db->query("UPDATE $this->ext_table SET contact_value='" . addslashes($x_value)
. "',contact_owner='$owner' WHERE contact_name='" . addslashes($x_name)
$this->db->query("UPDATE $this->ext_table SET contact_value='" . $this->db->db_addslashes($x_value)
. "',contact_owner='$owner' WHERE contact_name='" . $this->db->db_addslashes($x_name)
. "' AND contact_id='$id'",__LINE__,__FILE__);
}
}