extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-10 07:21:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

use db_addslashes

Browse Source
This commit is contained in:
Miles Lott 2001-09-17 02:26:46 +00:00
parent a5f1abdf00
commit 7d57b31ba0
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpgwapi/inc/class.contacts_shared.inc.php
View File

@ -57,8 +57,9 @@
function loop_addslashes($fields) function loop_addslashes($fields)
{ {
$absf = $this->stock_contact_fields; $absf = $this->stock_contact_fields;
while ($t = each($absf)) { while ($t = each($absf))
$ta[] = addslashes($fields[$t[0]]); {
$ta[] = $this->db->db_addslashes($fields[$t[0]]);
} }
reset($absf); reset($absf);
return $ta; return $ta;

16
phpgwapi/inc/class.contacts_sql.inc.php
View File

@ -568,7 +568,7 @@
while (list($name,$value) = each($extra_fields)) while (list($name,$value) = each($extra_fields))
{ {
$this->db->query("INSERT INTO $this->ext_table VALUES ('$id','" . $this->account_id . "','" $this->db->query("INSERT INTO $this->ext_table VALUES ('$id','" . $this->account_id . "','"
. addslashes($name) . "','" . addslashes($value) . "')",__LINE__,__FILE__); . $this->db->db_addslashes($name) . "','" . $this->db->db_addslashes($value) . "')",__LINE__,__FILE__);
} }
} }
return $id; return $id;
@ -577,21 +577,21 @@
function field_exists($id,$field_name) function field_exists($id,$field_name)
{ {
$this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id='$id' AND contact_name='" $this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
. addslashes($field_name) . "'",__LINE__,__FILE__); . $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
$this->db->next_record(); $this->db->next_record();
return $this->db->f(0); return $this->db->f(0);
} }
function add_single_extra_field($id,$owner,$field_name,$field_value) function add_single_extra_field($id,$owner,$field_name,$field_value)
{ {
$this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . addslashes($field_name) $this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . $this->db->db_addslashes($field_name)
. "','" . addslashes($field_value) . "')",__LINE__,__FILE__); . "','" . $this->db->db_addslashes($field_value) . "')",__LINE__,__FILE__);
} }
function delete_single_extra_field($id,$field_name) function delete_single_extra_field($id,$field_name)
{ {
$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_name='" $this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
. addslashes($field_name) . "'",__LINE__,__FILE__); . $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
} }
function update($id,$owner,$fields,$access='',$cat_id='',$tid='n') function update($id,$owner,$fields,$access='',$cat_id='',$tid='n')
@ -609,7 +609,7 @@
{ {
while (list($stock_fieldname) = each($stock_fieldnames)) while (list($stock_fieldname) = each($stock_fieldnames))
{ {
$ta[] = $stock_fieldname . "='" . addslashes($stock_fields[$stock_fieldname]) . "'"; $ta[] = $stock_fieldname . "='" . $this->db->db_addslashes($stock_fields[$stock_fieldname]) . "'";
} }
$fields_s = ',' . implode(',',$ta); $fields_s = ',' . implode(',',$ta);
if ($field_s == ',') if ($field_s == ',')
@ -630,8 +630,8 @@
} }
else else
{ {
$this->db->query("UPDATE $this->ext_table SET contact_value='" . addslashes($x_value) $this->db->query("UPDATE $this->ext_table SET contact_value='" . $this->db->db_addslashes($x_value)
. "',contact_owner='$owner' WHERE contact_name='" . addslashes($x_name) . "',contact_owner='$owner' WHERE contact_name='" . $this->db->db_addslashes($x_name)
. "' AND contact_id='$id'",__LINE__,__FILE__); . "' AND contact_id='$id'",__LINE__,__FILE__);
} }
} }