From 7d57b31ba0adc4ec912b29e3e6c618988c7587aa Mon Sep 17 00:00:00 2001
From: Miles Lott <milosch@alumni.egroupware.org>
Date: Mon, 17 Sep 2001 02:26:46 +0000
Subject: [PATCH] use db_addslashes

---
 phpgwapi/inc/class.contacts_shared.inc.php |  5 +++--
 phpgwapi/inc/class.contacts_sql.inc.php    | 16 ++++++++--------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/phpgwapi/inc/class.contacts_shared.inc.php b/phpgwapi/inc/class.contacts_shared.inc.php
index 47fef5d68c..0e1775a9e0 100644
--- a/phpgwapi/inc/class.contacts_shared.inc.php
+++ b/phpgwapi/inc/class.contacts_shared.inc.php
@@ -57,8 +57,9 @@
 		function loop_addslashes($fields)
 		{
 			$absf = $this->stock_contact_fields;
-			while ($t = each($absf)) {
-				$ta[] = addslashes($fields[$t[0]]);
+			while ($t = each($absf))
+			{
+				$ta[] = $this->db->db_addslashes($fields[$t[0]]);
 			}
 			reset($absf);
 			return $ta;
diff --git a/phpgwapi/inc/class.contacts_sql.inc.php b/phpgwapi/inc/class.contacts_sql.inc.php
index 84aff6998f..cb956cae26 100644
--- a/phpgwapi/inc/class.contacts_sql.inc.php
+++ b/phpgwapi/inc/class.contacts_sql.inc.php
@@ -568,7 +568,7 @@
 				while (list($name,$value) = each($extra_fields))
 				{
 					$this->db->query("INSERT INTO $this->ext_table VALUES ('$id','" . $this->account_id . "','"
-						. addslashes($name) . "','" . addslashes($value) . "')",__LINE__,__FILE__);
+						. $this->db->db_addslashes($name) . "','" . $this->db->db_addslashes($value) . "')",__LINE__,__FILE__);
 				}
 			}
 			return $id;
@@ -577,21 +577,21 @@
 		function field_exists($id,$field_name)
 		{
 			$this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
-				. addslashes($field_name) . "'",__LINE__,__FILE__);
+				. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
 			$this->db->next_record();
 			return $this->db->f(0);
 		}
 
 		function add_single_extra_field($id,$owner,$field_name,$field_value)
 		{
-			$this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . addslashes($field_name)
-				. "','" . addslashes($field_value) . "')",__LINE__,__FILE__);
+			$this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . $this->db->db_addslashes($field_name)
+				. "','" . $this->db->db_addslashes($field_value) . "')",__LINE__,__FILE__);
 		}
 
 		function delete_single_extra_field($id,$field_name)
 		{
 			$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
-				. addslashes($field_name) . "'",__LINE__,__FILE__);
+				. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
 		}
 
 		function update($id,$owner,$fields,$access='',$cat_id='',$tid='n')
@@ -609,7 +609,7 @@
 			{
 				while (list($stock_fieldname) = each($stock_fieldnames))
 				{
-					$ta[] = $stock_fieldname . "='" . addslashes($stock_fields[$stock_fieldname]) . "'";
+					$ta[] = $stock_fieldname . "='" . $this->db->db_addslashes($stock_fields[$stock_fieldname]) . "'";
 				}
 				$fields_s = ',' . implode(',',$ta);
 				if ($field_s == ',')
@@ -630,8 +630,8 @@
 					}
 					else
 					{
-						$this->db->query("UPDATE $this->ext_table SET contact_value='" . addslashes($x_value)
-							. "',contact_owner='$owner' WHERE contact_name='" . addslashes($x_name)
+						$this->db->query("UPDATE $this->ext_table SET contact_value='" . $this->db->db_addslashes($x_value)
+							. "',contact_owner='$owner' WHERE contact_name='" . $this->db->db_addslashes($x_name)
 							. "' AND contact_id='$id'",__LINE__,__FILE__);
 					}
 				}