Project

General

Profile

« Previous | Next » 

Revision 1868

Added by Dietmar over 11 years ago

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

View differences:

save.php
272 272

  
273 273
	    if ( !in_array($value, $disallow_in_fields) && (isset($_POST[$setting_name]) || $passed == true) )
274 274
	    {
275
	        $value = trim($admin->add_slashes($value));
275
	        $value = trim($database->escapeString($value));
276 276
	        $sql = 'UPDATE `'.TABLE_PREFIX.'settings` ';
277
	        $sql .= 'SET `value` = \''.($value).'\' '; // mysql_escape_string
277
	        $sql .= 'SET `value` = \''.($value).'\' ';
278 278
	        $sql .= 'WHERE `name` != \'wb_version\' ';
279 279
	        $sql .= 'AND `name` = \''.$setting_name.'\' ';
280 280
	        if (!$database->query($sql))

Also available in: Unified diff