Project

General

Profile

« Previous | Next » 

Revision 1868

Added by Dietmar almost 12 years ago

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

View differences:

add.php
156 156 
            // Inser the user into the database
157 157 
			$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET '.
158 158 
                    '`group_id`     = '.intval($group_id).', '.
159 
                    '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.
159 
                    '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
160 160 
                    '`active`       = '.intval($active).', '.
161 
                    '`username`     = \''.mysql_real_escape_string($username).'\', '.
161 
                    '`username`     = \''.$database->escapeString($username).'\', '.
162 162 
                    '`password`     = \''.md5($password).'\', '.
163 
                    '`confirm_code` = \''.mysql_real_escape_string($confirm_code).'\', '.
163 
                    '`confirm_code` = \''.$database->escapeString($confirm_code).'\', '.
164 164 
                    '`confirm_timeout` = '.intval($confirm_timeout).', '.
165 
                    '`remember_key` = \''.mysql_real_escape_string($remember_key).'\', '.
165 
                    '`remember_key` = \''.$database->escapeString($remember_key).'\', '.
166 166 
                    '`last_reset`   = '.intval($last_reset).', '.
167 
                    '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
168 
                    '`email`        = \''.mysql_real_escape_string($email).'\', '.
167 
                    '`display_name` = \''.$database->escapeString($display_name).'\', '.
168 
                    '`email`        = \''.$database->escapeString($email).'\', '.
169 169 
                    '`timezone`     = '.intval($timezone).', '.
170 
                    '`date_format`  = \''.mysql_real_escape_string($date_format).'\', '.
171 
                    '`time_format`  = \''.mysql_real_escape_string($time_format).'\', '.
172 
                    '`language`     = \''.mysql_real_escape_string($language).'\', '.
173 
                    '`home_folder`  = \''.mysql_real_escape_string($home_folder).'\', '.
170 
                    '`date_format`  = \''.$database->escapeString($date_format).'\', '.
171 
                    '`time_format`  = \''.$database->escapeString($time_format).'\', '.
172 
                    '`language`     = \''.$database->escapeString($language).'\', '.
173 
                    '`home_folder`  = \''.$database->escapeString($home_folder).'\', '.
174 174 
                    '`login_when`   = '.intval($login_when).', '.
175 
                    '`login_ip`     = \''.mysql_real_escape_string($login_ip).'\' '.
175 
                    '`login_ip`     = \''.$database->escapeString($login_ip).'\' '.
176 176 
                    '';
177 177 
            if($database->query($sql)) {
178 178 
            	msgQueue::add($MESSAGE['USERS_ADDED'], true);

Also available in: Unified diff