Revision 1868
Added by Dietmar almost 12 years ago
add.php | ||
---|---|---|
156 | 156 |
// Inser the user into the database |
157 | 157 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'users` SET '. |
158 | 158 |
'`group_id` = '.intval($group_id).', '. |
159 |
'`groups_id` = \''.mysql_real_escape_string($groups_id).'\', '.
|
|
159 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
160 | 160 |
'`active` = '.intval($active).', '. |
161 |
'`username` = \''.mysql_real_escape_string($username).'\', '.
|
|
161 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
162 | 162 |
'`password` = \''.md5($password).'\', '. |
163 |
'`confirm_code` = \''.mysql_real_escape_string($confirm_code).'\', '.
|
|
163 |
'`confirm_code` = \''.$database->escapeString($confirm_code).'\', '.
|
|
164 | 164 |
'`confirm_timeout` = '.intval($confirm_timeout).', '. |
165 |
'`remember_key` = \''.mysql_real_escape_string($remember_key).'\', '.
|
|
165 |
'`remember_key` = \''.$database->escapeString($remember_key).'\', '.
|
|
166 | 166 |
'`last_reset` = '.intval($last_reset).', '. |
167 |
'`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
|
|
168 |
'`email` = \''.mysql_real_escape_string($email).'\', '.
|
|
167 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
168 |
'`email` = \''.$database->escapeString($email).'\', '.
|
|
169 | 169 |
'`timezone` = '.intval($timezone).', '. |
170 |
'`date_format` = \''.mysql_real_escape_string($date_format).'\', '.
|
|
171 |
'`time_format` = \''.mysql_real_escape_string($time_format).'\', '.
|
|
172 |
'`language` = \''.mysql_real_escape_string($language).'\', '.
|
|
173 |
'`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
|
|
170 |
'`date_format` = \''.$database->escapeString($date_format).'\', '.
|
|
171 |
'`time_format` = \''.$database->escapeString($time_format).'\', '.
|
|
172 |
'`language` = \''.$database->escapeString($language).'\', '.
|
|
173 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
174 | 174 |
'`login_when` = '.intval($login_when).', '. |
175 |
'`login_ip` = \''.mysql_real_escape_string($login_ip).'\' '.
|
|
175 |
'`login_ip` = \''.$database->escapeString($login_ip).'\' '.
|
|
176 | 176 |
''; |
177 | 177 |
if($database->query($sql)) { |
178 | 178 |
msgQueue::add($MESSAGE['USERS_ADDED'], true); |
Also available in: Unified diff
! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()