Project

General

Profile

« Previous | Next » 

Revision 1868

Added by Dietmar over 11 years ago

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

View differences:

add.php
156 156
            // Inser the user into the database
157 157
			$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET '.
158 158
                    '`group_id`     = '.intval($group_id).', '.
159
                    '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.
159
                    '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
160 160
                    '`active`       = '.intval($active).', '.
161
                    '`username`     = \''.mysql_real_escape_string($username).'\', '.
161
                    '`username`     = \''.$database->escapeString($username).'\', '.
162 162
                    '`password`     = \''.md5($password).'\', '.
163
                    '`confirm_code` = \''.mysql_real_escape_string($confirm_code).'\', '.
163
                    '`confirm_code` = \''.$database->escapeString($confirm_code).'\', '.
164 164
                    '`confirm_timeout` = '.intval($confirm_timeout).', '.
165
                    '`remember_key` = \''.mysql_real_escape_string($remember_key).'\', '.
165
                    '`remember_key` = \''.$database->escapeString($remember_key).'\', '.
166 166
                    '`last_reset`   = '.intval($last_reset).', '.
167
                    '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
168
                    '`email`        = \''.mysql_real_escape_string($email).'\', '.
167
                    '`display_name` = \''.$database->escapeString($display_name).'\', '.
168
                    '`email`        = \''.$database->escapeString($email).'\', '.
169 169
                    '`timezone`     = '.intval($timezone).', '.
170
                    '`date_format`  = \''.mysql_real_escape_string($date_format).'\', '.
171
                    '`time_format`  = \''.mysql_real_escape_string($time_format).'\', '.
172
                    '`language`     = \''.mysql_real_escape_string($language).'\', '.
173
                    '`home_folder`  = \''.mysql_real_escape_string($home_folder).'\', '.
170
                    '`date_format`  = \''.$database->escapeString($date_format).'\', '.
171
                    '`time_format`  = \''.$database->escapeString($time_format).'\', '.
172
                    '`language`     = \''.$database->escapeString($language).'\', '.
173
                    '`home_folder`  = \''.$database->escapeString($home_folder).'\', '.
174 174
                    '`login_when`   = '.intval($login_when).', '.
175
                    '`login_ip`     = \''.mysql_real_escape_string($login_ip).'\' '.
175
                    '`login_ip`     = \''.$database->escapeString($login_ip).'\' '.
176 176
                    '';
177 177
            if($database->query($sql)) {
178 178
            	msgQueue::add($MESSAGE['USERS_ADDED'], true);

Also available in: Unified diff