Project

General

Profile

« Previous | Next » 

Revision 1868

Added by Dietmar over 11 years ago

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

View differences:

save.php
182 182 
            // Update the database
183 183 
            if($password == "") {
184 184 
                $sql .= '`group_id`     = '.intval($group_id).', '.
185 
                        '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.
186 
                        '`username` = \''.mysql_real_escape_string($username).'\', '.
185 
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
186 
                        '`username` = \''.$database->escapeString($username).'\', '.
187 187 
                        '`active` = '.intval($active).', '.
188 
                        '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
189 
                        '`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
190 
                        '`email` = \''.mysql_real_escape_string($email).'\' '.
188 
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.
189 
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.
190 
                        '`email` = \''.$database->escapeString($email).'\' '.
191 191 
                        'WHERE `user_id` = '.intval($user_id).'';
192 192 

  		




  193
  193
  
    
            } else {


  		




  194
  194
  
    

  		




  195
  195
  
    
                $sql .= '`group_id`     = '.intval($group_id).', '.


  		




  196
  
  
    
                        '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.


  		




  197
  
  
    
                        '`username` = \''.mysql_real_escape_string($username).'\', '.


  		




  
  196
  
    
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.


  		




  
  197
  
    
                        '`username` = \''.$database->escapeString($username).'\', '.


  		




  198
  198
  
    
                        '`password` = \''.md5($password).'\', '.


  		




  199
  199
  
    
                        '`active` = '.intval($active).', '.


  		




  200
  
  
    
                        '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.


  		




  201
  
  
    
                        '`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.


  		




  202
  
  
    
                        '`email` = \''.mysql_real_escape_string($email).'\' '.


  		




  
  200
  
    
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.


  		




  
  201
  
    
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.


  		




  
  202
  
    
                        '`email` = \''.$database->escapeString($email).'\' '.


  		




  203
  203
  
    
                        'WHERE `user_id` = '.intval($user_id).'';


  		




  204
  204
  
    

  		




  205
  205
  
    
            }


  		












Also available in:  Unified diff