Revision 1868
Added by Dietmar over 11 years ago
save.php | ||
---|---|---|
182 | 182 |
// Update the database |
183 | 183 |
if($password == "") { |
184 | 184 |
$sql .= '`group_id` = '.intval($group_id).', '. |
185 |
'`groups_id` = \''.mysql_real_escape_string($groups_id).'\', '.
|
|
186 |
'`username` = \''.mysql_real_escape_string($username).'\', '.
|
|
185 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
186 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
187 | 187 |
'`active` = '.intval($active).', '. |
188 |
'`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
|
|
189 |
'`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
|
|
190 |
'`email` = \''.mysql_real_escape_string($email).'\' '.
|
|
188 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
189 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
190 |
'`email` = \''.$database->escapeString($email).'\' '.
|
|
191 | 191 |
'WHERE `user_id` = '.intval($user_id).''; |
192 | 192 |
|
193 | 193 |
} else { |
194 | 194 |
|
195 | 195 |
$sql .= '`group_id` = '.intval($group_id).', '. |
196 |
'`groups_id` = \''.mysql_real_escape_string($groups_id).'\', '.
|
|
197 |
'`username` = \''.mysql_real_escape_string($username).'\', '.
|
|
196 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
197 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
198 | 198 |
'`password` = \''.md5($password).'\', '. |
199 | 199 |
'`active` = '.intval($active).', '. |
200 |
'`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
|
|
201 |
'`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
|
|
202 |
'`email` = \''.mysql_real_escape_string($email).'\' '.
|
|
200 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
201 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
202 |
'`email` = \''.$database->escapeString($email).'\' '.
|
|
203 | 203 |
'WHERE `user_id` = '.intval($user_id).''; |
204 | 204 |
|
205 | 205 |
} |
Also available in: Unified diff
! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()