Project

General

Profile

« Previous | Next » 

Revision 1868

Added by Dietmar over 11 years ago

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

View differences:

save.php
182 182
            // Update the database
183 183
            if($password == "") {
184 184
                $sql .= '`group_id`     = '.intval($group_id).', '.
185
                        '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.
186
                        '`username` = \''.mysql_real_escape_string($username).'\', '.
185
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
186
                        '`username` = \''.$database->escapeString($username).'\', '.
187 187
                        '`active` = '.intval($active).', '.
188
                        '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
189
                        '`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
190
                        '`email` = \''.mysql_real_escape_string($email).'\' '.
188
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.
189
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.
190
                        '`email` = \''.$database->escapeString($email).'\' '.
191 191
                        'WHERE `user_id` = '.intval($user_id).'';
192 192

  
193 193
            } else {
194 194

  
195 195
                $sql .= '`group_id`     = '.intval($group_id).', '.
196
                        '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.
197
                        '`username` = \''.mysql_real_escape_string($username).'\', '.
196
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
197
                        '`username` = \''.$database->escapeString($username).'\', '.
198 198
                        '`password` = \''.md5($password).'\', '.
199 199
                        '`active` = '.intval($active).', '.
200
                        '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
201
                        '`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
202
                        '`email` = \''.mysql_real_escape_string($email).'\' '.
200
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.
201
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.
202
                        '`email` = \''.$database->escapeString($email).'\' '.
203 203
                        'WHERE `user_id` = '.intval($user_id).'';
204 204

  
205 205
            }

Also available in: Unified diff