Project

General

Profile

« Previous | Next » 

Revision 1868

Added by Dietmar over 11 years ago

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

View differences:

save.php
45 45
	$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU';
46 46
    $content = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $content);
47 47
	// searching in $text will be much easier this way
48
    $content = mysql_real_escape_string ($content);
48
    $content = WbDatabase::getInstance()->escapeString ($content);
49 49
	$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0);
50 50
	$sql  = 'UPDATE `'.TABLE_PREFIX.'mod_wysiwyg` ';
51 51
	$sql .= 'SET `content`=\''.$content.'\', `text`=\''.$text.'\' ';

Also available in: Unified diff