Revision 1868
Added by Dietmar almost 12 years ago
save.php | ||
---|---|---|
45 | 45 |
$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU'; |
46 | 46 |
$content = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $content); |
47 | 47 |
// searching in $text will be much easier this way |
48 |
$content = mysql_real_escape_string ($content);
|
|
48 |
$content = WbDatabase::getInstance()->escapeString ($content);
|
|
49 | 49 |
$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0); |
50 | 50 |
$sql = 'UPDATE `'.TABLE_PREFIX.'mod_wysiwyg` '; |
51 | 51 |
$sql .= 'SET `content`=\''.$content.'\', `text`=\''.$text.'\' '; |
Also available in: Unified diff
! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()