mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-23 18:11:47 +02:00
Code Issues Releases Wiki Activity

sql_quote to $db->sql_escape

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@3358 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2003-01-22 16:58:00 +00:00
parent 01517e23fd
commit 2005fb7061
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/db/mysql.php
View File

@@ -236,7 +236,7 @@ class sql_db
} }
elseif (is_string($var)) elseif (is_string($var))
{ {
$values[] = "'" . sql_quote($var) . "'"; $values[] = "'" . $this->sql_escape($var) . "'";
} }
else else
{ {
@@ -257,7 +257,7 @@ class sql_db
} }
elseif (is_string($var)) elseif (is_string($var))
{ {
$values[] = "$key = '" . sql_quote($var) . "'"; $values[] = "$key = '" . $this->sql_escape($var) . "'";
} }
else else
{ {

8
phpBB/db/mysql4.php
View File

@@ -130,11 +130,13 @@ class sql_db
$curtime = explode(' ', microtime()); $curtime = explode(' ', microtime());
$curtime = $curtime[0] + $curtime[1] - $starttime; $curtime = $curtime[0] + $curtime[1] - $starttime;
} }
if (!$this->query_result = @mysql_query($query, $this->db_connect_id)) if (!$this->query_result = @mysql_query($query, $this->db_connect_id))
{ {
$this->sql_error($query); $this->sql_error($query);
} }
if (!empty($_REQUEST['explain']))
if (!empty($_REQUEST['explain']))
{ {
$endtime = explode(' ', microtime()); $endtime = explode(' ', microtime());
$endtime = $endtime[0] + $endtime[1] - $starttime; $endtime = $endtime[0] + $endtime[1] - $starttime;
@@ -226,7 +228,7 @@ if (!empty($_REQUEST['explain']))
} }
elseif (is_string($var)) elseif (is_string($var))
{ {
$values[] = "'" . str_replace('\\\'', '\'\'', $var) . "'"; $values[] = "'" . $this->sql_escape($var) . "'";
} }
else else
{ {
@@ -247,7 +249,7 @@ if (!empty($_REQUEST['explain']))
} }
elseif (is_string($var)) elseif (is_string($var))
{ {
$values[] = "$key = '" . str_replace('\\\'', '\'\'', $var) . "'"; $values[] = "$key = '" . $this->sql_escape($var) . "'";
} }
else else
{ {