MDL-10820 Fixed double quotes in SQL statements

2025-01-19 06:18:28 +01:00 · 2007-09-16 21:48:47 +00:00 · 2007-09-16 21:48:47 +00:00 · 1519cdeb39
commit 1519cdeb39
parent 18ff5a61b6
1 changed files with 11 additions and 11 deletions
--- a/notes/lib.php
+++ b/notes/lib.php
@ -44,9 +44,9 @@ function note_list($courseid=0, $userid=0, $state = '', $author = 0, $order='las
        $selects[] = 'usermodified=' . $author;
    }
    if($state) {
-        $selects[] = 'publishstate="' . $state . '"';
+        $selects[] = "publishstate='$state'";
    }
-    $selects[] = 'module="notes"';
+    $selects[] = "module='notes'";
    $select = implode(' AND ', $selects);
    $fields = 'id,courseid,userid,content,format,created,lastmodified,usermodified,publishstate';
    // retrieve data
@ -62,7 +62,7 @@ function note_list($courseid=0, $userid=0, $state = '', $author = 0, $order='las
 */
 function note_load($note_id) {
    $fields = 'id,courseid,userid,content,format,created,lastmodified,usermodified,publishstate';
-    return get_record_select('post', 'id=' . $note_id . ' AND module="notes"', $fields);
+    return get_record_select('post', "id=$note_id AND module='notes'", $fields);
 }
 /**
@ -109,7 +109,7 @@ function note_save(&$note) {
 * @return boolean true if the object was deleted; false otherwise
 */
 function note_delete($noteid) {
-    return delete_records_select('post', 'id=' . $noteid . ' AND module="notes"');
+    return delete_records_select('post', "id=$noteid AND module='notes'");
 }
 /**