mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 14:18:52 +00:00
We'll try and get it right this time ...
git-svn-id: file:///svn/phpbb/trunk@3265 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
d2e324fe0b
commit
493a689b1e
4 changed files with 16 additions and 21 deletions
|
|
@ -403,14 +403,9 @@ class sql_db
|
|||
return ( $query_id ) ? mssql_free_result($query_id) : false;
|
||||
}
|
||||
|
||||
function sql_quote($sql)
|
||||
function sql_escape($msg)
|
||||
{
|
||||
return str_replace("\'", "''", $sql);
|
||||
}
|
||||
|
||||
function sql_escape($sql)
|
||||
{
|
||||
return str_replace("'", "''", str_replace('\\', '\\\\', $sql));
|
||||
return str_replace("'", "''", str_replace('\\', '\\\\', $msg));
|
||||
}
|
||||
|
||||
function sql_error($query_id = 0)
|
||||
|
|
|
|||
|
|
@ -379,6 +379,11 @@ class sql_db
|
|||
return ( $query_id ) ? @mysql_free_result($query_id) : false;
|
||||
}
|
||||
|
||||
function sql_escape($msg)
|
||||
{
|
||||
return mysql_escape_string($msg);
|
||||
}
|
||||
|
||||
function sql_error($sql = '')
|
||||
{
|
||||
if ( !$this->return_on_error )
|
||||
|
|
|
|||
|
|
@ -379,11 +379,6 @@ if (!empty($_REQUEST['explain']))
|
|||
return ( $query_id ) ? @mysql_free_result($query_id) : false;
|
||||
}
|
||||
|
||||
function sql_quote($msg)
|
||||
{
|
||||
return mysql_escape_string($msg);
|
||||
}
|
||||
|
||||
function sql_escape($msg)
|
||||
{
|
||||
return mysql_escape_string($msg);
|
||||
|
|
|
|||
|
|
@ -312,7 +312,7 @@ if (isset($post))
|
|||
{
|
||||
$topic_sql = array(
|
||||
'forum_id' => intval($forum_id),
|
||||
'topic_title' => $subject,
|
||||
'topic_title' => $db->sql_escape(htmlspecialchars($subject)),
|
||||
'topic_poster' => intval($user->data['user_id']),
|
||||
'topic_time' => $current_time,
|
||||
'topic_type' => (!empty($enable_icons)) ? intval($topic_type) : 0,
|
||||
|
|
@ -322,7 +322,7 @@ if (isset($post))
|
|||
if (!empty($poll_options))
|
||||
{
|
||||
$topic_sql = array_merge($topic_sql, array(
|
||||
'poll_title' => $poll_title,
|
||||
'poll_title' => $db->sql_escape($poll_title),
|
||||
'poll_start' => (!empty($poll_start)) ? $poll_start : $current_time,
|
||||
'poll_length' => $poll_length * 3600
|
||||
));
|
||||
|
|
@ -338,7 +338,7 @@ if (isset($post))
|
|||
'topic_id' => intval($topic_id),
|
||||
'forum_id' => intval($forum_id),
|
||||
'poster_id' => ($mode == 'edit') ? intval($poster_id) : intval($user->data['user_id']),
|
||||
'post_username' => ($username != '') ? $username : '',
|
||||
'post_username' => ($username != '') ? $db->sql_escape($username) : '',
|
||||
'poster_ip' => $user->ip,
|
||||
'post_time' => $current_time,
|
||||
'post_approved' => (!empty($enable_moderate) && !$auth->acl_gets('f_ignorequeue', 'm_', 'a_', intval($forum_id))) ? 0 : 1,
|
||||
|
|
@ -356,7 +356,7 @@ if (isset($post))
|
|||
|
||||
// post_text ... may merge into posts table
|
||||
$post_text_sql = array(
|
||||
'post_subject' => $db->sql_quote(htmlspecialchars($subject)),
|
||||
'post_subject' => $db->sql_escape(htmlspecialchars($subject)),
|
||||
'bbcode_uid' => $bbcode_uid,
|
||||
'post_id' => intval($post_id),
|
||||
);
|
||||
|
|
@ -364,10 +364,10 @@ if (isset($post))
|
|||
{
|
||||
$post_text_sql = array_merge($post_text_sql, array(
|
||||
'post_checksum' => $message_md5,
|
||||
'post_text' => $db->sql_quote($message),
|
||||
'post_text' => $db->sql_escape($message),
|
||||
));
|
||||
}
|
||||
echo $sql = ($mode == 'edit') ? 'UPDATE ' . POSTS_TEXT_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $post_text_sql) . ' WHERE post_id = ' . intval($post_id) : 'INSERT INTO ' . POSTS_TEXT_TABLE . ' ' . $db->sql_build_array('INSERT', $post_text_sql);
|
||||
$sql = ($mode == 'edit') ? 'UPDATE ' . POSTS_TEXT_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $post_text_sql) . ' WHERE post_id = ' . intval($post_id) : 'INSERT INTO ' . POSTS_TEXT_TABLE . ' ' . $db->sql_build_array('INSERT', $post_text_sql);
|
||||
$db->sql_query($sql);
|
||||
|
||||
// poll options
|
||||
|
|
@ -392,13 +392,13 @@ if (isset($post))
|
|||
if (empty($cur_poll_options[$i]))
|
||||
{
|
||||
$sql = "INSERT INTO phpbb_poll_results (topic_id, poll_option_text)
|
||||
VALUES (" . intval($topic_id) . ", '" . sql_quote($poll_options[$i]) . "')";
|
||||
VALUES (" . intval($topic_id) . ", '" . $db->sql_escape($poll_options[$i]) . "')";
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
else if ($poll_options[$i] != $cur_poll_options[$i])
|
||||
{
|
||||
$sql = "UPDATE phpbb_poll_results
|
||||
SET poll_option_text = '" . sql_quote($poll_options[$i]) . "'
|
||||
SET poll_option_text = '" . $db->sql_escape($poll_options[$i]) . "'
|
||||
WHERE poll_option_id = " . $cur_poll_options[$i]['poll_option_id'];
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
|
|
@ -431,7 +431,7 @@ if (isset($post))
|
|||
'forum_last_post_id' => intval($post_id),
|
||||
'forum_last_post_time' => $current_time,
|
||||
'forum_last_poster_id' => intval($user->data['user_id']),
|
||||
'forum_last_poster_name'=> ($user->data['user_id'] == ANONYMOUS) ? $username : $user->data['username'],
|
||||
'forum_last_poster_name'=> ($user->data['user_id'] == ANONYMOUS) ? $db->sql_escape($username) : $user->data['username'],
|
||||
);
|
||||
$sql = 'UPDATE ' . FORUMS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $forum_sql) . ', forum_posts = forum_posts + 1' . $forum_topics_sql . ' WHERE forum_id IN (' . $forum_ids . ')';
|
||||
$db->sql_query($sql);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue