makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 05:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Various updates, inc. fixing non-escaping of '

Browse source 
git-svn-id: file:///svn/phpbb/trunk@3263 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-01-07 14:37:34 +00:00
parent 7bdb2816f9
commit 5048f1f2bc
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/posting.php
View file

@ -356,7 +356,7 @@ if (isset($post))
// post_text ... may merge into posts table
$post_text_sql = array(
'post_subject' => htmlspecialchars($subject),
'post_subject' => $db->sql_quote(htmlspecialchars($subject)),
'bbcode_uid' => $bbcode_uid,
'post_id' => intval($post_id),
);
@ -364,10 +364,10 @@ if (isset($post))
{
$post_text_sql = array_merge($post_text_sql, array(
'post_checksum' => $message_md5,
'post_text' => $message,
'post_text' => $db->sql_quote($message),
));
}
$sql = ($mode == 'edit') ? 'UPDATE ' . POSTS_TEXT_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $post_text_sql) . ' WHERE post_id = ' . intval($post_id) : 'INSERT INTO ' . POSTS_TEXT_TABLE . ' ' . $db->sql_build_array('INSERT', $post_text_sql);
echo $sql = ($mode == 'edit') ? 'UPDATE ' . POSTS_TEXT_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $post_text_sql) . ' WHERE post_id = ' . intval($post_id) : 'INSERT INTO ' . POSTS_TEXT_TABLE . ' ' . $db->sql_build_array('INSERT', $post_text_sql);
$db->sql_query($sql);
// poll options