sql_query($sql);
if(!$result)
{
die("Unable to get users");
}
while ($row = $db->sql_fetchrow($result))
{
if (!preg_match('#(>)|(<)|(")|(&)#', $row['username']))
{
if ($row['username'] != htmlspecialchars($row['username']))
{
flush();
$sql = "UPDATE " . USERS_TABLE . "
SET username = '" . str_replace("'", "''", htmlspecialchars($row['username'])) . "'
WHERE user_id = " . $row['user_id'];
if (!$db->sql_query($sql))
{
echo "ERROR: Unable to rename user " . htmlspecialchars($row['username']) . " with ID " . $row['user_id'] . "
";
echo "" . print_r($db->sql_error()) . "
$sql";
}
else
{
echo "Renamed User " . htmlspecialchars($row['username']) . " with ID " . $row['user_id'] . "
";
}
}
}
}
echo "
That's All Folks!";
?>