Bug 1733 fixed : merge from trunk

single quotes in queries

git-svn-id: http://piwigo.org/svn/branches/2.1@6551 68402e56-0260-453c-a942-63ccdbb3a9ee

admin/cat_modify.php

@@ -92,8 +92,8 @@ if (isset($_POST['submit']))
   if (isset($_POST['image_order_subcats']))
   {
     $query = '
-UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':"'$image_order'").'
+UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':'\''.$image_order.'\'').'
-  WHERE uppercats LIKE "'.$cat_info['uppercats'].',%"';
+  WHERE uppercats LIKE \''.$cat_info['uppercats'].',%\'';
     pwg_query($query);
   }
 

admin/extend_for_templates.php

@@ -139,10 +139,10 @@ if (isset($_POST['submit']) and !is_adviser())
   $conf['extents_for_templates'] = serialize($replacements);
   $tpl_extension = $replacements;
   /* ecrire la nouvelle conf */
-  $query = "
+  $query = '
-UPDATE ".CONFIG_TABLE."
+UPDATE '.CONFIG_TABLE.'
-  SET value = '". $conf['extents_for_templates'] ."'
+  SET value = \''. $conf['extents_for_templates'] .'\'
-WHERE param = 'extents_for_templates';";
+WHERE param = \'extents_for_templates\';';
   if (pwg_query($query))
   {
     array_push($page['infos'], 

admin/include/functions_permalinks.php

@@ -28,7 +28,7 @@ function get_cat_id_from_permalink( $permalink )
 {
   $query ='
 SELECT id FROM '.CATEGORIES_TABLE.'
-  WHERE permalink="'.$permalink.'"';
+  WHERE permalink=\''.$permalink.'\'';
   $ids = array_from_query($query, 'id');
   if (!empty($ids))
   {
@@ -69,7 +69,7 @@ function delete_cat_permalink( $cat_id, $save )
   $query = '
 SELECT permalink
   FROM '.CATEGORIES_TABLE.'
-  WHERE id="'.$cat_id.'"
+  WHERE id=\''.$cat_id.'\'
 ;';
   $result = pwg_query($query);
   if ( pwg_db_num_rows($result) )
@@ -108,7 +108,7 @@ UPDATE '.CATEGORIES_TABLE.'
       $query = '
 UPDATE '.OLD_PERMALINKS_TABLE.'
   SET date_deleted=NOW()
-  WHERE cat_id='.$cat_id.' AND permalink="'.$permalink.'"';
+  WHERE cat_id='.$cat_id.' AND permalink=\''.$permalink.'\'';
     }
     else
     {
@@ -116,7 +116,7 @@ UPDATE '.OLD_PERMALINKS_TABLE.'
 INSERT INTO '.OLD_PERMALINKS_TABLE.'
   (permalink, cat_id, date_deleted)
 VALUES
-  ( "'.$permalink.'",'.$cat_id.',NOW() )';
+  ( \''.$permalink.'\','.$cat_id.',NOW() )';
     }
     pwg_query( $query );
   }
@@ -185,13 +185,13 @@ function set_cat_permalink( $cat_id, $permalink, $save )
     assert( $old_cat_id==$cat_id );
     $query = '
 DELETE FROM '.OLD_PERMALINKS_TABLE.'
-  WHERE cat_id='.$old_cat_id.' AND permalink="'.$permalink.'"';
+  WHERE cat_id='.$old_cat_id.' AND permalink=\''.$permalink.'\'';
     pwg_query($query);
   }
   
   $query = '
 UPDATE '.CATEGORIES_TABLE.'
-  SET permalink="'.$permalink.'"
+  SET permalink=\''.$permalink.'\'
   WHERE id='.$cat_id;
   //  LIMIT 1';
   pwg_query($query);

admin/include/functions_upgrade.php

@@ -87,7 +87,7 @@ function deactivate_non_standard_plugins()
 SELECT id
 FROM '.PREFIX_TABLE.'plugins
 WHERE state = "active"
-AND id NOT IN ("' . implode('","', $standard_plugins) . '")
+AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
 ;';
 
   $result = pwg_query($query);
@@ -102,7 +102,7 @@ AND id NOT IN ("' . implode('","', $standard_plugins) . '")
     $query = '
 UPDATE '.PREFIX_TABLE.'plugins
 SET state="inactive"
-WHERE id IN ("' . implode('","', $plugins) . '")
+WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
 ;';
     pwg_query($query);
 
@@ -162,7 +162,7 @@ SELECT status
     $query = '
 SELECT password, status
 FROM '.USERS_TABLE.'
-WHERE username = "'.$username.'"
+WHERE username = \''.$username.'\'
 ;';
   }
   else
@@ -172,7 +172,7 @@ SELECT u.password, ui.status
 FROM '.USERS_TABLE.' AS u
 INNER JOIN '.USER_INFOS_TABLE.' AS ui
 ON u.'.$conf['user_fields']['id'].'=ui.user_id
-WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
 ;';
   }
   $row = pwg_db_fetch_assoc(pwg_query($query));

admin/include/languages.class.php

@@ -99,11 +99,11 @@ INSERT INTO '.LANGUAGES_TABLE.'
           break;
         }
 
-        $query = "
+        $query = '
 DELETE
-  FROM ".LANGUAGES_TABLE."
+  FROM '.LANGUAGES_TABLE.'
-  WHERE id= '".$language_id."'
+  WHERE id= \''.$language_id.'\'
-;";
+;';
         pwg_query($query);
         break;
 
@@ -122,8 +122,8 @@ DELETE
         // Set default language to user who are using this language
         $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.get_default_language().'"
+  SET language = \''.get_default_language().'\'
-  WHERE language = "'.$language_id.'"
+  WHERE language = \''.$language_id.'\'
 ;';
         pwg_query($query);
 
@@ -136,7 +136,7 @@ UPDATE '.USER_INFOS_TABLE.'
       case 'set_default':
         $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.$language_id.'"
+  SET language = \''.$language_id.'\'
   WHERE user_id = '.$conf['default_user_id'].'
 ;';
         pwg_query($query);

admin/include/themes.class.php

@@ -175,11 +175,11 @@ SELECT
           }
         }
 
-        $query = "
+        $query = '
 DELETE
-  FROM ".THEMES_TABLE."
+  FROM '.THEMES_TABLE.'
-  WHERE id= '".$theme_id."'
+  WHERE id= \''.$theme_id.'\'
-;";
+;';
         pwg_query($query);
         break;
 
@@ -300,7 +300,7 @@ SELECT
     $clauses = array();
     if (!empty($id))
     {
-      $clauses[] = "id = '".$id."'";
+      $clauses[] = 'id = \''.$id.'\'';
     }
     if (count($clauses) > 0)
     {

admin/languages_installed.php

@@ -114,16 +114,16 @@ foreach($missing_language_ids as $language_id)
 {
   $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.get_default_language().'"
+  SET language = \''.get_default_language().'\'
-  WHERE language = "'.$language_id.'"
+  WHERE language = \''.$language_id.'\'
 ;';
   pwg_query($query);
 
-  $query = "
+  $query = '
 DELETE
-  FROM ".LANGUAGES_TABLE."
+  FROM '.LANGUAGES_TABLE.'
-  WHERE id= '".$language_id."'
+  WHERE id= \''.$language_id.'\'
-;";
+;';
   pwg_query($query);
 }
 

admin/permalinks.php

@@ -96,7 +96,7 @@ elseif ( isset($_GET['delete_permanent']) and !is_adviser() )
 {
   $query = '
 DELETE FROM '.OLD_PERMALINKS_TABLE.'
-  WHERE permalink="'.$_GET['delete_permanent'].'"
+  WHERE permalink=\''.$_GET['delete_permanent'].'\'
   LIMIT 1';
   $result = pwg_query($query);
   if (pwg_db_changes($result)==0)

admin/thumbnail.php

@@ -183,7 +183,7 @@ $thumbnalized = array();
 // what is the directory to search in ?
 $query = '
 SELECT galleries_url FROM '.SITES_TABLE.'
-  WHERE galleries_url NOT LIKE "http://%"
+  WHERE galleries_url NOT LIKE \'http://%\'
 ;';
 $result = pwg_query($query);
 while ( $row=pwg_db_fetch_assoc($result) )