- change mysql_escape_string function (deprecated) by mysql_real_escape_string.

- Correction on install.tpl (link color). git-svn-id: http://piwigo.org/svn/trunk@2752 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-10-15 20:56:23 +00:00 · 2008-10-15 20:56:23 +00:00 · eb667c7711
commit eb667c7711
parent a5aa24e213
7 changed files with 8 additions and 15 deletions
--- a/admin/group_list.php
+++ b/admin/group_list.php
@ -107,7 +107,7 @@ SELECT COUNT(*)
 INSERT INTO '.GROUPS_TABLE.'
  (name)
  VALUES
-  (\''.mysql_escape_string($_POST['groupname']).'\')
+  (\''.mysql_real_escape_string($_POST['groupname']).'\')
 ;';
    pwg_query($query);

--- a/admin/history.php
+++ b/admin/history.php
@ -110,7 +110,7 @@ if (isset($_POST['submit']))
    $search['fields']['filename'] = str_replace(
      '*',
      '%',
-      mysql_escape_string($_POST['filename'])
+      mysql_real_escape_string($_POST['filename'])
      );
  }

--- a/admin/template/goto/install.tpl
+++ b/admin/template/goto/install.tpl
@ -29,7 +29,7 @@ TD {
  height: 2.5em;
 }

-.sql_content {
+.sql_content, .infos a {
  color: #ff3363;
 }
 </style>
--- a/admin/user_list.php
+++ b/admin/user_list.php
@ -49,14 +49,7 @@ function get_filtered_user_list()
  if (isset($_GET['username']) and !empty($_GET['username']))
  {
    $username = str_replace('*', '%', $_GET['username']);
-    if (function_exists('mysql_real_escape_string'))
-    {
-      $filter['username'] = mysql_real_escape_string($username);
-    }
-    else
-    {
-      $filter['username'] = mysql_escape_string($username);
-    }
+    $filter['username'] = mysql_real_escape_string($username);
  }

  if (isset($_GET['group'])