diff options
author | nikrou <nikrou@piwigo.org> | 2010-06-17 18:10:11 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2010-06-17 18:10:11 +0000 |
commit | 324bdad746f97b257f904f4bef48e0c6bb30164f (patch) | |
tree | d425684a77bed8230c54a27dd14b751681b0380c /admin/include | |
parent | c14850486a897a0b41f25fa9897fe957ca03d379 (diff) |
Bug 1733 fixed : single quotes in queries
git-svn-id: http://piwigo.org/svn/trunk@6550 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/include/functions_permalinks.php | 12 | ||||
-rw-r--r-- | admin/include/functions_upgrade.php | 8 | ||||
-rw-r--r-- | admin/include/languages.class.php | 14 | ||||
-rw-r--r-- | admin/include/themes.class.php | 10 |
4 files changed, 22 insertions, 22 deletions
diff --git a/admin/include/functions_permalinks.php b/admin/include/functions_permalinks.php index 3a613f96b..a61ed32a0 100644 --- a/admin/include/functions_permalinks.php +++ b/admin/include/functions_permalinks.php @@ -28,7 +28,7 @@ function get_cat_id_from_permalink( $permalink ) { $query =' SELECT id FROM '.CATEGORIES_TABLE.' - WHERE permalink="'.$permalink.'"'; + WHERE permalink=\''.$permalink.'\''; $ids = array_from_query($query, 'id'); if (!empty($ids)) { @@ -69,7 +69,7 @@ function delete_cat_permalink( $cat_id, $save ) $query = ' SELECT permalink FROM '.CATEGORIES_TABLE.' - WHERE id="'.$cat_id.'" + WHERE id=\''.$cat_id.'\' ;'; $result = pwg_query($query); if ( pwg_db_num_rows($result) ) @@ -108,7 +108,7 @@ UPDATE '.CATEGORIES_TABLE.' $query = ' UPDATE '.OLD_PERMALINKS_TABLE.' SET date_deleted=NOW() - WHERE cat_id='.$cat_id.' AND permalink="'.$permalink.'"'; + WHERE cat_id='.$cat_id.' AND permalink=\''.$permalink.'\''; } else { @@ -116,7 +116,7 @@ UPDATE '.OLD_PERMALINKS_TABLE.' INSERT INTO '.OLD_PERMALINKS_TABLE.' (permalink, cat_id, date_deleted) VALUES - ( "'.$permalink.'",'.$cat_id.',NOW() )'; + ( \''.$permalink.'\','.$cat_id.',NOW() )'; } pwg_query( $query ); } @@ -185,13 +185,13 @@ function set_cat_permalink( $cat_id, $permalink, $save ) assert( $old_cat_id==$cat_id ); $query = ' DELETE FROM '.OLD_PERMALINKS_TABLE.' - WHERE cat_id='.$old_cat_id.' AND permalink="'.$permalink.'"'; + WHERE cat_id='.$old_cat_id.' AND permalink=\''.$permalink.'\''; pwg_query($query); } $query = ' UPDATE '.CATEGORIES_TABLE.' - SET permalink="'.$permalink.'" + SET permalink=\''.$permalink.'\' WHERE id='.$cat_id; // LIMIT 1'; pwg_query($query); diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php index c2df4d5df..b3f4692e6 100644 --- a/admin/include/functions_upgrade.php +++ b/admin/include/functions_upgrade.php @@ -87,7 +87,7 @@ function deactivate_non_standard_plugins() SELECT id FROM '.PREFIX_TABLE.'plugins WHERE state = "active" -AND id NOT IN ("' . implode('","', $standard_plugins) . '") +AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\') ;'; $result = pwg_query($query); @@ -102,7 +102,7 @@ AND id NOT IN ("' . implode('","', $standard_plugins) . '") $query = ' UPDATE '.PREFIX_TABLE.'plugins SET state="inactive" -WHERE id IN ("' . implode('","', $plugins) . '") +WHERE id IN (\'' . implode('\',\'', $plugins) . '\') ;'; pwg_query($query); @@ -162,7 +162,7 @@ SELECT status $query = ' SELECT password, status FROM '.USERS_TABLE.' -WHERE username = "'.$username.'" +WHERE username = \''.$username.'\' ;'; } else @@ -172,7 +172,7 @@ SELECT u.password, ui.status FROM '.USERS_TABLE.' AS u INNER JOIN '.USER_INFOS_TABLE.' AS ui ON u.'.$conf['user_fields']['id'].'=ui.user_id -WHERE '.$conf['user_fields']['username'].'="'.$username.'" +WHERE '.$conf['user_fields']['username'].'=\''.$username.'\' ;'; } $row = pwg_db_fetch_assoc(pwg_query($query)); diff --git a/admin/include/languages.class.php b/admin/include/languages.class.php index 053852154..88b37da36 100644 --- a/admin/include/languages.class.php +++ b/admin/include/languages.class.php @@ -99,11 +99,11 @@ INSERT INTO '.LANGUAGES_TABLE.' break; } - $query = " + $query = ' DELETE - FROM ".LANGUAGES_TABLE." - WHERE id= '".$language_id."' -;"; + FROM '.LANGUAGES_TABLE.' + WHERE id= \''.$language_id.'\' +;'; pwg_query($query); break; @@ -122,8 +122,8 @@ DELETE // Set default language to user who are using this language $query = ' UPDATE '.USER_INFOS_TABLE.' - SET language = "'.get_default_language().'" - WHERE language = "'.$language_id.'" + SET language = \''.get_default_language().'\' + WHERE language = \''.$language_id.'\' ;'; pwg_query($query); @@ -136,7 +136,7 @@ UPDATE '.USER_INFOS_TABLE.' case 'set_default': $query = ' UPDATE '.USER_INFOS_TABLE.' - SET language = "'.$language_id.'" + SET language = \''.$language_id.'\' WHERE user_id = '.$conf['default_user_id'].' ;'; pwg_query($query); diff --git a/admin/include/themes.class.php b/admin/include/themes.class.php index 73a9e149e..7601f6d60 100644 --- a/admin/include/themes.class.php +++ b/admin/include/themes.class.php @@ -175,11 +175,11 @@ SELECT } } - $query = " + $query = ' DELETE - FROM ".THEMES_TABLE." - WHERE id= '".$theme_id."' -;"; + FROM '.THEMES_TABLE.' + WHERE id= \''.$theme_id.'\' +;'; pwg_query($query); break; @@ -300,7 +300,7 @@ SELECT $clauses = array(); if (!empty($id)) { - $clauses[] = "id = '".$id."'"; + $clauses[] = 'id = \''.$id.'\''; } if (count($clauses) > 0) { |