aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2010-06-17 18:10:11 +0000
committernikrou <nikrou@piwigo.org>2010-06-17 18:10:11 +0000
commit324bdad746f97b257f904f4bef48e0c6bb30164f (patch)
treed425684a77bed8230c54a27dd14b751681b0380c /admin/include
parentc14850486a897a0b41f25fa9897fe957ca03d379 (diff)
Bug 1733 fixed : single quotes in queries
git-svn-id: http://piwigo.org/svn/trunk@6550 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/include/functions_permalinks.php12
-rw-r--r--admin/include/functions_upgrade.php8
-rw-r--r--admin/include/languages.class.php14
-rw-r--r--admin/include/themes.class.php10
4 files changed, 22 insertions, 22 deletions
diff --git a/admin/include/functions_permalinks.php b/admin/include/functions_permalinks.php
index 3a613f96b..a61ed32a0 100644
--- a/admin/include/functions_permalinks.php
+++ b/admin/include/functions_permalinks.php
@@ -28,7 +28,7 @@ function get_cat_id_from_permalink( $permalink )
{
$query ='
SELECT id FROM '.CATEGORIES_TABLE.'
- WHERE permalink="'.$permalink.'"';
+ WHERE permalink=\''.$permalink.'\'';
$ids = array_from_query($query, 'id');
if (!empty($ids))
{
@@ -69,7 +69,7 @@ function delete_cat_permalink( $cat_id, $save )
$query = '
SELECT permalink
FROM '.CATEGORIES_TABLE.'
- WHERE id="'.$cat_id.'"
+ WHERE id=\''.$cat_id.'\'
;';
$result = pwg_query($query);
if ( pwg_db_num_rows($result) )
@@ -108,7 +108,7 @@ UPDATE '.CATEGORIES_TABLE.'
$query = '
UPDATE '.OLD_PERMALINKS_TABLE.'
SET date_deleted=NOW()
- WHERE cat_id='.$cat_id.' AND permalink="'.$permalink.'"';
+ WHERE cat_id='.$cat_id.' AND permalink=\''.$permalink.'\'';
}
else
{
@@ -116,7 +116,7 @@ UPDATE '.OLD_PERMALINKS_TABLE.'
INSERT INTO '.OLD_PERMALINKS_TABLE.'
(permalink, cat_id, date_deleted)
VALUES
- ( "'.$permalink.'",'.$cat_id.',NOW() )';
+ ( \''.$permalink.'\','.$cat_id.',NOW() )';
}
pwg_query( $query );
}
@@ -185,13 +185,13 @@ function set_cat_permalink( $cat_id, $permalink, $save )
assert( $old_cat_id==$cat_id );
$query = '
DELETE FROM '.OLD_PERMALINKS_TABLE.'
- WHERE cat_id='.$old_cat_id.' AND permalink="'.$permalink.'"';
+ WHERE cat_id='.$old_cat_id.' AND permalink=\''.$permalink.'\'';
pwg_query($query);
}
$query = '
UPDATE '.CATEGORIES_TABLE.'
- SET permalink="'.$permalink.'"
+ SET permalink=\''.$permalink.'\'
WHERE id='.$cat_id;
// LIMIT 1';
pwg_query($query);
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index c2df4d5df..b3f4692e6 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -87,7 +87,7 @@ function deactivate_non_standard_plugins()
SELECT id
FROM '.PREFIX_TABLE.'plugins
WHERE state = "active"
-AND id NOT IN ("' . implode('","', $standard_plugins) . '")
+AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
;';
$result = pwg_query($query);
@@ -102,7 +102,7 @@ AND id NOT IN ("' . implode('","', $standard_plugins) . '")
$query = '
UPDATE '.PREFIX_TABLE.'plugins
SET state="inactive"
-WHERE id IN ("' . implode('","', $plugins) . '")
+WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
;';
pwg_query($query);
@@ -162,7 +162,7 @@ SELECT status
$query = '
SELECT password, status
FROM '.USERS_TABLE.'
-WHERE username = "'.$username.'"
+WHERE username = \''.$username.'\'
;';
}
else
@@ -172,7 +172,7 @@ SELECT u.password, ui.status
FROM '.USERS_TABLE.' AS u
INNER JOIN '.USER_INFOS_TABLE.' AS ui
ON u.'.$conf['user_fields']['id'].'=ui.user_id
-WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
;';
}
$row = pwg_db_fetch_assoc(pwg_query($query));
diff --git a/admin/include/languages.class.php b/admin/include/languages.class.php
index 053852154..88b37da36 100644
--- a/admin/include/languages.class.php
+++ b/admin/include/languages.class.php
@@ -99,11 +99,11 @@ INSERT INTO '.LANGUAGES_TABLE.'
break;
}
- $query = "
+ $query = '
DELETE
- FROM ".LANGUAGES_TABLE."
- WHERE id= '".$language_id."'
-;";
+ FROM '.LANGUAGES_TABLE.'
+ WHERE id= \''.$language_id.'\'
+;';
pwg_query($query);
break;
@@ -122,8 +122,8 @@ DELETE
// Set default language to user who are using this language
$query = '
UPDATE '.USER_INFOS_TABLE.'
- SET language = "'.get_default_language().'"
- WHERE language = "'.$language_id.'"
+ SET language = \''.get_default_language().'\'
+ WHERE language = \''.$language_id.'\'
;';
pwg_query($query);
@@ -136,7 +136,7 @@ UPDATE '.USER_INFOS_TABLE.'
case 'set_default':
$query = '
UPDATE '.USER_INFOS_TABLE.'
- SET language = "'.$language_id.'"
+ SET language = \''.$language_id.'\'
WHERE user_id = '.$conf['default_user_id'].'
;';
pwg_query($query);
diff --git a/admin/include/themes.class.php b/admin/include/themes.class.php
index 73a9e149e..7601f6d60 100644
--- a/admin/include/themes.class.php
+++ b/admin/include/themes.class.php
@@ -175,11 +175,11 @@ SELECT
}
}
- $query = "
+ $query = '
DELETE
- FROM ".THEMES_TABLE."
- WHERE id= '".$theme_id."'
-;";
+ FROM '.THEMES_TABLE.'
+ WHERE id= \''.$theme_id.'\'
+;';
pwg_query($query);
break;
@@ -300,7 +300,7 @@ SELECT
$clauses = array();
if (!empty($id))
{
- $clauses[] = "id = '".$id."'";
+ $clauses[] = 'id = \''.$id.'\'';
}
if (count($clauses) > 0)
{