diff options
| author | patdenice <patdenice@piwigo.org> | 2008-10-15 20:56:23 +0000 |
|---|---|---|
| committer | patdenice <patdenice@piwigo.org> | 2008-10-15 20:56:23 +0000 |
| commit | eb667c7711d61d0c757f2202af6c2e61cba7d1ac (patch) | |
| tree | 9e3553bcef990440d086aa4143ce3cbda2d98e04 /admin | |
| parent | a5aa24e2133978f5ce099255990a5e13ead53f55 (diff) | |
- change mysql_escape_string function (deprecated) by mysql_real_escape_string.
- Correction on install.tpl (link color).
git-svn-id: http://piwigo.org/svn/trunk@2752 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | admin/group_list.php | 2 | ||||
| -rw-r--r-- | admin/history.php | 2 | ||||
| -rw-r--r-- | admin/template/goto/install.tpl | 2 | ||||
| -rw-r--r-- | admin/user_list.php | 9 |
4 files changed, 4 insertions, 11 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index 09462025e..8bb0412b4 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -107,7 +107,7 @@ SELECT COUNT(*) INSERT INTO '.GROUPS_TABLE.' (name) VALUES - (\''.mysql_escape_string($_POST['groupname']).'\') + (\''.mysql_real_escape_string($_POST['groupname']).'\') ;'; pwg_query($query); diff --git a/admin/history.php b/admin/history.php index 222deaaf1..a915704d4 100644 --- a/admin/history.php +++ b/admin/history.php @@ -110,7 +110,7 @@ if (isset($_POST['submit'])) $search['fields']['filename'] = str_replace( '*', '%', - mysql_escape_string($_POST['filename']) + mysql_real_escape_string($_POST['filename']) ); } diff --git a/admin/template/goto/install.tpl b/admin/template/goto/install.tpl index 0fdf9b709..553eb737d 100644 --- a/admin/template/goto/install.tpl +++ b/admin/template/goto/install.tpl @@ -29,7 +29,7 @@ TD { height: 2.5em; } -.sql_content { +.sql_content, .infos a { color: #ff3363; } </style> diff --git a/admin/user_list.php b/admin/user_list.php index 8f0430ee5..80d3306f7 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -49,14 +49,7 @@ function get_filtered_user_list() if (isset($_GET['username']) and !empty($_GET['username'])) { $username = str_replace('*', '%', $_GET['username']); - if (function_exists('mysql_real_escape_string')) - { - $filter['username'] = mysql_real_escape_string($username); - } - else - { - $filter['username'] = mysql_escape_string($username); - } + $filter['username'] = mysql_real_escape_string($username); } if (isset($_GET['group']) |