aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorpatdenice <patdenice@piwigo.org>2008-10-15 20:56:23 +0000
committerpatdenice <patdenice@piwigo.org>2008-10-15 20:56:23 +0000
commiteb667c7711d61d0c757f2202af6c2e61cba7d1ac (patch)
tree9e3553bcef990440d086aa4143ce3cbda2d98e04 /admin
parenta5aa24e2133978f5ce099255990a5e13ead53f55 (diff)
- change mysql_escape_string function (deprecated) by mysql_real_escape_string.
- Correction on install.tpl (link color). git-svn-id: http://piwigo.org/svn/trunk@2752 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/group_list.php2
-rw-r--r--admin/history.php2
-rw-r--r--admin/template/goto/install.tpl2
-rw-r--r--admin/user_list.php9
4 files changed, 4 insertions, 11 deletions
diff --git a/admin/group_list.php b/admin/group_list.php
index 09462025e..8bb0412b4 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -107,7 +107,7 @@ SELECT COUNT(*)
INSERT INTO '.GROUPS_TABLE.'
(name)
VALUES
- (\''.mysql_escape_string($_POST['groupname']).'\')
+ (\''.mysql_real_escape_string($_POST['groupname']).'\')
;';
pwg_query($query);
diff --git a/admin/history.php b/admin/history.php
index 222deaaf1..a915704d4 100644
--- a/admin/history.php
+++ b/admin/history.php
@@ -110,7 +110,7 @@ if (isset($_POST['submit']))
$search['fields']['filename'] = str_replace(
'*',
'%',
- mysql_escape_string($_POST['filename'])
+ mysql_real_escape_string($_POST['filename'])
);
}
diff --git a/admin/template/goto/install.tpl b/admin/template/goto/install.tpl
index 0fdf9b709..553eb737d 100644
--- a/admin/template/goto/install.tpl
+++ b/admin/template/goto/install.tpl
@@ -29,7 +29,7 @@ TD {
height: 2.5em;
}
-.sql_content {
+.sql_content, .infos a {
color: #ff3363;
}
</style>
diff --git a/admin/user_list.php b/admin/user_list.php
index 8f0430ee5..80d3306f7 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -49,14 +49,7 @@ function get_filtered_user_list()
if (isset($_GET['username']) and !empty($_GET['username']))
{
$username = str_replace('*', '%', $_GET['username']);
- if (function_exists('mysql_real_escape_string'))
- {
- $filter['username'] = mysql_real_escape_string($username);
- }
- else
- {
- $filter['username'] = mysql_escape_string($username);
- }
+ $filter['username'] = mysql_real_escape_string($username);
}
if (isset($_GET['group'])