aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2010-06-17 18:10:11 +0000
committernikrou <nikrou@piwigo.org>2010-06-17 18:10:11 +0000
commit324bdad746f97b257f904f4bef48e0c6bb30164f (patch)
treed425684a77bed8230c54a27dd14b751681b0380c /admin
parentc14850486a897a0b41f25fa9897fe957ca03d379 (diff)
Bug 1733 fixed : single quotes in queries
git-svn-id: http://piwigo.org/svn/trunk@6550 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/cat_modify.php4
-rw-r--r--admin/extend_for_templates.php8
-rw-r--r--admin/include/functions_permalinks.php12
-rw-r--r--admin/include/functions_upgrade.php8
-rw-r--r--admin/include/languages.class.php14
-rw-r--r--admin/include/themes.class.php10
-rw-r--r--admin/languages_installed.php12
-rw-r--r--admin/permalinks.php2
-rw-r--r--admin/thumbnail.php2
9 files changed, 36 insertions, 36 deletions
diff --git a/admin/cat_modify.php b/admin/cat_modify.php
index ff48e8ac4..f058d0f73 100644
--- a/admin/cat_modify.php
+++ b/admin/cat_modify.php
@@ -92,8 +92,8 @@ if (isset($_POST['submit']))
if (isset($_POST['image_order_subcats']))
{
$query = '
-UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':"'$image_order'").'
- WHERE uppercats LIKE "'.$cat_info['uppercats'].',%"';
+UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':'\''.$image_order.'\'').'
+ WHERE uppercats LIKE \''.$cat_info['uppercats'].',%\'';
pwg_query($query);
}
diff --git a/admin/extend_for_templates.php b/admin/extend_for_templates.php
index 79321191e..a6cd56d92 100644
--- a/admin/extend_for_templates.php
+++ b/admin/extend_for_templates.php
@@ -139,10 +139,10 @@ if (isset($_POST['submit']) and !is_adviser())
$conf['extents_for_templates'] = serialize($replacements);
$tpl_extension = $replacements;
/* ecrire la nouvelle conf */
- $query = "
-UPDATE ".CONFIG_TABLE."
- SET value = '". $conf['extents_for_templates'] ."'
-WHERE param = 'extents_for_templates';";
+ $query = '
+UPDATE '.CONFIG_TABLE.'
+ SET value = \''. $conf['extents_for_templates'] .'\'
+WHERE param = \'extents_for_templates\';';
if (pwg_query($query))
{
array_push($page['infos'],
diff --git a/admin/include/functions_permalinks.php b/admin/include/functions_permalinks.php
index 3a613f96b..a61ed32a0 100644
--- a/admin/include/functions_permalinks.php
+++ b/admin/include/functions_permalinks.php
@@ -28,7 +28,7 @@ function get_cat_id_from_permalink( $permalink )
{
$query ='
SELECT id FROM '.CATEGORIES_TABLE.'
- WHERE permalink="'.$permalink.'"';
+ WHERE permalink=\''.$permalink.'\'';
$ids = array_from_query($query, 'id');
if (!empty($ids))
{
@@ -69,7 +69,7 @@ function delete_cat_permalink( $cat_id, $save )
$query = '
SELECT permalink
FROM '.CATEGORIES_TABLE.'
- WHERE id="'.$cat_id.'"
+ WHERE id=\''.$cat_id.'\'
;';
$result = pwg_query($query);
if ( pwg_db_num_rows($result) )
@@ -108,7 +108,7 @@ UPDATE '.CATEGORIES_TABLE.'
$query = '
UPDATE '.OLD_PERMALINKS_TABLE.'
SET date_deleted=NOW()
- WHERE cat_id='.$cat_id.' AND permalink="'.$permalink.'"';
+ WHERE cat_id='.$cat_id.' AND permalink=\''.$permalink.'\'';
}
else
{
@@ -116,7 +116,7 @@ UPDATE '.OLD_PERMALINKS_TABLE.'
INSERT INTO '.OLD_PERMALINKS_TABLE.'
(permalink, cat_id, date_deleted)
VALUES
- ( "'.$permalink.'",'.$cat_id.',NOW() )';
+ ( \''.$permalink.'\','.$cat_id.',NOW() )';
}
pwg_query( $query );
}
@@ -185,13 +185,13 @@ function set_cat_permalink( $cat_id, $permalink, $save )
assert( $old_cat_id==$cat_id );
$query = '
DELETE FROM '.OLD_PERMALINKS_TABLE.'
- WHERE cat_id='.$old_cat_id.' AND permalink="'.$permalink.'"';
+ WHERE cat_id='.$old_cat_id.' AND permalink=\''.$permalink.'\'';
pwg_query($query);
}
$query = '
UPDATE '.CATEGORIES_TABLE.'
- SET permalink="'.$permalink.'"
+ SET permalink=\''.$permalink.'\'
WHERE id='.$cat_id;
// LIMIT 1';
pwg_query($query);
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index c2df4d5df..b3f4692e6 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -87,7 +87,7 @@ function deactivate_non_standard_plugins()
SELECT id
FROM '.PREFIX_TABLE.'plugins
WHERE state = "active"
-AND id NOT IN ("' . implode('","', $standard_plugins) . '")
+AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
;';
$result = pwg_query($query);
@@ -102,7 +102,7 @@ AND id NOT IN ("' . implode('","', $standard_plugins) . '")
$query = '
UPDATE '.PREFIX_TABLE.'plugins
SET state="inactive"
-WHERE id IN ("' . implode('","', $plugins) . '")
+WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
;';
pwg_query($query);
@@ -162,7 +162,7 @@ SELECT status
$query = '
SELECT password, status
FROM '.USERS_TABLE.'
-WHERE username = "'.$username.'"
+WHERE username = \''.$username.'\'
;';
}
else
@@ -172,7 +172,7 @@ SELECT u.password, ui.status
FROM '.USERS_TABLE.' AS u
INNER JOIN '.USER_INFOS_TABLE.' AS ui
ON u.'.$conf['user_fields']['id'].'=ui.user_id
-WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
;';
}
$row = pwg_db_fetch_assoc(pwg_query($query));
diff --git a/admin/include/languages.class.php b/admin/include/languages.class.php
index 053852154..88b37da36 100644
--- a/admin/include/languages.class.php
+++ b/admin/include/languages.class.php
@@ -99,11 +99,11 @@ INSERT INTO '.LANGUAGES_TABLE.'
break;
}
- $query = "
+ $query = '
DELETE
- FROM ".LANGUAGES_TABLE."
- WHERE id= '".$language_id."'
-;";
+ FROM '.LANGUAGES_TABLE.'
+ WHERE id= \''.$language_id.'\'
+;';
pwg_query($query);
break;
@@ -122,8 +122,8 @@ DELETE
// Set default language to user who are using this language
$query = '
UPDATE '.USER_INFOS_TABLE.'
- SET language = "'.get_default_language().'"
- WHERE language = "'.$language_id.'"
+ SET language = \''.get_default_language().'\'
+ WHERE language = \''.$language_id.'\'
;';
pwg_query($query);
@@ -136,7 +136,7 @@ UPDATE '.USER_INFOS_TABLE.'
case 'set_default':
$query = '
UPDATE '.USER_INFOS_TABLE.'
- SET language = "'.$language_id.'"
+ SET language = \''.$language_id.'\'
WHERE user_id = '.$conf['default_user_id'].'
;';
pwg_query($query);
diff --git a/admin/include/themes.class.php b/admin/include/themes.class.php
index 73a9e149e..7601f6d60 100644
--- a/admin/include/themes.class.php
+++ b/admin/include/themes.class.php
@@ -175,11 +175,11 @@ SELECT
}
}
- $query = "
+ $query = '
DELETE
- FROM ".THEMES_TABLE."
- WHERE id= '".$theme_id."'
-;";
+ FROM '.THEMES_TABLE.'
+ WHERE id= \''.$theme_id.'\'
+;';
pwg_query($query);
break;
@@ -300,7 +300,7 @@ SELECT
$clauses = array();
if (!empty($id))
{
- $clauses[] = "id = '".$id."'";
+ $clauses[] = 'id = \''.$id.'\'';
}
if (count($clauses) > 0)
{
diff --git a/admin/languages_installed.php b/admin/languages_installed.php
index fb1ee0d27..98c085ed3 100644
--- a/admin/languages_installed.php
+++ b/admin/languages_installed.php
@@ -114,16 +114,16 @@ foreach($missing_language_ids as $language_id)
{
$query = '
UPDATE '.USER_INFOS_TABLE.'
- SET language = "'.get_default_language().'"
- WHERE language = "'.$language_id.'"
+ SET language = \''.get_default_language().'\'
+ WHERE language = \''.$language_id.'\'
;';
pwg_query($query);
- $query = "
+ $query = '
DELETE
- FROM ".LANGUAGES_TABLE."
- WHERE id= '".$language_id."'
-;";
+ FROM '.LANGUAGES_TABLE.'
+ WHERE id= \''.$language_id.'\'
+;';
pwg_query($query);
}
diff --git a/admin/permalinks.php b/admin/permalinks.php
index 7d847d3c6..7ec83efc2 100644
--- a/admin/permalinks.php
+++ b/admin/permalinks.php
@@ -96,7 +96,7 @@ elseif ( isset($_GET['delete_permanent']) and !is_adviser() )
{
$query = '
DELETE FROM '.OLD_PERMALINKS_TABLE.'
- WHERE permalink="'.$_GET['delete_permanent'].'"
+ WHERE permalink=\''.$_GET['delete_permanent'].'\'
LIMIT 1';
$result = pwg_query($query);
if (pwg_db_changes($result)==0)
diff --git a/admin/thumbnail.php b/admin/thumbnail.php
index 06e14bd2a..87223ca00 100644
--- a/admin/thumbnail.php
+++ b/admin/thumbnail.php
@@ -183,7 +183,7 @@ $thumbnalized = array();
// what is the directory to search in ?
$query = '
SELECT galleries_url FROM '.SITES_TABLE.'
- WHERE galleries_url NOT LIKE "http://%"
+ WHERE galleries_url NOT LIKE \'http://%\'
;';
$result = pwg_query($query);
while ( $row=pwg_db_fetch_assoc($result) )