aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_user.inc.php
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2009-11-25 19:02:57 +0000
committernikrou <nikrou@piwigo.org>2009-11-25 19:02:57 +0000
commit13ea9d50e35d9dd8cf7235a39d97a344e6091ea0 (patch)
treea3c6e08df8ea10d0d5f56ffc2f1f14d6cbcfcd67 /include/functions_user.inc.php
parentd30639ec98f8e2929137ab6e00cb2fe3ba295957 (diff)
Feature 1255: modification in sql queries
- manage random function - manage regex syntax - manage quote (single instead of double) - manage interval git-svn-id: http://piwigo.org/svn/trunk@4367 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_user.inc.php')
-rw-r--r--include/functions_user.inc.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 51f8420c9..2a2ed79e9 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -385,8 +385,8 @@ INSERT INTO '.USER_CACHE_TABLE.'
VALUES
('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\','
.$userdata['cache_update_time'].',\''
- .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"'
- .$userdata['image_access_type'].'","'.$userdata['image_access_list'].'")';
+ .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',\''
+ .$userdata['image_access_type'].'\',\''.$userdata['image_access_list'].'\')';
pwg_query($query);
}
}
@@ -632,7 +632,7 @@ FROM '.CATEGORIES_TABLE.' as c
if ( isset($filter_days) )
{
- $query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)';
+ $query .= ' AND i.date_available > '.pwg_db_get_recent_period_expression($filter_days);
}
if ( !empty($userdata['forbidden_categories']) )
@@ -1039,7 +1039,7 @@ function try_log_user($username, $password, $remember_me)
SELECT '.$conf['user_fields']['id'].' AS id,
'.$conf['user_fields']['password'].' AS password
FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['username'].' = \''.mysql_real_escape_string($username).'\'
+ WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
;';
$row = pwg_db_fetch_assoc(pwg_query($query));
if ($row['password'] == $conf['pass_convert']($password))