From 324bdad746f97b257f904f4bef48e0c6bb30164f Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Thu, 17 Jun 2010 18:10:11 +0000
Subject: Bug 1733 fixed : single quotes in queries

git-svn-id: http://piwigo.org/svn/trunk@6550 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/include/functions_upgrade.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'admin/include/functions_upgrade.php')

diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index c2df4d5df..b3f4692e6 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -87,7 +87,7 @@ function deactivate_non_standard_plugins()
 SELECT id
 FROM '.PREFIX_TABLE.'plugins
 WHERE state = "active"
-AND id NOT IN ("' . implode('","', $standard_plugins) . '")
+AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
 ;';
 
   $result = pwg_query($query);
@@ -102,7 +102,7 @@ AND id NOT IN ("' . implode('","', $standard_plugins) . '")
     $query = '
 UPDATE '.PREFIX_TABLE.'plugins
 SET state="inactive"
-WHERE id IN ("' . implode('","', $plugins) . '")
+WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
 ;';
     pwg_query($query);
 
@@ -162,7 +162,7 @@ SELECT status
     $query = '
 SELECT password, status
 FROM '.USERS_TABLE.'
-WHERE username = "'.$username.'"
+WHERE username = \''.$username.'\'
 ;';
   }
   else
@@ -172,7 +172,7 @@ SELECT u.password, ui.status
 FROM '.USERS_TABLE.' AS u
 INNER JOIN '.USER_INFOS_TABLE.' AS ui
 ON u.'.$conf['user_fields']['id'].'=ui.user_id
-WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
 ;';
   }
   $row = pwg_db_fetch_assoc(pwg_query($query));
-- 
cgit v1.2.3