diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-01-22 16:58:00 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-01-22 16:58:00 +0000 |
| commit | 2005fb7061f7a7828dd2e49ac5f3d641b6f525fd (patch) | |
| tree | fe772b74396b64b78da85809e301c2d4c1086439 | |
| parent | 01517e23fdeef9f2dae4fe88afeb10ff0bdd47cd (diff) | |
| download | forums-2005fb7061f7a7828dd2e49ac5f3d641b6f525fd.tar forums-2005fb7061f7a7828dd2e49ac5f3d641b6f525fd.tar.gz forums-2005fb7061f7a7828dd2e49ac5f3d641b6f525fd.tar.bz2 forums-2005fb7061f7a7828dd2e49ac5f3d641b6f525fd.tar.xz forums-2005fb7061f7a7828dd2e49ac5f3d641b6f525fd.zip | |
sql_quote to $db->sql_escape
git-svn-id: file:///svn/phpbb/trunk@3358 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/db/mysql.php | 4 | ||||
| -rw-r--r-- | phpBB/db/mysql4.php | 8 |
2 files changed, 7 insertions, 5 deletions
diff --git a/phpBB/db/mysql.php b/phpBB/db/mysql.php index 96a8a6ea8f..9925779e33 100644 --- a/phpBB/db/mysql.php +++ b/phpBB/db/mysql.php @@ -236,7 +236,7 @@ class sql_db } elseif (is_string($var)) { - $values[] = "'" . sql_quote($var) . "'"; + $values[] = "'" . $this->sql_escape($var) . "'"; } else { @@ -257,7 +257,7 @@ class sql_db } elseif (is_string($var)) { - $values[] = "$key = '" . sql_quote($var) . "'"; + $values[] = "$key = '" . $this->sql_escape($var) . "'"; } else { diff --git a/phpBB/db/mysql4.php b/phpBB/db/mysql4.php index 0742f0966e..52a4a76ec7 100644 --- a/phpBB/db/mysql4.php +++ b/phpBB/db/mysql4.php @@ -130,11 +130,13 @@ class sql_db $curtime = explode(' ', microtime()); $curtime = $curtime[0] + $curtime[1] - $starttime; } + if (!$this->query_result = @mysql_query($query, $this->db_connect_id)) { $this->sql_error($query); } -if (!empty($_REQUEST['explain'])) + + if (!empty($_REQUEST['explain'])) { $endtime = explode(' ', microtime()); $endtime = $endtime[0] + $endtime[1] - $starttime; @@ -226,7 +228,7 @@ if (!empty($_REQUEST['explain'])) } elseif (is_string($var)) { - $values[] = "'" . str_replace('\\\'', '\'\'', $var) . "'"; + $values[] = "'" . $this->sql_escape($var) . "'"; } else { @@ -247,7 +249,7 @@ if (!empty($_REQUEST['explain'])) } elseif (is_string($var)) { - $values[] = "$key = '" . str_replace('\\\'', '\'\'', $var) . "'"; + $values[] = "$key = '" . $this->sql_escape($var) . "'"; } else { |