diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-01-07 14:37:34 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-01-07 14:37:34 +0000 |
| commit | 5048f1f2bc9dc972dfb74f404a1c9593a04ef6b5 (patch) | |
| tree | 305af665a58bd2e67f39300fdd5fa3a290c6e1a9 | |
| parent | 7bdb2816f9855a1675c25b152e3c0cadd9ee57ae (diff) | |
| download | forums-5048f1f2bc9dc972dfb74f404a1c9593a04ef6b5.tar forums-5048f1f2bc9dc972dfb74f404a1c9593a04ef6b5.tar.gz forums-5048f1f2bc9dc972dfb74f404a1c9593a04ef6b5.tar.bz2 forums-5048f1f2bc9dc972dfb74f404a1c9593a04ef6b5.tar.xz forums-5048f1f2bc9dc972dfb74f404a1c9593a04ef6b5.zip | |
Various updates, inc. fixing non-escaping of '
git-svn-id: file:///svn/phpbb/trunk@3263 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/posting.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index 0e1be3f711..a80f00c69d 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -356,7 +356,7 @@ if (isset($post)) // post_text ... may merge into posts table $post_text_sql = array( - 'post_subject' => htmlspecialchars($subject), + 'post_subject' => $db->sql_quote(htmlspecialchars($subject)), 'bbcode_uid' => $bbcode_uid, 'post_id' => intval($post_id), ); @@ -364,10 +364,10 @@ if (isset($post)) { $post_text_sql = array_merge($post_text_sql, array( 'post_checksum' => $message_md5, - 'post_text' => $message, + 'post_text' => $db->sql_quote($message), )); } - $sql = ($mode == 'edit') ? 'UPDATE ' . POSTS_TEXT_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $post_text_sql) . ' WHERE post_id = ' . intval($post_id) : 'INSERT INTO ' . POSTS_TEXT_TABLE . ' ' . $db->sql_build_array('INSERT', $post_text_sql); + echo $sql = ($mode == 'edit') ? 'UPDATE ' . POSTS_TEXT_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $post_text_sql) . ' WHERE post_id = ' . intval($post_id) : 'INSERT INTO ' . POSTS_TEXT_TABLE . ' ' . $db->sql_build_array('INSERT', $post_text_sql); $db->sql_query($sql); // poll options |