[geeklog-cvs] geeklog: Fixed SQL error when poll questions contained single qu...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun Oct 5 14:33:45 EDT 2008 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c2aa8411a3f6
changeset: 6430:c2aa8411a3f6
user:      Dirk Haun <dirk at haun-online.de>
date:      Sun Oct 05 20:33:33 2008 +0200
description:
Fixed SQL error when poll questions contained single quotes (bug #0000756)

diffstat:

2 files changed, 15 insertions(+), 8 deletions(-)
public_html/admin/plugins/polls/index.php |   21 +++++++++++++--------
public_html/docs/history                  |    2 ++

diffs (43 lines):

diff -r f41761b1c244 -r c2aa8411a3f6 public_html/admin/plugins/polls/index.php
--- a/public_html/admin/plugins/polls/index.php	Sun Oct 05 18:24:06 2008 +0200
+++ b/public_html/admin/plugins/polls/index.php	Sun Oct 05 20:33:33 2008 +0200
@@ -250,14 +250,19 @@
     $k = 0; // set up a counter to make sure we do assign a straight line of question id's
     $v = 0; // re-count votes sine they might have been changed
     // first dimension of array are the questions
-    for ($i=0; $i<sizeof($Q); $i++) {
-        $Q[$i] = COM_stripslashes ($Q[$i]);
-        if (strlen ($Q[$i]) > 0) { // only insert questions that exist
-            DB_save ($_TABLES['pollquestions'], 'qid, pid, question', "'$k', '$pid', '$Q[$i]'");
-            // within the questions, we have another dimensions with answers, votes and remarks
-            for ($j=0; $j<sizeof($A[$i]); $j++) {
-                $A[$i][$j] = COM_stripslashes ($A[$i][$j]);
-                if (strlen ($A[$i][$j]) > 0) { // only insert answers etc that exist
+    $num_questions = sizeof($Q);
+    for ($i = 0; $i < $num_questions; $i++) {
+        $Q[$i] = COM_stripslashes($Q[$i]);
+        if (strlen($Q[$i]) > 0) { // only insert questions that exist
+            $Q[$i] = addslashes($Q[$i]);
+            DB_save($_TABLES['pollquestions'], 'qid, pid, question',
+                                               "'$k', '$pid', '$Q[$i]'");
+            // within the questions, we have another dimensions with answers,
+            // votes and remarks
+            $num_answers = sizeof($A[$i]);
+            for ($j = 0; $j < $num_answers; $j++) {
+                $A[$i][$j] = COM_stripslashes($A[$i][$j]);
+                if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist
                     if (!is_numeric($V[$i][$j])) {
                         $V[$i][$j] = "0";
                     }
diff -r f41761b1c244 -r c2aa8411a3f6 public_html/docs/history
--- a/public_html/docs/history	Sun Oct 05 18:24:06 2008 +0200
+++ b/public_html/docs/history	Sun Oct 05 20:33:33 2008 +0200
@@ -39,6 +39,8 @@
 
 Polls plugin
 ------------
+- Fixed SQL error when poll questions contained single quotes (bug #0000756)
+  [Dirk]
 - Fixed handling of poll IDs in Polls editor (bug #0000753) [Dirk]
 
 Static Pages plugin

More information about the geeklog-cvs mailing list