[geeklog-cvs] geeklog: Missing single quote around $sid (and some some source ...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun Feb 7 11:04:07 EST 2010 

changeset 7714:fc2d0f963891
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fc2d0f963891
user: Dirk Haun <dirk at haun-online.de>
date: Sun Feb 07 16:05:26 2010 +0100
description:
Missing single quote around $sid (and some some source code formatting)

diffstat:

 system/lib-comment.php |  13 ++++++-------
 1 files changed, 6 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 2d8045d0f615 -r fc2d0f963891 system/lib-comment.php
--- a/system/lib-comment.php	Sun Feb 07 16:00:19 2010 +0100
+++ b/system/lib-comment.php	Sun Feb 07 16:05:26 2010 +0100
@@ -1110,20 +1110,19 @@
         COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried "
                    . 'to submit a comment with invalid $title and/or $comment.');
         $ret = 5;
-    } elseif ( $_CONF['commentsubmission'] == 1 && !SEC_hasRights('comment.submit') ) {
-        //comment into comment submission table enabled
+    } elseif (($_CONF['commentsubmission'] == 1) &&
+            !SEC_hasRights('comment.submit')) {
+        // comment into comment submission table enabled
         if (isset($name)) {
-            DB_query ( "INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,name,comment,date,title,pid,ipaddress) VALUES
-                ($sid',$uid,'$name','$comment',now(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
+            DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,name,comment,date,title,pid,ipaddress) VALUES ('$sid',$uid,'$name','$comment',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
         } else {
-            DB_query ( "INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,comment,date,title,pid,ipaddress) VALUES
-                ($sid',$uid,$comment',now(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
+            DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,comment,date,title,pid,ipaddress) VALUES ('$sid',$uid,$comment',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
         }
 
         $ret = -1; // comment queued
     } elseif ($pid > 0) {
         DB_lockTable ($_TABLES['comments']);
-        
+
         $result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = $pid "
                          . "AND sid = '$sid'");
         list($rht, $indent) = DB_fetchArray($result);

More information about the geeklog-cvs mailing list