[geeklog-cvs] geeklog: Using mysql_real_escape_string() here would be nicer, b...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Mar 4 05:01:58 EST 2012
changeset 8507:0f0ce5bf5a57
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/0f0ce5bf5a57
user: Dirk Haun <dirk at haun-online.de>
date: Sun Mar 04 10:58:58 2012 +0100
description:
Using mysql_real_escape_string() here would be nicer, but won't work with the MySQLi class - reverting to addslashes() for now (cf. feature request #0001146)
diffstat:
plugins/polls/sql/mysql_updates.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diffs (12 lines):
diff -r e86a60e08f26 -r 0f0ce5bf5a57 plugins/polls/sql/mysql_updates.php
--- a/plugins/polls/sql/mysql_updates.php Sun Mar 04 10:11:20 2012 +0100
+++ b/plugins/polls/sql/mysql_updates.php Sun Mar 04 10:58:58 2012 +0100
@@ -108,7 +108,7 @@
$count_move = DB_numRows($move_rst);
for ($i = 0; $i < $count_move; $i++) {
$A = DB_fetchArray($move_rst);
- $A[1] = mysql_real_escape_string($A[1]);
+ $A[1] = addslashes($A[1]);
$P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, question) VALUES ('{$A[0]}','{$A[1]}');";
}
More information about the geeklog-cvs
mailing list