Changeset 10940 for extensions/sobre


Ignore:
Timestamp:
05/19/11 11:36:09 (9 years ago)
Author:
flop25
Message:

addslashes replaced

Location:
extensions/sobre/trunk/admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • extensions/sobre/trunk/admin/admin.inc.php

    r10480 r10940  
    1919  $query = ' 
    2020UPDATE '.CONFIG_TABLE.' 
    21 SET value = "'.addslashes(serialize($_POST['sbre'])).'" 
     21SET value = "'.pwg_db_real_escape_string(serialize($_POST['sbre'])).'" 
    2222WHERE param = "Sobre" 
    2323;'; 
  • extensions/sobre/trunk/admin/maintain.inc.php

    r10317 r10940  
    1717    $query = ' 
    1818INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment) 
    19 VALUES ("Sobre" , "'.addslashes(serialize($config)).'" , "Sobre parameters");'; 
     19VALUES ("Sobre" , "'.pwg_db_real_escape_string(serialize($config)).'" , "Sobre parameters");'; 
    2020 
    2121    pwg_query($query); 
Note: See TracChangeset for help on using the changeset viewer.