Ignore:
Timestamp:
May 19, 2011, 5:28:40 PM (13 years ago)
Author:
Eric
Message:

use pwg_db_real_escape_string() instead of addslashes()
version 2.20.7 hard coded

File:
1 edited

Legend:

Unmodified
Added
Removed

  • extensions/UserAdvManager/trunk/admin/UAM_admin.php

    r10391 r10942  
    186186                $query = '
    187187                UPDATE '.CONFIG_TABLE.'
    188                 SET value="'.addslashes($conf['UserAdvManager']).'"
     188                SET value="'.pwg_db_real_escape_string($conf['UserAdvManager']).'"
    189189                WHERE param="UserAdvManager"
    190190                LIMIT 1
     
    215215          $query = '
    216216      UPDATE '.CONFIG_TABLE.'
    217                         SET value="'.addslashes($conf['UserAdvManager_ConfirmMail']).'"
     217                        SET value="'.pwg_db_real_escape_string($conf['UserAdvManager_ConfirmMail']).'"
    218218                        WHERE param="UserAdvManager_ConfirmMail"
    219219                        LIMIT 1
Note: See TracChangeset for help on using the changeset viewer.