Changeset 12222 for extensions/AMetaData/amd_ajax.php
- Timestamp:
- Sep 25, 2011, 4:01:32 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/AMetaData/amd_ajax.php
r7677 r12222 1555 1555 foreach($list as $subTag) 1556 1556 { 1557 $keywordsList[]="('". mysql_escape_string(trim($subTag))."', ".$row['imageId'].")";1557 $keywordsList[]="('".pwg_db_real_escape_string(trim($subTag))."', ".$row['imageId'].")"; 1558 1558 } 1559 1559 } 1560 1560 else 1561 1561 { 1562 $keywordsList[]="('". mysql_escape_string($val)."', ".$row['imageId'].")";1562 $keywordsList[]="('".pwg_db_real_escape_string($val)."', ".$row['imageId'].")"; 1563 1563 } 1564 1564 } … … 1566 1566 else 1567 1567 { 1568 $keywordsList[]="('". mysql_escape_string($row['value'])."', ".$row['imageId'].")";1568 $keywordsList[]="('".pwg_db_real_escape_string($row['value'])."', ".$row['imageId'].")"; 1569 1569 } 1570 1570 } … … 1660 1660 foreach($list as $subTag) 1661 1661 { 1662 $keywordsList[]="('". mysql_escape_string(trim($subTag))."', ".$row['imageId'].")";1662 $keywordsList[]="('".pwg_db_real_escape_string(trim($subTag))."', ".$row['imageId'].")"; 1663 1663 } 1664 1664 } 1665 1665 else 1666 1666 { 1667 $keywordsList[]="('". mysql_escape_string($val)."', ".$row['imageId'].")";1667 $keywordsList[]="('".pwg_db_real_escape_string($val)."', ".$row['imageId'].")"; 1668 1668 } 1669 1669 } … … 1671 1671 else 1672 1672 { 1673 $keywordsList[]="('". mysql_escape_string($row['value'])."', ".$row['imageId'].")";1673 $keywordsList[]="('".pwg_db_real_escape_string($row['value'])."', ".$row['imageId'].")"; 1674 1674 } 1675 1675 } … … 1687 1687 foreach($keywords as $key => $val) 1688 1688 { 1689 $keywords[$key]="(att.value LIKE '". mysql_escape_string($val)."')";1689 $keywords[$key]="(att.value LIKE '".pwg_db_real_escape_string($val)."')"; 1690 1690 } 1691 1691 /* … … 1703 1703 while($row=pwg_db_fetch_assoc($result)) 1704 1704 { 1705 $sql[]="('', '". mysql_escape_string($row['value'])."', '".mysql_escape_string(str2url($row['value']))."')";1705 $sql[]="('', '".pwg_db_real_escape_string($row['value'])."', '".pwg_db_real_escape_string(str2url($row['value']))."')"; 1706 1706 } 1707 1707 if(count($sql)>0)
Note: See TracChangeset
for help on using the changeset viewer.