Changeset 6664 for trunk


Ignore:
Timestamp:
Jul 5, 2010, 11:18:14 PM (14 years ago)
Author:
nikrou
Message:

Bug 1763 fixed : [PostgreSQL] double quote used in queries

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/include/functions.php

    r6152 r6664  
    295295  $query = '
    296296DELETE FROM '.SESSIONS_TABLE.'
    297   WHERE data LIKE "pwg_uid|i:'.(int)$user_id.';%"
     297  WHERE data LIKE \'pwg_uid|i:'.(int)$user_id.';%\'
    298298;';
    299299  pwg_query($query);

  • trunk/admin/include/functions_permalinks.php

    r6550 r6664  
    4848  FROM '.OLD_PERMALINKS_TABLE.' op INNER JOIN '.CATEGORIES_TABLE.' c
    4949    ON op.cat_id=c.id
    50   WHERE op.permalink="'.$permalink.'"
     50  WHERE op.permalink=\''.$permalink.'\'
    5151  LIMIT 1';
    5252  $result = pwg_query($query);

  • trunk/include/functions_category.inc.php

    r6654 r6664  
    407407  {
    408408    if ( !empty($in) ) $in.=', ';
    409     $in .= '"'.$permalink.'"';
     409    $in .= '\''.$permalink.'\'';
    410410  }
    411411  $query ='

  • trunk/include/functions_search.inc.php

    r6518 r6664  
    394394    if ( strlen($tokens[$i])==0)
    395395      continue;
    396     $clauses[] = $field.' LIKE "'.$before.addslashes($tokens[$i]).$after.'"';
     396    $clauses[] = $field.' LIKE \''.$before.addslashes($tokens[$i]).$after.'\'';
    397397  }
    398398
     
    435435
    436436  // Step 1 - first we find matches in #images table ===========================
    437   $where_clauses='MATCH(i.name, i.comment) AGAINST( "'.$q.'" IN BOOLEAN MODE)';
     437  $where_clauses='MATCH(i.name, i.comment) AGAINST( \''.$q.'\' IN BOOLEAN MODE)';
    438438  if (!empty($q_like_clause))
    439439  {
     
    453453  $query = '
    454454SELECT i.id,
    455     MATCH(i.name, i.comment) AGAINST( "'.$q.'" IN BOOLEAN MODE) AS weight
     455    MATCH(i.name, i.comment) AGAINST( \''.$q.'\' IN BOOLEAN MODE) AS weight
    456456  FROM '.IMAGES_TABLE.' i
    457457  WHERE '.implode("\n AND ", $where_clauses);
     
    506506    INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.' ON id=cat_id
    507507  WHERE user_id='.$user['id'].'
    508     AND MATCH(name, comment) AGAINST( "'.$q.'" IN BOOLEAN MODE)'.
     508    AND MATCH(name, comment) AGAINST( \''.$q.'\' IN BOOLEAN MODE)'.
    509509  get_sql_condition_FandF (
    510510      array( 'visible_categories' => 'cat_id' ), "\n    AND"

  • trunk/include/section_init.inc.php

    r6615 r6664  
    260260  FROM '.CATEGORIES_TABLE.'
    261261  WHERE
    262     uppercats LIKE "'.$page['category']['uppercats'].',%" '
     262    uppercats LIKE \''.$page['category']['uppercats'].',%\' '
    263263    .get_sql_condition_FandF(
    264264      array

  • trunk/plugins/LocalFilesEditor/update_config.php

    r5196 r6664  
    3838  $query = '
    3939UPDATE ' . CONFIG_TABLE . '
    40 SET value = "' . $_POST['editarea'] . '"
    41 WHERE param="LocalFilesEditor"
     40SET value = \'' . $_POST['editarea'] . '\'
     41WHERE param=\'LocalFilesEditor\'
    4242LIMIT 1';
    4343  pwg_query($query);
Note: See TracChangeset for help on using the changeset viewer.