Bug 1733 fixed : single quotes in queries

git-svn-id: http://piwigo.org/svn/trunk@6550 68402e56-0260-453c-a942-63ccdbb3a9ee
Piwigo · Jun 17, 2010 · 324bdad · 324bdad
1 parent c148504
commit 324bdad
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 36 deletions.
diff --git a/admin/cat_modify.php b/admin/cat_modify.php
@@ -92,8 +92,8 @@
   if (isset($_POST['image_order_subcats']))
   {
     $query = '
-UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':"'$image_order'").'
-  WHERE uppercats LIKE "'.$cat_info['uppercats'].',%"';
+UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':'\''.$image_order.'\'').'
+  WHERE uppercats LIKE \''.$cat_info['uppercats'].',%\'';
     pwg_query($query);
   }
 

diff --git a/admin/extend_for_templates.php b/admin/extend_for_templates.php
@@ -139,10 +139,10 @@
   $conf['extents_for_templates'] = serialize($replacements);
   $tpl_extension = $replacements;
   /* ecrire la nouvelle conf */
-  $query = "
-UPDATE ".CONFIG_TABLE."
-  SET value = '". $conf['extents_for_templates'] ."'
-WHERE param = 'extents_for_templates';";
+  $query = '
+UPDATE '.CONFIG_TABLE.'
+  SET value = \''. $conf['extents_for_templates'] .'\'
+WHERE param = \'extents_for_templates\';';
   if (pwg_query($query))
   {
     array_push($page['infos'], 

diff --git a/admin/include/functions_permalinks.php b/admin/include/functions_permalinks.php
@@ -28,7 +28,7 @@ function get_cat_id_from_permalink( $permalink )
 {
   $query ='
 SELECT id FROM '.CATEGORIES_TABLE.'
-  WHERE permalink="'.$permalink.'"';
+  WHERE permalink=\''.$permalink.'\'';
   $ids = array_from_query($query, 'id');
   if (!empty($ids))
   {
@@ -69,7 +69,7 @@ function delete_cat_permalink( $cat_id, $save )
   $query = '
 SELECT permalink
   FROM '.CATEGORIES_TABLE.'
-  WHERE id="'.$cat_id.'"
+  WHERE id=\''.$cat_id.'\'
 ;';
   $result = pwg_query($query);
   if ( pwg_db_num_rows($result) )
@@ -108,15 +108,15 @@ function delete_cat_permalink( $cat_id, $save )
       $query = '
 UPDATE '.OLD_PERMALINKS_TABLE.'
   SET date_deleted=NOW()
-  WHERE cat_id='.$cat_id.' AND permalink="'.$permalink.'"';
+  WHERE cat_id='.$cat_id.' AND permalink=\''.$permalink.'\'';
     }
     else
     {
       $query = '
 INSERT INTO '.OLD_PERMALINKS_TABLE.'
   (permalink, cat_id, date_deleted)
 VALUES
-  ( "'.$permalink.'",'.$cat_id.',NOW() )';
+  ( \''.$permalink.'\','.$cat_id.',NOW() )';
     }
     pwg_query( $query );
   }
@@ -185,13 +185,13 @@ function set_cat_permalink( $cat_id, $permalink, $save )
     assert( $old_cat_id==$cat_id );
     $query = '
 DELETE FROM '.OLD_PERMALINKS_TABLE.'
-  WHERE cat_id='.$old_cat_id.' AND permalink="'.$permalink.'"';
+  WHERE cat_id='.$old_cat_id.' AND permalink=\''.$permalink.'\'';
     pwg_query($query);
   }
 
   $query = '
 UPDATE '.CATEGORIES_TABLE.'
-  SET permalink="'.$permalink.'"
+  SET permalink=\''.$permalink.'\'
   WHERE id='.$cat_id;
   //  LIMIT 1';
   pwg_query($query);

diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
@@ -87,7 +87,7 @@ function deactivate_non_standard_plugins()
 SELECT id
 FROM '.PREFIX_TABLE.'plugins
 WHERE state = "active"
-AND id NOT IN ("' . implode('","', $standard_plugins) . '")
+AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
 ;';
 
   $result = pwg_query($query);
@@ -102,7 +102,7 @@ function deactivate_non_standard_plugins()
     $query = '
 UPDATE '.PREFIX_TABLE.'plugins
 SET state="inactive"
-WHERE id IN ("' . implode('","', $plugins) . '")
+WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
 ;';
     pwg_query($query);
 
@@ -162,7 +162,7 @@ function check_upgrade_access_rights()
     $query = '
 SELECT password, status
 FROM '.USERS_TABLE.'
-WHERE username = "'.$username.'"
+WHERE username = \''.$username.'\'
 ;';
   }
   else
@@ -172,7 +172,7 @@ function check_upgrade_access_rights()
 FROM '.USERS_TABLE.' AS u
 INNER JOIN '.USER_INFOS_TABLE.' AS ui
 ON u.'.$conf['user_fields']['id'].'=ui.user_id
-WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
 ;';
   }
   $row = pwg_db_fetch_assoc(pwg_query($query));

diff --git a/admin/include/languages.class.php b/admin/include/languages.class.php
@@ -99,11 +99,11 @@ function perform_action($action, $language_id)
           break;
         }
 
-        $query = "
+        $query = '
 DELETE
-  FROM ".LANGUAGES_TABLE."
-  WHERE id= '".$language_id."'
-;";
+  FROM '.LANGUAGES_TABLE.'
+  WHERE id= \''.$language_id.'\'
+;';
         pwg_query($query);
         break;
 
@@ -122,8 +122,8 @@ function perform_action($action, $language_id)
         // Set default language to user who are using this language
         $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.get_default_language().'"
-  WHERE language = "'.$language_id.'"
+  SET language = \''.get_default_language().'\'
+  WHERE language = \''.$language_id.'\'
 ;';
         pwg_query($query);
 
@@ -136,7 +136,7 @@ function perform_action($action, $language_id)
       case 'set_default':
         $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.$language_id.'"
+  SET language = \''.$language_id.'\'
   WHERE user_id = '.$conf['default_user_id'].'
 ;';
         pwg_query($query);

diff --git a/admin/include/themes.class.php b/admin/include/themes.class.php
@@ -175,11 +175,11 @@ function perform_action($action, $theme_id)
           }
         }
 
-        $query = "
+        $query = '
 DELETE
-  FROM ".THEMES_TABLE."
-  WHERE id= '".$theme_id."'
-;";
+  FROM '.THEMES_TABLE.'
+  WHERE id= \''.$theme_id.'\'
+;';
         pwg_query($query);
         break;
 
@@ -300,7 +300,7 @@ function get_db_themes($id='')
     $clauses = array();
     if (!empty($id))
     {
-      $clauses[] = "id = '".$id."'";
+      $clauses[] = 'id = \''.$id.'\'';
     }
     if (count($clauses) > 0)
     {

diff --git a/admin/languages_installed.php b/admin/languages_installed.php
@@ -114,16 +114,16 @@
 {
   $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.get_default_language().'"
-  WHERE language = "'.$language_id.'"
+  SET language = \''.get_default_language().'\'
+  WHERE language = \''.$language_id.'\'
 ;';
   pwg_query($query);
 
-  $query = "
+  $query = '
 DELETE
-  FROM ".LANGUAGES_TABLE."
-  WHERE id= '".$language_id."'
-;";
+  FROM '.LANGUAGES_TABLE.'
+  WHERE id= \''.$language_id.'\'
+;';
   pwg_query($query);
 }
 

diff --git a/admin/permalinks.php b/admin/permalinks.php
@@ -96,7 +96,7 @@ function parse_sort_variables(
 {
   $query = '
 DELETE FROM '.OLD_PERMALINKS_TABLE.'
-  WHERE permalink="'.$_GET['delete_permanent'].'"
+  WHERE permalink=\''.$_GET['delete_permanent'].'\'
   LIMIT 1';
   $result = pwg_query($query);
   if (pwg_db_changes($result)==0)

diff --git a/admin/thumbnail.php b/admin/thumbnail.php
@@ -183,7 +183,7 @@ function RatioResizeImg($info, $path, $newWidth, $newHeight, $tn_ext)
 // what is the directory to search in ?
 $query = '
 SELECT galleries_url FROM '.SITES_TABLE.'
-  WHERE galleries_url NOT LIKE "http://%"
+  WHERE galleries_url NOT LIKE \'http://%\'
 ;';
 $result = pwg_query($query);
 while ( $row=pwg_db_fetch_assoc($result) )