Changeset 10931 for extensions/Copyrights/admin.php
- Timestamp:
- May 18, 2011, 10:32:20 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Copyrights/admin.php
r10874 r10931 1 1 <?php 2 // +-----------------------------------------------------------------------+ 3 // | Piwigo - a PHP based picture gallery | 4 // +-----------------------------------------------------------------------+ 5 // | Copyright(C) 2008-2009 Piwigo Team http://piwigo.org | 6 // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | 7 // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | 8 // +-----------------------------------------------------------------------+ 9 // | This program is free software; you can redistribute it and/or modify | 10 // | it under the terms of the GNU General Public License as published by | 11 // | the Free Software Foundation | 12 // | | 13 // | This program is distributed in the hope that it will be useful, but | 14 // | WITHOUT ANY WARRANTY; without even the implied warranty of | 15 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | 16 // | General Public License for more details. | 17 // | | 18 // | You should have received a copy of the GNU General Public License | 19 // | along with this program; if not, write to the Free Software | 20 // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | 21 // | USA. | 22 // +-----------------------------------------------------------------------+ 2 23 3 24 if (!defined("PHPWG_ROOT_PATH")){ … … 22 43 if (isset($_GET['tab'])) { 23 44 if ($_GET['tab'] == 'create') { 24 $name = $_REQUEST['name'];25 $url = $_REQUEST['url'];45 $name = pwg_db_real_escape_string($_REQUEST['name']); 46 $url = pwg_db_real_escape_string($_REQUEST['url']); 26 47 $visible = (isset($_REQUEST['visible']) ? 1 : 0); 27 $query = '28 INSERT INTO '.COPYRIGHTS_ADMIN.'48 $query = sprintf( 49 'INSERT INTO %s 29 50 (`name`,`url`,`visible`) VALUES 30 ("'.$name.'","'.$url.'",'.$visible.') 31 ;'; 51 ("%s","%s",%d) 52 ;', 53 COPYRIGHTS_ADMIN, $name, $url, $visible); 32 54 pwg_query($query); 33 55 } … … 36 58 $edit = 1; 37 59 $CRid = $_REQUEST['id']; 38 $query = ' 39 SELECT * 40 FROM '.COPYRIGHTS_ADMIN.' 41 WHERE `cr_id`='.$CRid.' 42 ;'; 60 $query = sprintf( 61 'SELECT * 62 FROM %s 63 WHERE `cr_id`=%d 64 ;', 65 COPYRIGHTS_ADMIN, $CRid); 43 66 $result = pwg_query($query); 44 67 $row = pwg_db_fetch_assoc($result); … … 49 72 50 73 if ($_GET['tab'] == 'update') { 51 $id = $_REQUEST['id'];52 $name = $_REQUEST['name'];53 $url = $_REQUEST['url'];74 $id = pwg_db_real_escape_string($_REQUEST['id']); 75 $name = pwg_db_real_escape_string($_REQUEST['name']); 76 $url = pwg_db_real_escape_string($_REQUEST['url']); 54 77 $visible = (isset($_REQUEST['visible']) ? 1 : 0); 55 $query = ' 56 UPDATE '.$prefixeTable.'copyrights_admin 57 SET `name`="'.$name.'", `url`="'.$url.'", `visible`='.$visible.' 58 WHERE `cr_id`='.$id.' 59 ;'; 78 $query = sprintf( 79 'UPDATE %s 80 SET `name`="%s", `url`="%s", `visible`=%d 81 WHERE `cr_id`=%d 82 ;', 83 COPYRIGHTS_ADMIN, $name, $url, $visible, $id); 60 84 pwg_query($query); 61 85 } … … 63 87 if ($_GET['tab'] == 'delete') { 64 88 $id = $_REQUEST['id']; 65 $query = ' 66 DELETE FROM '.$prefixeTable.'copyrights_admin 67 WHERE `cr_id`='.$id.' 68 ;'; 89 $query = sprintf( 90 'DELETE FROM %s 91 WHERE `cr_id`=%d 92 ;', 93 COPYRIGHTS_ADMIN, $id); 69 94 pwg_query($query); 70 95 } … … 80 105 ); 81 106 82 $query = ' 83 SELECT * 84 FROM '.COPYRIGHTS_ADMIN.' 85 ;'; 107 $query = sprintf( 108 'SELECT * 109 FROM %s 110 ;', 111 COPYTIGHTS_ADMIN); 86 112 $result = pwg_query($query); 87 113
Note: See TracChangeset
for help on using the changeset viewer.