Changeset 11027


Ignore:
Timestamp:
May 23, 2011, 10:41:40 PM (13 years ago)
Author:
flop25
Message:

pwg_db_real_escape_string

Location:
extensions/hr_os_xl/admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • extensions/hr_os_xl/admin/admin.inc.php

    r10825 r11027  
    1919  $query = '
    2020UPDATE '.CONFIG_TABLE.'
    21 SET value = "'.addslashes(serialize($_POST['foo'])).'"
     21SET value = "'.pwg_db_real_escape_string(serialize($_POST['foo'])).'"
    2222WHERE param = "hr_os_xl"
    2323;';
  • extensions/hr_os_xl/admin/maintain.inc.php

    r10825 r11027  
    1616    $query = '
    1717INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment)
    18 VALUES ("hr_os_xl" , "'.addslashes(serialize($config)).'" , "hr_os_xl parameters");';
     18VALUES ("hr_os_xl" , "'.pwg_db_real_escape_string(serialize($config)).'" , "hr_os_xl parameters");';
    1919
    2020    pwg_query($query);
Note: See TracChangeset for help on using the changeset viewer.