Ignore:
Timestamp:
May 23, 2011, 10:41:45 PM (13 years ago)
Author:
flop25
Message:

pwg_db_real_escape_string

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/hr_os/admin/admin.inc.php

    r10826 r11028  
    1919  $query = '
    2020UPDATE '.CONFIG_TABLE.'
    21 SET value = "'.addslashes(serialize($_POST['foo'])).'"
     21SET value = "'.pwg_db_real_escape_string(serialize($_POST['foo'])).'"
    2222WHERE param = "hr_os"
    2323;';
Note: See TracChangeset for help on using the changeset viewer.