Changeset 1487 for trunk/admin/tags.php
- Timestamp:
- Jul 21, 2006, 3:44:22 PM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/tags.php
r1452 r1487 150 150 if (isset($_POST['add']) and !empty($_POST['add_tag'])) 151 151 { 152 if (function_exists('mysql_real_escape_string')) 153 { 154 $tag_name = mysql_real_escape_string($_POST['add_tag']); 155 } 156 else 157 { 158 $tag_name = mysql_escape_string($_POST['add_tag']); 159 } 152 $tag_name = $_POST['add_tag']; 160 153 161 154 // does the tag already exists? … … 163 156 SELECT id 164 157 FROM '.TAGS_TABLE.' 165 WHERE name = \''. $tag_name.'\'158 WHERE name = \''.pwg_quotemeta($tag_name).'\' 166 159 ;'; 167 160 $existing_tags = array_from_query($query, 'id'); … … 174 167 array( 175 168 array( 176 'name' => $tag_name,169 'name' => pwg_quotemeta($tag_name), 177 170 'url_name' => str2url($tag_name), 178 171 ) … … 184 177 sprintf( 185 178 l10n('Tag "%s" was added'), 186 $tag_name179 pwg_stripslashes($tag_name) 187 180 ) 188 181 ); … … 194 187 sprintf( 195 188 l10n('Tag "%s" already exists'), 196 $tag_name189 pwg_stripslashes($tag_name) 197 190 ) 198 191 );
Note: See TracChangeset
for help on using the changeset viewer.