Changeset 1488
- Timestamp:
- Jul 21, 2006, 3:47:50 PM (18 years ago)
- Location:
- branches/branch-1_6
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/branch-1_6/admin/tags.php
r1453 r1488 150 150 if (isset($_POST['add']) and !empty($_POST['add_tag'])) 151 151 { 152 if (function_exists('mysql_real_escape_string')) 153 { 154 $tag_name = mysql_real_escape_string($_POST['add_tag']); 155 } 156 else 157 { 158 $tag_name = mysql_escape_string($_POST['add_tag']); 159 } 152 $tag_name = $_POST['add_tag']; 160 153 161 154 // does the tag already exists? … … 163 156 SELECT id 164 157 FROM '.TAGS_TABLE.' 165 WHERE name = \''. $tag_name.'\'158 WHERE name = \''.pwg_quotemeta($tag_name).'\' 166 159 ;'; 167 160 $existing_tags = array_from_query($query, 'id'); … … 174 167 array( 175 168 array( 176 'name' => $tag_name,169 'name' => pwg_quotemeta($tag_name), 177 170 'url_name' => str2url($tag_name), 178 171 ) … … 184 177 sprintf( 185 178 l10n('Tag "%s" was added'), 186 $tag_name179 pwg_stripslashes($tag_name) 187 180 ) 188 181 ); … … 194 187 sprintf( 195 188 l10n('Tag "%s" already exists'), 196 $tag_name189 pwg_stripslashes($tag_name) 197 190 ) 198 191 ); -
branches/branch-1_6/include/functions.inc.php
r1401 r1488 461 461 } 462 462 463 function pwg_stripslashes($value) 464 { 465 if (get_magic_quotes_gpc()) 466 { 467 $value = stripslashes($value); 468 } 469 return $value; 470 } 471 472 function pwg_addslashes($value) 473 { 474 if (!get_magic_quotes_gpc()) 475 { 476 $value = addslashes($value); 477 } 478 return $value; 479 } 480 481 function pwg_quotemeta($value) 482 { 483 if (get_magic_quotes_gpc()) { 484 $value = stripslashes($value); 485 } 486 if (function_exists('mysql_real_escape_string')) 487 { 488 $value = mysql_real_escape_string($value); 489 } 490 else 491 { 492 $value = mysql_escape_string($value); 493 } 494 return $value; 495 } 496 463 497 function pwg_query($query) 464 498 {
Note: See TracChangeset
for help on using the changeset viewer.