Changeset 4367 for trunk/include/functions_user.inc.php

Timestamp:

Nov 25, 2009, 8:02:57 PM (14 years ago)

Author:

nikrou

Message:

Feature 1255: modification in sql queries

• manage random function
• manage regex syntax
• manage quote (single instead of double)
• manage interval

File:

• trunk/include/functions_user.inc.php (modified) (3 diffs)

trunk/include/functions_user.inc.php

@@ -386 +386 @@
   ('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\','
   .$userdata['cache_update_time'].',\''
-  .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"'
-  .$userdata['image_access_type'].'","'.$userdata['image_access_list'].'")';
+  .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',\''
+  .$userdata['image_access_type'].'\',\''.$userdata['image_access_list'].'\')';
       pwg_query($query);
     }
@@ -633 +633 @@
   if ( isset($filter_days) )
   {
-    $query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)';
+    $query .= ' AND i.date_available > '.pwg_db_get_recent_period_expression($filter_days);
   }
 
@@ -1040 +1040 @@
        '.$conf['user_fields']['password'].' AS password
   FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username'].' = \''.mysql_real_escape_string($username).'\'
+  WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
 ;';
   $row = pwg_db_fetch_assoc(pwg_query($query));