Changeset 6550

Timestamp:

Jun 17, 2010, 8:10:11 PM (14 years ago)

Author:

nikrou

Message:

Bug 1733 fixed : single quotes in queries

Location:

trunk/admin

Files:

• cat_modify.php (modified) (1 diff)
• extend_for_templates.php (modified) (1 diff)
• include/functions_permalinks.php (modified) (6 diffs)
• include/functions_upgrade.php (modified) (4 diffs)
• include/languages.class.php (modified) (3 diffs)
• include/themes.class.php (modified) (2 diffs)
• languages_installed.php (modified) (1 diff)
• permalinks.php (modified) (1 diff)
• thumbnail.php (modified) (1 diff)

trunk/admin/cat_modify.php

@@ -93 +93 @@
   {
     $query = '
-UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':"'$image_order'").'
-  WHERE uppercats LIKE "'.$cat_info['uppercats'].',%"';
+UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':'\''.$image_order.'\'').'
+  WHERE uppercats LIKE \''.$cat_info['uppercats'].',%\'';
     pwg_query($query);
   }

trunk/admin/extend_for_templates.php

@@ -140 +140 @@
   $tpl_extension = $replacements;
   /* ecrire la nouvelle conf */
-  $query = "
-UPDATE ".CONFIG_TABLE."
-  SET value = '". $conf['extents_for_templates'] ."'
-WHERE param = 'extents_for_templates';";
+  $query = '
+UPDATE '.CONFIG_TABLE.'
+  SET value = \''. $conf['extents_for_templates'] .'\'
+WHERE param = \'extents_for_templates\';';
   if (pwg_query($query))
   {

trunk/admin/include/functions_permalinks.php

@@ -29 +29 @@
   $query ='
 SELECT id FROM '.CATEGORIES_TABLE.'
-  WHERE permalink="'.$permalink.'"';
+  WHERE permalink=\''.$permalink.'\'';
   $ids = array_from_query($query, 'id');
   if (!empty($ids))
@@ -70 +70 @@
 SELECT permalink
   FROM '.CATEGORIES_TABLE.'
-  WHERE id="'.$cat_id.'"
+  WHERE id=\''.$cat_id.'\'
 ;';
   $result = pwg_query($query);
@@ -109 +109 @@
 UPDATE '.OLD_PERMALINKS_TABLE.'
   SET date_deleted=NOW()
-  WHERE cat_id='.$cat_id.' AND permalink="'.$permalink.'"';
+  WHERE cat_id='.$cat_id.' AND permalink=\''.$permalink.'\'';
     }
     else
@@ -117 +117 @@
   (permalink, cat_id, date_deleted)
 VALUES
-  ( "'.$permalink.'",'.$cat_id.',NOW() )';
+  ( \''.$permalink.'\','.$cat_id.',NOW() )';
     }
     pwg_query( $query );
@@ -186 +186 @@
     $query = '
 DELETE FROM '.OLD_PERMALINKS_TABLE.'
-  WHERE cat_id='.$old_cat_id.' AND permalink="'.$permalink.'"';
+  WHERE cat_id='.$old_cat_id.' AND permalink=\''.$permalink.'\'';
     pwg_query($query);
   }
@@ -192 +192 @@
   $query = '
 UPDATE '.CATEGORIES_TABLE.'
-  SET permalink="'.$permalink.'"
+  SET permalink=\''.$permalink.'\'
   WHERE id='.$cat_id;
   //  LIMIT 1';

trunk/admin/include/functions_upgrade.php

@@ -88 +88 @@
 FROM '.PREFIX_TABLE.'plugins
 WHERE state = "active"
-AND id NOT IN ("' . implode('","', $standard_plugins) . '")
+AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
 ;';
 
@@ -103 +103 @@
 UPDATE '.PREFIX_TABLE.'plugins
 SET state="inactive"
-WHERE id IN ("' . implode('","', $plugins) . '")
+WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
 ;';
     pwg_query($query);
@@ -163 +163 @@
 SELECT password, status
 FROM '.USERS_TABLE.'
-WHERE username = "'.$username.'"
+WHERE username = \''.$username.'\'
 ;';
   }
@@ -173 +173 @@
 INNER JOIN '.USER_INFOS_TABLE.' AS ui
 ON u.'.$conf['user_fields']['id'].'=ui.user_id
-WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
 ;';
   }

trunk/admin/include/languages.class.php

@@ -100 +100 @@
         }
 
-        $query = "
+        $query = '
 DELETE
-  FROM ".LANGUAGES_TABLE."
-  WHERE id= '".$language_id."'
-;";
+  FROM '.LANGUAGES_TABLE.'
+  WHERE id= \''.$language_id.'\'
+;';
         pwg_query($query);
         break;
@@ -123 +123 @@
         $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.get_default_language().'"
-  WHERE language = "'.$language_id.'"
+  SET language = \''.get_default_language().'\'
+  WHERE language = \''.$language_id.'\'
 ;';
         pwg_query($query);
@@ -137 +137 @@
         $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.$language_id.'"
+  SET language = \''.$language_id.'\'
   WHERE user_id = '.$conf['default_user_id'].'
 ;';

trunk/admin/include/themes.class.php

@@ -176 +176 @@
         }
 
-        $query = "
+        $query = '
 DELETE
-  FROM ".THEMES_TABLE."
-  WHERE id= '".$theme_id."'
-;";
+  FROM '.THEMES_TABLE.'
+  WHERE id= \''.$theme_id.'\'
+;';
         pwg_query($query);
         break;
@@ -301 +301 @@
     if (!empty($id))
     {
-      $clauses[] = "id = '".$id."'";
+      $clauses[] = 'id = \''.$id.'\'';
     }
     if (count($clauses) > 0)

trunk/admin/languages_installed.php

@@ -115 +115 @@
   $query = '
 UPDATE '.USER_INFOS_TABLE.'
-  SET language = "'.get_default_language().'"
-  WHERE language = "'.$language_id.'"
+  SET language = \''.get_default_language().'\'
+  WHERE language = \''.$language_id.'\'
 ;';
   pwg_query($query);
 
-  $query = "
+  $query = '
 DELETE
-  FROM ".LANGUAGES_TABLE."
-  WHERE id= '".$language_id."'
-;";
+  FROM '.LANGUAGES_TABLE.'
+  WHERE id= \''.$language_id.'\'
+;';
   pwg_query($query);
 }

trunk/admin/permalinks.php

@@ -97 +97 @@
   $query = '
 DELETE FROM '.OLD_PERMALINKS_TABLE.'
-  WHERE permalink="'.$_GET['delete_permanent'].'"
+  WHERE permalink=\''.$_GET['delete_permanent'].'\'
   LIMIT 1';
   $result = pwg_query($query);

trunk/admin/thumbnail.php

@@ -184 +184 @@
 $query = '
 SELECT galleries_url FROM '.SITES_TABLE.'
-  WHERE galleries_url NOT LIKE "http://%"
+  WHERE galleries_url NOT LIKE \'http://%\'
 ;';
 $result = pwg_query($query);