Changeset 6550 for trunk/admin/include/functions_upgrade.php

Timestamp:

Jun 17, 2010, 8:10:11 PM (14 years ago)

Author:

nikrou

Message:

Bug 1733 fixed : single quotes in queries

File:

• trunk/admin/include/functions_upgrade.php (modified) (4 diffs)

trunk/admin/include/functions_upgrade.php

@@ -88 +88 @@
 FROM '.PREFIX_TABLE.'plugins
 WHERE state = "active"
-AND id NOT IN ("' . implode('","', $standard_plugins) . '")
+AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
 ;';
 
@@ -103 +103 @@
 UPDATE '.PREFIX_TABLE.'plugins
 SET state="inactive"
-WHERE id IN ("' . implode('","', $plugins) . '")
+WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
 ;';
     pwg_query($query);
@@ -163 +163 @@
 SELECT password, status
 FROM '.USERS_TABLE.'
-WHERE username = "'.$username.'"
+WHERE username = \''.$username.'\'
 ;';
   }
@@ -173 +173 @@
 INNER JOIN '.USER_INFOS_TABLE.' AS ui
 ON u.'.$conf['user_fields']['id'].'=ui.user_id
-WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
 ;';
   }