From: Christopher Kings-L. <ch...@us...> - 2005-06-15 05:02:31
|
Update of /cvsroot/planeshift/SC In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21227 Modified Files: database.php form.php Log Message: Add NPC synonym editing. CSS fixes. More removal of duplicate code. More fixing of database, html and url escaping. Index: database.php =================================================================== RCS file: /cvsroot/planeshift/SC/database.php,v retrieving revision 1.43 retrieving revision 1.44 diff -C2 -d -r1.43 -r1.44 *** database.php 15 Jun 2005 02:59:41 -0000 1.43 --- database.php 15 Jun 2005 05:01:48 -0000 1.44 *************** *** 111,114 **** --- 111,121 ---- /** + * Escapes SQL strings + */ + function escapeSQL($string) { + return mysql_escape_string($string); + } + + /** * Generates a SQL statement to get all rows from a table * by a field or set of fields *************** *** 402,406 **** $sql = "delete from $table where"; for ($iterator=0;$iterator<count($sqlWhere['fields']);$iterator++) { ! $sql .= " " . $sqlWhere['fields'][$iterator] . " = " . $sqlWhere['values'][$iterator] . " and "; } $sql = substr($sql, 0, -5); --- 409,413 ---- $sql = "delete from $table where"; for ($iterator=0;$iterator<count($sqlWhere['fields']);$iterator++) { ! $sql .= " " . $sqlWhere['fields'][$iterator] . " = '" . $this->escapeSQL($sqlWhere['values'][$iterator]) . "' and "; } $sql = substr($sql, 0, -5); *************** *** 597,603 **** $this->getFieldsByXML($table); $sqlFields = $this->getXMLListFields(); ! if($order_by==null) { $order_by[0] = "name"; } return $this->getAllByIDLike($sqlFields, $sqlWhere, $table, $order_by); } --- 604,613 ---- $this->getFieldsByXML($table); $sqlFields = $this->getXMLListFields(); ! if($order_by === null && in_array('name', $sqlFields)) { $order_by[0] = "name"; } + elseif($order_by === null && in_array('id', $sqlFields)) { + $order_by[0] = "id"; + } return $this->getAllByIDLike($sqlFields, $sqlWhere, $table, $order_by); } Index: form.php =================================================================== RCS file: /cvsroot/planeshift/SC/form.php,v retrieving revision 1.22 retrieving revision 1.23 diff -C2 -d -r1.22 -r1.23 *** form.php 15 Jun 2005 02:59:41 -0000 1.22 --- form.php 15 Jun 2005 05:01:48 -0000 1.23 *************** *** 160,164 **** $content .= "<td nowrap class='$class'><a href='" . BASE_URL . $this->_ourPage . "/index-" . $this->_ourPage . ".php?action=" . $editAction; foreach ($keys as $k => $v) { ! $content .= "&{$k}=" . $rs->fields[$v]; } $content .= "'><img src='" . BASE_URL . "images/pencil.gif' border=0></a> </td>"; --- 160,164 ---- $content .= "<td nowrap class='$class'><a href='" . BASE_URL . $this->_ourPage . "/index-" . $this->_ourPage . ".php?action=" . $editAction; foreach ($keys as $k => $v) { ! $content .= "&" . urlencode($k) . "=" . urlencode($rs->fields[$v]); } $content .= "'><img src='" . BASE_URL . "images/pencil.gif' border=0></a> </td>"; |