Update of /cvsroot/basedb/basedb/www
In directory usw-pr-cvs1:/tmp/cvs-serv19778
Modified Files:
mysql.inc.php
Log Message:
Fixed missing escaping
Index: mysql.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/www/mysql.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** mysql.inc.php 7 Sep 2002 13:12:13 -0000 1.3
--- mysql.inc.php 8 Sep 2002 13:17:08 -0000 1.4
***************
*** 91,97 ****
// a column called 'id' as its primary key. The id of the newly inserted
// row is returned.
! function db_insert($table, &$names, &$values)
{
! $query = "INSERT INTO $table (".implode(", ", $names).") ".
"VALUES (".implode(", ", $values).")";
if(!query($query)) return false;
--- 91,97 ----
// a column called 'id' as its primary key. The id of the newly inserted
// row is returned.
! function db_insert($table, &$columns, &$values)
{
! $query = "INSERT INTO $table (".implode(", ", $columns).") ".
"VALUES (".implode(", ", $values).")";
if(!query($query)) return false;
***************
*** 106,114 ****
// This is the behavior you get with auto_increment on the non-first
// column of a primary key in MySQL.
! function db_insert_multicol($table, &$keycolumns, &$names, &$values)
{
! $query = "INSERT INTO $table (".implode(", ", $names).") ".
! "VALUES (".implode(", ", $values).")";
! if(!query($query)) return false;
return mysql_insert_id();
}
--- 106,123 ----
// This is the behavior you get with auto_increment on the non-first
// column of a primary key in MySQL.
! function db_insert_multicol($table, &$keycolumns, &$keyvalues,
! &$columns, &$values)
{
! $arr = array();
! for(reset($keyvalues); list(, $v) = each($keyvalues); )
! $arr[] = "'".addslashes($v)."'";
! for(reset($values); list(, $v) = each($values); )
! $arr[] = "'".addslashes($v)."'";
! $allcols = array_merge($keycolumns, $columns);
!
! $query = "INSERT INTO $table (".implode(", ", $allcols).") ".
! "VALUES (".implode(", ", $arr).")";
! if(!query($query))
! return false;
return mysql_insert_id();
}
***************
*** 147,154 ****
$arr[] = "'".addslashes($v)."'";
$query = "INSERT INTO $table ".
! "(".implode(",", $keys).",".implode(",", $columns).") ".
"VALUES (".implode(",", $arr).")";
! return query($query) && mysql_affected_rows() > 0;
}
--- 156,164 ----
$arr[] = "'".addslashes($v)."'";
+ $allcols = array_merge($keys, $columns);
$query = "INSERT INTO $table ".
! "(".implode(",", $allcols).") ".
"VALUES (".implode(",", $arr).")";
! return (bool)query($query);
}
|
