Update of /cvsroot/basedb/basedb/www
In directory usw-pr-cvs1:/tmp/cvs-serv19979
Modified Files:
search.inc.php
Log Message:
moved some escaping to db_insert_multicol
Index: search.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/www/search.inc.php,v
retrieving revision 1.34
retrieving revision 1.35
diff -C2 -d -r1.34 -r1.35
*** search.inc.php 7 Sep 2002 11:36:32 -0000 1.34
--- search.inc.php 8 Sep 2002 13:18:04 -0000 1.35
***************
*** 805,814 ****
if($this->position < 1)
{
- $vars[] = "search";
$keycols = array("search", "position");
$vals = array();
for($i = 0; $i < count($vars); $i++)
! $vals[] = "'".addslashes($this->{$vars[$i]})."'";
! $pos = db_insert_multicol("SearchCriterion", $keycols, $vars, $vals);
if(!$pos)
return false;
--- 805,815 ----
if($this->position < 1)
{
$keycols = array("search", "position");
+ $keyvals = array($this->search);
$vals = array();
for($i = 0; $i < count($vars); $i++)
! $vals[] =& $this->{$vars[$i]};
! $pos = db_insert_multicol("SearchCriterion",
! $keycols, $keyvals, $vars, $vals);
if(!$pos)
return false;
|
