Update of /cvsroot/basedb/basedb/www
In directory usw-pr-cvs1:/tmp/cvs-serv22821
Modified Files:
mysql.inc.php
Log Message:
Added forgotten escaping in db_insert
Index: mysql.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/www/mysql.inc.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** mysql.inc.php 8 Sep 2002 14:50:02 -0000 1.6
--- mysql.inc.php 8 Sep 2002 18:05:24 -0000 1.7
***************
*** 93,99 ****
function db_insert($table, &$columns, &$values)
{
$query = "INSERT INTO $table (".implode(", ", $columns).") ".
! "VALUES (".implode(", ", $values).")";
! if(!query($query)) return false;
return mysql_insert_id();
}
--- 93,104 ----
function db_insert($table, &$columns, &$values)
{
+ $arr = array();
+ for(reset($values); list(, $v) = each($values); )
+ $arr[] = "'".addslashes($v)."'";
+
$query = "INSERT INTO $table (".implode(", ", $columns).") ".
! "VALUES (".implode(", ", $arr).")";
! if(!query($query))
! return false;
return mysql_insert_id();
}
|
