[basedb-cvs] basedb/www mysql.inc.php,1.3,1.4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/basedb/basedb/www
In directory usw-pr-cvs1:/tmp/cvs-serv19778

Modified Files:
	mysql.inc.php 
Log Message:
Fixed missing escaping

Index: mysql.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/www/mysql.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** mysql.inc.php	7 Sep 2002 13:12:13 -0000	1.3
--- mysql.inc.php	8 Sep 2002 13:17:08 -0000	1.4
***************
*** 91,97 ****
  // a column called 'id' as its primary key. The id of the newly inserted
  // row is returned.
! function db_insert($table, &$names, &$values)
  {
! 	$query = "INSERT INTO $table (".implode(", ", $names).") ".
  		"VALUES (".implode(", ", $values).")";
  	if(!query($query)) return false;
--- 91,97 ----
  // a column called 'id' as its primary key. The id of the newly inserted
  // row is returned.
! function db_insert($table, &$columns, &$values)
  {
! 	$query = "INSERT INTO $table (".implode(", ", $columns).") ".
  		"VALUES (".implode(", ", $values).")";
  	if(!query($query)) return false;
***************
*** 106,114 ****
  // This is the behavior you get with auto_increment on the non-first
  // column of a primary key in MySQL.
! function db_insert_multicol($table, &$keycolumns, &$names, &$values)
  {
! 	$query = "INSERT INTO $table (".implode(", ", $names).") ".
! 		"VALUES (".implode(", ", $values).")";
! 	if(!query($query)) return false;
  	return mysql_insert_id();
  }
--- 106,123 ----
  // This is the behavior you get with auto_increment on the non-first
  // column of a primary key in MySQL.
! function db_insert_multicol($table, &$keycolumns, &$keyvalues,
! 	&$columns, &$values)
  {
! 	$arr = array();
! 	for(reset($keyvalues); list(, $v) = each($keyvalues); )
! 		$arr[] = "'".addslashes($v)."'";
! 	for(reset($values); list(, $v) = each($values); )
! 		$arr[] = "'".addslashes($v)."'";
! 	$allcols = array_merge($keycolumns, $columns);
! 
! 	$query = "INSERT INTO $table (".implode(", ", $allcols).") ".
! 		"VALUES (".implode(", ", $arr).")";
! 	if(!query($query))
! 		return false;
  	return mysql_insert_id();
  }
***************
*** 147,154 ****
  		$arr[] = "'".addslashes($v)."'";
  
  	$query = "INSERT INTO $table ".
! 		"(".implode(",", $keys).",".implode(",", $columns).") ".
  		"VALUES (".implode(",", $arr).")";
! 	return query($query) && mysql_affected_rows() > 0;
  }
  
--- 156,164 ----
  		$arr[] = "'".addslashes($v)."'";
  
+ 	$allcols = array_merge($keys, $columns);
  	$query = "INSERT INTO $table ".
! 		"(".implode(",", $allcols).") ".
  		"VALUES (".implode(",", $arr).")";
! 	return (bool)query($query);
  }