[basedb-cvs] basedb/www mysql.inc.php,1.6,1.7

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/basedb/basedb/www
In directory usw-pr-cvs1:/tmp/cvs-serv22821

Modified Files:
	mysql.inc.php 
Log Message:
Added forgotten escaping in db_insert

Index: mysql.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/www/mysql.inc.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** mysql.inc.php	8 Sep 2002 14:50:02 -0000	1.6
--- mysql.inc.php	8 Sep 2002 18:05:24 -0000	1.7
***************
*** 93,99 ****
  function db_insert($table, &$columns, &$values)
  {
  	$query = "INSERT INTO $table (".implode(", ", $columns).") ".
! 		"VALUES (".implode(", ", $values).")";
! 	if(!query($query)) return false;
  	return mysql_insert_id();
  }
--- 93,104 ----
  function db_insert($table, &$columns, &$values)
  {
+ 	$arr = array();
+ 	for(reset($values); list(, $v) = each($values); )
+ 		$arr[] = "'".addslashes($v)."'";
+ 
  	$query = "INSERT INTO $table (".implode(", ", $columns).") ".
! 		"VALUES (".implode(", ", $arr).")";
! 	if(!query($query))
! 		return false;
  	return mysql_insert_id();
  }