From: Gianluca S. <gi...@gm...> - 2008-02-29 08:43:43
|
On Thu, Feb 28, 2008 at 9:50 PM, <pri...@us...> wrote: > Revision: 5064 > http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5064&view=rev > Author: prichards > Date: 2008-02-28 12:49:58 -0800 (Thu, 28 Feb 2008) > > Log Message: > ----------- > fix doubleescapping > > Modified Paths: > -------------- > trunk/mantisbt/core/tokens_api.php > > Modified: trunk/mantisbt/core/tokens_api.php > =================================================================== > --- trunk/mantisbt/core/tokens_api.php 2008-02-28 16:56:16 UTC (rev 5063) > +++ trunk/mantisbt/core/tokens_api.php 2008-02-28 20:49:58 UTC (rev 5064) > @@ -215,7 +215,6 @@ > function token_update( $p_token_id, $p_value, $p_expiry = TOKEN_EXPIRY ) { > token_ensure_exists( $p_token_id ); > $c_token_id = db_prepare_int( $p_token_id ); > - $c_value = db_prepare_string( $p_value ); > $c_expiry = db_timestamp( db_date(time() + $p_expiry) ); > > $t_tokens_table = db_get_table( 'mantis_tokens_table' ); > @@ -223,7 +222,7 @@ > $t_query = "UPDATE $t_tokens_table > SET value=" . db_param(0) . ", expiry=" . db_param(1) . " > WHERE id=" . db_param(2); > - db_query_bound( $t_query, Array( $c_value, $c_expiry, $c_token_id ) ); > + db_query_bound( $t_query, Array( $p_value, $c_expiry, $c_token_id ) ); > > return true; > } > So now this query has one "raw" and two prepared parameters: why? IOW, how do I know when I should or should not prepare a query parameter to feed db_query_bound? Cheers Gianluca |