[Phpbb-checkins] CVS: phpBB2/admin admin_styles.php,1.13,1.14

[Paul S. O. <ps...@us...>]

Update of /cvsroot/phpbb/phpBB2/admin
In directory usw-pr-cvs1:/tmp/cvs-serv15757/admin

Modified Files:
	admin_styles.php 
Log Message:
More \' changes ... will they ever end?

Index: admin_styles.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/admin/admin_styles.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -r1.13 -r1.14
*** admin_styles.php	2001/12/21 01:43:00	1.13
--- admin_styles.php	2001/12/24 13:26:00	1.14
***************
*** 83,87 ****
  					{
  						$db_fields[] = $key;
! 						$db_values[] = $val;
  					}
  				}
--- 83,87 ----
  					{
  						$db_fields[] = $key;
! 						$db_values[] = str_replace("\'", "''" , $val);
  					}
  				}
***************
*** 144,152 ****
  								$sql = "SELECT themes_id 
  									FROM " . THEMES_TABLE . " 
! 									WHERE style_name = '$style_name'";
  								if(!$result = $db->sql_query($sql))
  								{
  									message_die(GENREAL_ERROR, "Could not query themes table!", "Error", __LINE__, __FILE__, $sql);
  								}
  								if(!$db->sql_numrows($result))
  								{
--- 144,153 ----
  								$sql = "SELECT themes_id 
  									FROM " . THEMES_TABLE . " 
! 									WHERE style_name = '" . str_replace("\'", "''", $style_name) . "'";
  								if(!$result = $db->sql_query($sql))
  								{
  									message_die(GENREAL_ERROR, "Could not query themes table!", "Error", __LINE__, __FILE__, $sql);
  								}
+ 
  								if(!$db->sql_numrows($result))
  								{
***************
*** 289,293 ****
  					// an error and save me alot of typing
  					//
! 					$sql .= ( stristr($key, "fontsize") ) ? "$key = $val" : "$key = '$val'";
  
  					$count++;
--- 290,294 ----
  					// an error and save me alot of typing
  					//
! 					$sql .= ( stristr($key, "fontsize") ) ? "$key = $val" : "$key = '" . str_replace("\'", "''", $val) . "'";
  
  					$count++;
***************
*** 340,344 ****
  					{
  						$fields[] = $key;
! 						$vals[] = $val;
  					}
  
--- 341,345 ----
  					{
  						$fields[] = $key;
! 						$vals[] = str_replace("\'", "''", $val);
  					}
  
***************
*** 379,384 ****
  				// First, check if we already have a style by this name
  				//
! 				$sql = "SELECT themes_id FROM " . THEMES_TABLE . " WHERE style_name = '" . $updated['style_name'] . "'";
! 				
  				if(!$result = $db->sql_query($sql))
  				{
--- 380,386 ----
  				// First, check if we already have a style by this name
  				//
! 				$sql = "SELECT themes_id 
! 					FROM " . THEMES_TABLE . " 
! 					WHERE style_name = '" . str_replace("\'", "''", $updated['style_name']) . "'";
  				if(!$result = $db->sql_query($sql))
  				{
***************
*** 401,409 ****
  					else
  					{
! 						$values[] = "'$val'";
  					}
  				}
  				
! 				$sql = "INSERT INTO " . THEMES_TABLE . " (";
  				for($i = 0; $i < count($field_names); $i++)
  				{
--- 403,412 ----
  					else
  					{
! 						$values[] = "'" . str_replace("\'", "''", $val) . "'";
  					}
  				}
  				
! 				$sql = "INSERT 
! 					INTO " . THEMES_TABLE . " (";
  				for($i = 0; $i < count($field_names); $i++)
  				{