[Weberp-cvs] SF.net SVN: web-erp:[3585] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 3585
          http://web-erp.svn.sourceforge.net/web-erp/?rev=3585&view=rev
Author:   tim_schofield
Date:     2010-07-07 20:56:39 +0000 (Wed, 07 Jul 2010)

Log Message:
-----------
Properly quoting sql

Modified Paths:
--------------
    trunk/GeocodeSetup.php
    trunk/doc/Change.log.html

Modified: trunk/GeocodeSetup.php
===================================================================

--- trunk/GeocodeSetup.php	2010-07-07 20:56:17 UTC (rev 3584)
+++ trunk/GeocodeSetup.php	2010-07-07 20:56:39 UTC (rev 3585)
@@ -54,7 +54,7 @@
 					map_height='" . $_POST['map_height'] . "',
 					map_width='" . $_POST['map_width'] . "',
 					map_host='" . $_POST['map_host'] . "'
-					WHERE geocodeid = $SelectedParam";
+					WHERE geocodeid = '" . $SelectedParam . "'";
 		}
 		$msg = _('The geocode status record has been updated');
 
@@ -64,7 +64,7 @@
 
 		if (isset($_POST['geocode_key']) and $_POST['geocode_key']>0){
 
-			$sql = 'INSERT INTO geocode_param (
+			$sql = "INSERT INTO geocode_param (
 					geocodeid,
 					geocode_key,
 					center_long,
@@ -72,16 +72,17 @@
 					map_height,
 					map_width,
 					map_host)
-					VALUES (' . "'
-					', '" .
-					$_POST['geocode_key'] . "', '" .
-					$_POST['center_long'] . "', '" .
-					$_POST['center_lat'] . "', '" .
-					$_POST['map_height'] . "', '" .
-					$_POST['map_width'] . "', '" .
-					$_POST['map_host'] . "')";
+					VALUES (" . "
+					'',
+					'" . $_POST['geocode_key'] . "',
+					'" . $_POST['center_long'] . "',
+					'" . $_POST['center_lat'] . "',
+					'" . $_POST['map_height'] . "',
+					'" . $_POST['map_width'] . "',
+					'" . $_POST['map_host'] . "'
+					)";
 		} else {
-			$sql = 'INSERT INTO geocode_param (
+			$sql = "INSERT INTO geocode_param (
 					geocodeid,
 					geocode_key,
 					center_long,
@@ -89,14 +90,15 @@
 					map_height,
 					map_width,
 					map_host)
-					VALUES (' . "'" .
-					$_POST['geocodeid'] . "', '" .
-					$_POST['geocode_key'] . "', '" .
-					$_POST['center_long'] . "', '" .
-					$_POST['center_lat'] . "', '" .
-					$_POST['map_height'] . "', '" .
-					$_POST['map_width'] . "', '" .
-					$_POST['map_host'] . "')";
+					VALUES (
+					'" . $_POST['geocodeid'] . "',
+					'" . $_POST['geocode_key'] . "',
+					'" . $_POST['center_long'] . "',
+					'" . $_POST['center_lat'] . "',
+					'" . $_POST['map_height'] . "',
+					'" . $_POST['map_width'] . "',
+					'" . $_POST['map_host'] . "
+					')";
 		}
 
 		$msg = _('A new geocode status record has been inserted');
@@ -110,7 +112,7 @@
 	}
 } elseif (isset($_GET['delete'])) {
 //the link to delete a selected record was clicked instead of the submit button
-$sql = 'DELETE FROM geocode_param WHERE geocodeid = ' . $_GET['delete'] . ' LIMIT 1';
+$sql = "DELETE FROM geocode_param WHERE geocodeid = '" . $_GET['delete'] . "' LIMIT 1";
 $result = DB_query($sql,$db);
 $msg = _('Geocode deleted');
 	//end if status code used in customer or supplier accounts
@@ -126,7 +128,7 @@
 links to delete or edit each. These will call the same page again and allow update/input
 or deletion of the records*/
 
-	$sql = 'SELECT geocodeid, geocode_key, center_long, center_lat, map_height, map_width, map_host FROM geocode_param';
+	$sql = "SELECT geocodeid, geocode_key, center_long, center_lat, map_height, map_width, map_host FROM geocode_param";
 	$result = DB_query($sql, $db);
 
 	echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Geocode Setup') . '" alt="">'. _('Setup configuration for Geocoding of Customers and Suppliers') .'</p>';
@@ -203,7 +205,7 @@
 				map_width,
 				map_host
 			FROM geocode_param
-			WHERE geocodeid='$SelectedParam'";
+			WHERE geocodeid='" . $SelectedParam . "'";
 
 		$result = DB_query($sql, $db);
 		$myrow = DB_fetch_array($result);
@@ -269,4 +271,4 @@
 echo '<a href="' . $rootpath . '/geo_displaymap_suppliers.php">' . _('Display Map of Suppliers') . '</a></div>';
 } //end if record deleted no point displaying form to add record
 include('includes/footer.inc');
-?>
+?>
\ No newline at end of file

Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html	2010-07-07 20:56:17 UTC (rev 3584)
+++ trunk/doc/Change.log.html	2010-07-07 20:56:39 UTC (rev 3585)
@@ -1,5 +1,6 @@
 <p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
 <p></p>
+<p>07/07/10 Tim: GeocodeStup.php - Properly quoting sql</p>
 <p>07/07/10 Tim: FreightCosts.php - Layout improvements and properly quoting sql</p>
 <p>07/07/10 Tim: Factors.php - Redo much of script to conform more with webERP standards</p>
 <p>07/07/10 Tim: ExchangeRateTrend.php - Add Javascript, and layout improvements</p>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Weberp-cvs] SF.net SVN: web-erp:[3585] trunk

Accounting & Best Practice Business Administration System

[Weberp-cvs] SF.net SVN: web-erp:[3585] trunk