Skip to content

Commit 0935854

Browse files
tbrehmtbrehm
committed
Fixed a bug in tform.inc.php
1 parent c46870f commit 0935854

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

interface/lib/classes/tform.inc.php

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -470,7 +470,8 @@ function getHTML($record, $tab, $action = 'NEW') {
470470
* @return record
471471
*/
472472
function encode($record,$tab) {
473-
473+
global $app;
474+
474475
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab).");
475476
//$this->errorMessage = '';
476477

@@ -482,14 +483,14 @@ function encode($record,$tab) {
482483
switch ($field['datatype']) {
483484
case 'VARCHAR':
484485
if(!@is_array($record[$key])) {
485-
$new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
486+
$new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
486487
} else {
487488
$new_record[$key] = implode($field['separator'],$record[$key]);
488489
}
489490
break;
490491
case 'TEXT':
491492
if(!is_array($record[$key])) {
492-
$new_record[$key] = mysql_real_escape_string($record[$key]);
493+
$new_record[$key] = $app->db->quote($record[$key]);
493494
} else {
494495
$new_record[$key] = implode($field['separator'],$record[$key]);
495496
}
@@ -508,7 +509,7 @@ function encode($record,$tab) {
508509
//if($key == 'refresh') die($record[$key]);
509510
break;
510511
case 'DOUBLE':
511-
$new_record[$key] = mysql_real_escape_string($record[$key]);
512+
$new_record[$key] = $app->db->quote($record[$key]);
512513
break;
513514
case 'CURRENCY':
514515
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -699,14 +700,14 @@ function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_whe
699700
$salt.="$";
700701
// $salt = substr(md5(time()),0,2);
701702
$record[$key] = crypt($record[$key],$salt);
702-
$sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', ";
703+
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
703704
} elseif ($field['encryption'] == 'MYSQL') {
704-
$sql_insert_val .= "PASSWORD('".mysql_real_escape_string($record[$key])."'), ";
705+
$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
705706
} elseif ($field['encryption'] == 'CLEARTEXT') {
706-
$sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', ";
707+
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
707708
} else {
708709
$record[$key] = md5($record[$key]);
709-
$sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', ";
710+
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
710711
}
711712

712713
} elseif ($field['formtype'] == 'CHECKBOX') {
@@ -732,14 +733,14 @@ function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_whe
732733
$salt.="$";
733734
// $salt = substr(md5(time()),0,2);
734735
$record[$key] = crypt($record[$key],$salt);
735-
$sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', ";
736+
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
736737
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
737-
$sql_update .= "`$key` = PASSWORD('".mysql_real_escape_string($record[$key])."'), ";
738+
$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
738739
} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
739-
$sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', ";
740+
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
740741
} else {
741742
$record[$key] = md5($record[$key]);
742-
$sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', ";
743+
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
743744
}
744745

745746
} elseif ($field['formtype'] == 'CHECKBOX') {

0 commit comments

Comments
 (0)