Skip to content

Commit 29c974a

Browse files
author
nveid
committed
Updated some escape string methods outside of db_mysql_inc.php to
use the standardize app->db->quote method already established. Refs: 1722
1 parent f5b0ca2 commit 29c974a

File tree

4 files changed

+17
-15
lines changed

4 files changed

+17
-15
lines changed

interface/lib/classes/form.inc.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -286,15 +286,15 @@ function getHTML($record,$action = 'NEW') {
286286
* @return record
287287
*/
288288
function encode($record) {
289-
289+
global $app;
290290
$this->errorMessage = '';
291291

292292
if(is_array($record)) {
293293
foreach($record as $key => $val) {
294294
switch ($this->tableDef[$key]['datatype']) {
295295
case 'VARCHAR':
296296
if(!is_array($val)) {
297-
$new_record[$key] = mysql_real_escape_string($val);
297+
$new_record[$key] = $app->db->quote($val);
298298
} else {
299299
$new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
300300
}
@@ -309,7 +309,7 @@ function encode($record) {
309309
$new_record[$key] = intval($val);
310310
break;
311311
case 'DOUBLE':
312-
$new_record[$key] = mysql_real_escape_string($val);
312+
$new_record[$key] = $app->db->quote($val);
313313
break;
314314
case 'CURRENCY':
315315
$new_record[$key] = str_replace(",",".",$val);
@@ -472,4 +472,4 @@ function showForm() {
472472

473473
}
474474

475-
?>
475+
?>

interface/lib/classes/listform.inc.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -347,6 +347,7 @@ public function decode($record)
347347

348348
public function encode($record)
349349
{
350+
global $app;
350351
if(is_array($record)) {
351352
foreach($this->listDef['item'] as $field){
352353
$key = $field['field'];
@@ -355,7 +356,7 @@ public function encode($record)
355356
case 'VARCHAR':
356357
case 'TEXT':
357358
if(!is_array($record[$key])) {
358-
$record[$key] = mysql_real_escape_string($record[$key]);
359+
$record[$key] = $app->db->quote($record[$key]);
359360
} else {
360361
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
361362
}
@@ -384,7 +385,7 @@ public function encode($record)
384385
break;
385386

386387
case 'DOUBLE':
387-
$record[$key] = mysql_real_escape_string($record[$key]);
388+
$record[$key] = $app->db->quote($record[$key]);
388389
break;
389390

390391
case 'CURRENCY':
@@ -422,4 +423,4 @@ function escapeArrayValues($search_values) {
422423

423424
}
424425

425-
?>
426+
?>

interface/lib/classes/remoting_lib.inc.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -294,7 +294,7 @@ function getDatasourceData($field, $record) {
294294
* @return record
295295
*/
296296
function encode($record) {
297-
297+
global $app;
298298
if(is_array($record)) {
299299
foreach($this->formDef['fields'] as $key => $field) {
300300

@@ -303,14 +303,14 @@ function encode($record) {
303303
switch ($field['datatype']) {
304304
case 'VARCHAR':
305305
if(!@is_array($record[$key])) {
306-
$new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
306+
$new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
307307
} else {
308308
$new_record[$key] = implode($field['separator'],$record[$key]);
309309
}
310310
break;
311311
case 'TEXT':
312312
if(!is_array($record[$key])) {
313-
$new_record[$key] = mysql_real_escape_string($record[$key]);
313+
$new_record[$key] = $app->db->quote($record[$key]);
314314
} else {
315315
$new_record[$key] = implode($field['separator'],$record[$key]);
316316
}
@@ -347,7 +347,7 @@ function encode($record) {
347347
//if($key == 'refresh') die($record[$key]);
348348
break;
349349
case 'DOUBLE':
350-
$new_record[$key] = mysql_real_escape_string($record[$key]);
350+
$new_record[$key] = $app->db->quote($record[$key]);
351351
break;
352352
case 'CURRENCY':
353353
$new_record[$key] = str_replace(",",".",$record[$key]);

interface/lib/classes/searchform.inc.php

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ public function saveSearchSettings($searchresult_name)
244244
$list_name = $this->listDef['name'];
245245
$settings = $_SESSION['search'][$list_name];
246246
unset($settings['page']);
247-
$data = mysql_real_escape_string(serialize($settings));
247+
$data = $app->db->quote(serialize($settings));
248248

249249
$userid = $_SESSION['s']['user']['userid'];
250250
$groupid = $_SESSION['s']['user']['default_group'];
@@ -301,6 +301,7 @@ public function decode($record)
301301

302302
public function encode($record)
303303
{
304+
global $app;
304305
if(is_array($record)) {
305306
foreach($this->listDef['item'] as $field) {
306307
$key = $field['field'];
@@ -309,7 +310,7 @@ public function encode($record)
309310
case 'VARCHAR':
310311
case 'TEXT':
311312
if(!is_array($record[$key])) {
312-
$record[$key] = mysql_real_escape_string($record[$key]);
313+
$record[$key] = $app->db->quote($record[$key]);
313314
} else {
314315
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
315316
}
@@ -327,7 +328,7 @@ public function encode($record)
327328
break;
328329

329330
case 'DOUBLE':
330-
$record[$key] = mysql_real_escape_string($record[$key]);
331+
$record[$key] = $app->db->quote($record[$key]);
331332
break;
332333

333334
case 'CURRENCY':
@@ -340,4 +341,4 @@ public function encode($record)
340341
}
341342
}
342343

343-
?>
344+
?>

0 commit comments

Comments
 (0)