projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Result return added in add_user/update_user/update_user_password.
[fa-stable.git]
/
includes
/
db
/
comments_db.inc
diff --git
a/includes/db/comments_db.inc
b/includes/db/comments_db.inc
index d431e97d108a2d3f72ff322e65327097749338eb..4e61dd4966ef3ec3cac7781ff63a295328a683fc 100644
(file)
--- a/
includes/db/comments_db.inc
+++ b/
includes/db/comments_db.inc
@@
-13,7
+13,8
@@
function get_comments($type, $type_no)
{
function get_comments($type, $type_no)
{
- $sql = "SELECT * FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
+ $sql = "SELECT * FROM ".TB_PREF."comments WHERE type="
+ .db_escape($type)." AND id=".db_escape($type_no);
return db_query($sql, "could not query comments transaction table");
}
return db_query($sql, "could not query comments transaction table");
}
@@
-26,7
+27,8
@@
function add_comments($type, $type_no, $date_, $memo_)
{
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
{
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
- VALUES ($type, $type_no, '$date', ".db_escape($memo_).")";
+ VALUES (".db_escape($type).", ".db_escape($type_no)
+ .", '$date', ".db_escape($memo_).")";
db_query($sql, "could not add comments transaction entry");
}
db_query($sql, "could not add comments transaction entry");
}
@@
-44,7
+46,9
@@
function update_comments($type, $id, $date_, $memo_)
else
{
$date = date2sql($date_);
else
{
$date = date2sql($date_);
- $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
+ $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)
+ ." WHERE type=".db_escape($type)." AND id=".db_escape($id)
+ ." AND date_='$date'";
db_query($sql, "could not update comments");
}
}
db_query($sql, "could not update comments");
}
}
@@
-53,7
+57,8
@@
function update_comments($type, $id, $date_, $memo_)
function delete_comments($type, $type_no)
{
function delete_comments($type, $type_no)
{
- $sql = "DELETE FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
+ $sql = "DELETE FROM ".TB_PREF."comments WHERE type=".db_escape($type)
+ ." AND id=".db_escape($type_no);
db_query($sql, "could not delete from comments transaction table");
}
db_query($sql, "could not delete from comments transaction table");
}