projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Two smaller bugs [0000023],[0000026]
[fa-stable.git]
/
includes
/
db
/
comments_db.inc
diff --git
a/includes/db/comments_db.inc
b/includes/db/comments_db.inc
index 27e4405d1305184c5dc21df7a0d8a31b90e09f00..fd7af9c5e6991a6da98fd5be2c032628b07447ab 100644
(file)
--- a/
includes/db/comments_db.inc
+++ b/
includes/db/comments_db.inc
@@
-5,7
+5,7
@@
function get_comments($type, $type_no)
{
$sql = "SELECT * FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
function get_comments($type, $type_no)
{
$sql = "SELECT * FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
-
+
return db_query($sql, "could not query comments transaction table");
}
return db_query($sql, "could not query comments transaction table");
}
@@
-13,29
+13,29
@@
function get_comments($type, $type_no)
function add_comments($type, $type_no, $date_, $memo_)
{
function add_comments($type, $type_no, $date_, $memo_)
{
- if ($memo_ != null && $memo_ != "")
- {
+ if ($memo_ != null && $memo_ != "")
+ {
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
- VALUES ($type, $type_no, '$date',
'$memo_'
)";
-
+ VALUES ($type, $type_no, '$date',
".db_escape($memo_)."
)";
+
db_query($sql, "could not add comments transaction entry");
db_query($sql, "could not add comments transaction entry");
- }
+ }
}
//--------------------------------------------------------------------------------------------------
function update_comments($type, $id, $date_, $memo_)
{
}
//--------------------------------------------------------------------------------------------------
function update_comments($type, $id, $date_, $memo_)
{
- if ($date_ == null)
+ if ($date_ == null)
{
delete_comments($type, $id);
add_comments($type, $id, '', $memo_);
{
delete_comments($type, $id);
add_comments($type, $id, '', $memo_);
- }
- else
+ }
+ else
{
$date = date2sql($date_);
{
$date = date2sql($date_);
- $sql = "UPDATE ".TB_PREF."comments SET memo_=
'$memo_'
WHERE type=$type AND id=$id AND date_='$date'";
+ $sql = "UPDATE ".TB_PREF."comments SET memo_=
".db_escape($memo_)."
WHERE type=$type AND id=$id AND date_='$date'";
db_query($sql, "could not update comments");
}
}
db_query($sql, "could not update comments");
}
}
@@
-45,7
+45,7
@@
function update_comments($type, $id, $date_, $memo_)
function delete_comments($type, $type_no)
{
$sql = "DELETE FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
function delete_comments($type, $type_no)
{
$sql = "DELETE FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
-
+
db_query($sql, "could not delete from comments transaction table");
}
db_query($sql, "could not delete from comments transaction table");
}