$language, $profile, $rep_popup, $pos)
{
$sql = "INSERT INTO ".TB_PREF."users (user_id, real_name, password"
- .", phone, email, full_access, language, pos, print_profile, rep_popup)
+ .", phone, email, role_id, language, pos, print_profile, rep_popup)
VALUES (".db_escape($user_id).",
- ".db_escape($real_name).", ".db_escape($password) .",".db_escape($phone).",
- ".db_escape($email).", $full_access, ".db_escape($language).",
- $pos,".db_escape($profile).",$rep_popup)";
+ ".db_escape($real_name).", ".db_escape($password) .",".db_escape($phone)
+ .",".db_escape($email).", ".db_escape($role_id).", ".db_escape($language)
+ .", ".db_escape($pos).",".db_escape($profile).",".db_escape($rep_popup)
+ ." )";
db_query($sql, "could not add user for $user_id");
}
dec_sep=".db_escape($dec_sep).",
theme=".db_escape($theme).",
page_size=".db_escape($pagesize).",
- show_hints=$show_hints,
+ show_hints=".db_escape($show_hints).",
print_profile=".db_escape($profile).",
- rep_popup=$rep_popup,
- query_size=$query_size,
- graphic_links=$graphic_links,
+ rep_popup=".db_escape($rep_popup).",
+ query_size=".db_escape($query_size).",
+ graphic_links=".db_escape($graphic_links).",
language=".db_escape($lang)."
WHERE user_id = ".db_escape($user_id);
{
set_global_connection();
- $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id' AND password='$password'";
+ $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = ".db_escape($user_id)
+ ." AND password=".db_escape($password);
return db_query($sql, "could not get validate user login for $user_id");
}