$language, $profile, $rep_popup, $pos)
{
$sql = "INSERT INTO ".TB_PREF."users (user_id, real_name, password"
- .", phone, email, role_id, language, pos, print_profile, rep_popup)
+ .", phone, email, full_access, language, pos, print_profile, rep_popup)
VALUES (".db_escape($user_id).",
".db_escape($real_name).", ".db_escape($password) .",".db_escape($phone)
- .",".db_escape($email).", ".db_escape($role_id).", ".db_escape($language)
+ .",".db_escape($email).", ".db_escape($full_access).", ".db_escape($language)
.", ".db_escape($pos).",".db_escape($profile).",".db_escape($rep_popup)
." )";
$sql = "UPDATE ".TB_PREF."users SET real_name=".db_escape($real_name).
", phone=".db_escape($phone).",
email=".db_escape($email).",
- full_access=$full_access,
+ full_access=".db_escape($full_access).",
language=".db_escape($language).",
print_profile=".db_escape($profile).",
- rep_popup=$rep_popup,
- pos=$pos
+ rep_popup=".db_escape($rep_popup).",
+ pos=".db_escape($pos)."
WHERE user_id = ".db_escape($user_id);
db_query($sql, "could not update user for $user_id");
}
function get_user($user_id)
{
- $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id'";
+ $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = ".db_escape($user_id);
$result = db_query($sql, "could not get user for $user_id");
function delete_user($user_id)
{
- $sql="DELETE FROM ".TB_PREF."users WHERE user_id='$user_id'";
+ $sql="DELETE FROM ".TB_PREF."users WHERE user_id=".db_escape($user_id);
db_query($sql, "could not delete user $user_id");
}