if ($fieldValue == '') return false;
$sql = "UPDATE ".TABLE_PREFIX."languages
- SET ".$fieldName."='".$addslashes($fieldValue)."'
- WHERE language_code = '".$langCode."'";
+ SET ".$addslashes($fieldName)."='".$addslashes($fieldValue)."'
+ WHERE language_code = '".$addslashes($langCode)."'";
return $this->execute($sql);
}
return array(_AT('TR_ERROR_EMPTY_FIELD'));
$sql = "UPDATE ".TABLE_PREFIX."myown_patches
- SET ".$fieldName."='".$addslashes($fieldValue)."'
+ SET ".$addslashes($fieldName)."='".$addslashes($fieldValue)."'
WHERE myown_patch_id = ".$myownPatchID;
return $this->execute($sql);
*/
function getByConsumer($consumer)
{
- $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_server_consumers WHERE consumer='".$consumer."'";
+ global $addslashes;
+ $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_server_consumers WHERE consumer='".$addslashes($consumer)."'";
return $this->execute($sql);
}
*/
function updateUserIDByToken($token, $user_id)
{
+ global $addslashes;
$sql = "UPDATE ".TABLE_PREFIX."oauth_server_tokens
SET user_id = ".$user_id."
- WHERE token = '".$token."'";
+ WHERE token = '".$addslashes($token)."'";
return $this->execute($sql);
}
*/
function getByTokenAndType($token, $token_type)
{
+ global $addslashes;
$sql = "SELECT * FROM ".TABLE_PREFIX."oauth_server_tokens
- WHERE token = '".$token."'
- AND token_type = '".$token_type."'";
+ WHERE token = '".$addslashes($token)."'
+ AND token_type = '".$addslashes($token_type)."'";
return $this->execute($sql);
}
}
$sql = "UPDATE ".TABLE_PREFIX."users
- SET ".$fieldName."='".$addslashes($fieldValue)."'
- WHERE user_id = ".$userID;
+ SET ".$addslashes($fieldName)."='".$addslashes($fieldValue)."'
+ WHERE user_id = ".intval($userID);
return $this->execute($sql);
}
}\r
\r
$coursesDAO = new CoursesDAO();\r
-$results = $coursesDAO->getSearchResult($keywords, '', $start, $maxResults);\r
+$results = $coursesDAO->getSearchResult($addslashes($keywords), '', $start, $maxResults);\r
\r
// get total number of search results regardless of $maxResults\r
-$all_results = $coursesDAO->getSearchResult($keywords);\r
+$all_results = $coursesDAO->getSearchResult($addslashes($keywords));\r
if (is_array($all_results)) $total_num = count($all_results);\r
else $total_num = 0;\r
\r