}
function at_get_field_value($fieldvalue, $type = false) {
- if ( $fieldvalue === false ) {
+ global $addslashes;
+
+ if ( $fieldvalue === false ) {
$fieldvalue = 'NULL';
} else if ( is_int($fieldvalue) ) {
$fieldvalue = $fieldvalue.'';
} else if ( $type == 'radio' || $type == 'integer') {
if ( strlen($fieldvalue) < 1 ) $fieldvalue = '0';
} else {
- $fieldvalue = "'".mysql_real_escape_string($fieldvalue)."'";
+ $fieldvalue = "'".$addslashes($fieldvalue)."'";
}
return $fieldvalue;
}
require_once('forms.php');
// Filter all POST data //
-if($_POST['submit']){
- $_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
- $_POST['title'] = $addslashes($_POST['title']);
- $_POST['toolid'] = $addslashes($_POST['toolid']);
- $_POST['description'] = $addslashes($_POST['description']);
- $_POST['toolurl'] = $addslashes($_POST['toolurl']);
- $_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
- $_POST['password'] = $addslashes($_POST['password']);
- $_POST['preferheight'] = intval($_POST['preferheight']);
- $_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
- $_POST['launchinpopup'] = intval($_POST['launchinpopup']);
- $_POST['debuglaunch'] = intval($_POST['debuglaunch']);
- $_POST['sendname'] = intval($_POST['sendname']);
- $_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
- $_POST['acceptgrades'] = intval($_POST['acceptgrades']);
- $_POST['allowroster'] = intval($_POST['allowroster']);
- $_POST['allowsetting'] = intval($_POST['allowsetting']);
- $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
- // this param won't take $addslashes. Some other form of filter is needed here before V1.0 goes out.
- //$_POST['customparameters'] = $addslashes($_POST['customparameters']);
- $_POST['submit'] = $addslashes($_POST['submit']);
-
-}
$tool = intval($_REQUEST['id']);
if (isset($_POST['cancel'])) {