Changeset 11667

Show
Ignore:
Timestamp:
03/03/11 21:53:27 (2 years ago)
Author:
p_lindheimer
Message:

remove mysql_escape_string() re #4001

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.9/misdn/functions.inc.php

    r11139 r11667  
    101101 
    102102function misdn_general_get($key) { 
    103     $val = sql("SELECT `data` FROM `misdn` WHERE `keyword`='".mysql_escape_string($key)."' AND `id`='XXXXXX'", "getOne"); 
     103    $val = sql("SELECT `data` FROM `misdn` WHERE `keyword`='"._misdn_escape_string($key)."' AND `id`='XXXXXX'", "getOne"); 
    104104    return $val; 
    105105} 
    106106 
    107107function misdn_general_set($key, $val) { 
    108     sql("UPDATE `misdn` SET `data`='".mysql_escape_string($val)."' WHERE `keyword`='".mysql_escape_string($key)."' AND `id`='XXXXXX'"); 
     108    sql("UPDATE `misdn` SET `data`='"._misdn_escape_string($val)."' WHERE `keyword`='"._misdn_escape_string($key)."' AND `id`='XXXXXX'"); 
    109109} 
    110110 
     
    124124    global $misdn_fields; 
    125125 
    126     $ar = sql("SELECT name, type, $misdn_fields FROM `misdn_groups` WHERE `name` = '".mysql_escape_string($name)."'", "getAll", DB_FETCHMODE_ASSOC); 
     126    $ar = sql("SELECT name, type, $misdn_fields FROM `misdn_groups` WHERE `name` = '"._misdn_escape_string($name)."'", "getAll", DB_FETCHMODE_ASSOC); 
    127127 
    128128    return array_shift($ar); 
     
    133133    global $misdn_fields; 
    134134 
    135     $ar = sql("SELECT `port` FROM `misdn_ports` WHERE `group` <> '".mysql_escape_string($name)."' ORDER BY `port` ASC", "getAll", DB_FETCHMODE_ASSOC); 
     135    $ar = sql("SELECT `port` FROM `misdn_ports` WHERE `group` <> '"._misdn_escape_string($name)."' ORDER BY `port` ASC", "getAll", DB_FETCHMODE_ASSOC); 
    136136 
    137137    $ret = array(); 
     
    146146    global $misdn_fields; 
    147147 
    148     $ar = sql("SELECT `port` FROM `misdn_ports` WHERE `group` = '".mysql_escape_string($name)."' ORDER BY `port` ASC", "getAll", DB_FETCHMODE_ASSOC); 
     148    $ar = sql("SELECT `port` FROM `misdn_ports` WHERE `group` = '"._misdn_escape_string($name)."' ORDER BY `port` ASC", "getAll", DB_FETCHMODE_ASSOC); 
    149149 
    150150    $ret = array(); 
     
    159159    global $misdn_fields; 
    160160 
    161     $ar = sql("SELECT `port` FROM `misdn_ports` WHERE `group` = '".mysql_escape_string($name)."'", "getAll", DB_FETCHMODE_ASSOC); 
     161    $ar = sql("SELECT `port` FROM `misdn_ports` WHERE `group` = '"._misdn_escape_string($name)."'", "getAll", DB_FETCHMODE_ASSOC); 
    162162 
    163163    $ret = array(); 
     
    166166 
    167167    return $ret; 
     168} 
     169 
     170function _misdn_escape_string($var) { 
     171  global $db; 
     172  return $db->escapeSimple($var); 
    168173} 
    169174 
     
    356361    return $v; 
    357362  default: 
    358     return "'".mysql_escape_string($v)."'"; 
     363    return "'"._misdn_escape_string($v)."'"; 
    359364  } 
    360365} 
     
    366371 
    367372  if ($_GET['del'] && $gdisplay) { 
    368     $name = mysql_escape_string($_GET['gdisplay']); 
     373    $name = _misdn_escape_string($_GET['gdisplay']); 
    369374    sql("DELETE FROM `misdn_ports` WHERE `group`='$name'"); 
    370375    sql("DELETE FROM `misdn_groups` WHERE `name`='$name'"); 
     
    379384 
    380385  if ($_POST['editgroup']) { 
    381     $keyvals = array("`name`='".mysql_escape_string($_POST['name'])."'"); 
     386    $keyvals = array("`name`='"._misdn_escape_string($_POST['name'])."'"); 
    382387    foreach($misdn_confkeys as $confkey) { 
    383388      $keyvals[] = '`'.$confkey['name'].'`='.misdn_format_sql($confkey, $_POST[$confkey['name']]); 
    384389    } 
    385390 
    386     $sql = "UPDATE `misdn_groups` SET ".implode(',', $keyvals)." WHERE `name`='".mysql_escape_string($_POST['editgroup'])."'"; 
    387     sql("DELETE FROM `misdn_ports` WHERE `group`='".mysql_escape_string($_POST['editgroup'])."'"); 
     391    $sql = "UPDATE `misdn_groups` SET ".implode(',', $keyvals)." WHERE `name`='"._misdn_escape_string($_POST['editgroup'])."'"; 
     392    sql("DELETE FROM `misdn_ports` WHERE `group`='"._misdn_escape_string($_POST['editgroup'])."'"); 
    388393  } 
    389394  else { 
     
    398403    settype($type, 'int'); 
    399404 
    400     $sql = 'INSERT INTO `misdn_groups` (`name`,`type`,'.implode(',', $keys).") VALUES ('".mysql_escape_string($_POST['name'])."',$type,".implode(',', $vals).')'; 
     405    $sql = 'INSERT INTO `misdn_groups` (`name`,`type`,'.implode(',', $keys).") VALUES ('"._misdn_escape_string($_POST['name'])."',$type,".implode(',', $vals).')'; 
    401406  } 
    402407 
     
    409414 
    410415      if ($_POST["port$i"]) 
    411   sql("INSERT INTO `misdn_ports` (`port`, `group`) VALUES ($i, '".mysql_escape_string($_POST['name'])."')"); 
     416  sql("INSERT INTO `misdn_ports` (`port`, `group`) VALUES ($i, '"._misdn_escape_string($_POST['name'])."')"); 
    412417    } 
    413418  } 

  • modules/branches/2.9/misdn/install.php

    r11139 r11667  
    6060    foreach(array_keys($groups) as $g) { 
    6161      if (count($g)) { 
    62       sql('INSERT INTO `misdn_groups` (`name`,`type`,'.implode(',', $keys).") VALUES ('".mysql_escape_string($ptypes[$g]['name'])."',".$ptypes[$g]['type'].",".implode(',', $vals).')'); 
     62      sql('INSERT INTO `misdn_groups` (`name`,`type`,'.implode(',', $keys).") VALUES ('"._misdn_escape_string($ptypes[$g]['name'])."',".$ptypes[$g]['type'].",".implode(',', $vals).')'); 
    6363      foreach($groups[$g] as $p) { 
    64         sql("INSERT INTO `misdn_ports` (`port`, `group`) VALUES ($p, '".mysql_escape_string($ptypes[$g]['name'])."')"); 
     64        sql("INSERT INTO `misdn_ports` (`port`, `group`) VALUES ($p, '"._misdn_escape_string($ptypes[$g]['name'])."')"); 
    6565      } 
    6666    }