nveid
2011-12-07 29c974a320078c3169cade013235b6ad1a26302e
Updated some escape string methods outside of db_mysql_inc.php to
use the standardize app->db->quote method already established.

Refs: 1722
4 files modified
32 ■■■■ changed files
interface/lib/classes/form.inc.php 8 ●●●● patch | view | raw | blame | history
interface/lib/classes/listform.inc.php 7 ●●●●● patch | view | raw | blame | history
interface/lib/classes/remoting_lib.inc.php 8 ●●●● patch | view | raw | blame | history
interface/lib/classes/searchform.inc.php 9 ●●●●● patch | view | raw | blame | history
interface/lib/classes/form.inc.php
@@ -286,7 +286,7 @@
    * @return record
    */
    function encode($record) {
        global $app;
        $this->errorMessage = '';
        
        if(is_array($record)) {
@@ -294,7 +294,7 @@
                switch ($this->tableDef[$key]['datatype']) {
                case 'VARCHAR':
                    if(!is_array($val)) {
                        $new_record[$key] = mysql_real_escape_string($val);
                        $new_record[$key] = $app->db->quote($val);
                    } else {
                        $new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
                    }
@@ -309,7 +309,7 @@
                    $new_record[$key] = intval($val);
                break;
                case 'DOUBLE':
                    $new_record[$key] = mysql_real_escape_string($val);
                    $new_record[$key] = $app->db->quote($val);
                break;
                case 'CURRENCY':
                    $new_record[$key] = str_replace(",",".",$val);
@@ -472,4 +472,4 @@
    
}
?>
?>
interface/lib/classes/listform.inc.php
@@ -347,6 +347,7 @@
    public function encode($record)
    {
    global $app;
        if(is_array($record)) {
            foreach($this->listDef['item'] as $field){
                $key = $field['field'];
@@ -355,7 +356,7 @@
                    case 'VARCHAR':
                    case 'TEXT':
                        if(!is_array($record[$key])) {
                            $record[$key] = mysql_real_escape_string($record[$key]);
                            $record[$key] = $app->db->quote($record[$key]);
                        } else {
                            $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
                        }
@@ -384,7 +385,7 @@
                        break;
                    case 'DOUBLE':
                        $record[$key] = mysql_real_escape_string($record[$key]);
                        $record[$key] = $app->db->quote($record[$key]);
                        break;
                    case 'CURRENCY':
@@ -422,4 +423,4 @@
}
?>
?>
interface/lib/classes/remoting_lib.inc.php
@@ -294,7 +294,7 @@
        * @return record
        */
        function encode($record) {
        global $app;
                if(is_array($record)) {
                        foreach($this->formDef['fields'] as $key => $field) {
@@ -303,14 +303,14 @@
                                switch ($field['datatype']) {
                                case 'VARCHAR':
                                        if(!@is_array($record[$key])) {
                                                $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
                                                $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
                                break;
                                case 'TEXT':
                                        if(!is_array($record[$key])) {
                                                $new_record[$key] = mysql_real_escape_string($record[$key]);
                                                $new_record[$key] = $app->db->quote($record[$key]);
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
@@ -347,7 +347,7 @@
                                        //if($key == 'refresh') die($record[$key]);
                                break;
                                case 'DOUBLE':
                                        $new_record[$key] = mysql_real_escape_string($record[$key]);
                                        $new_record[$key] = $app->db->quote($record[$key]);
                                break;
                                case 'CURRENCY':
                                        $new_record[$key] = str_replace(",",".",$record[$key]);
interface/lib/classes/searchform.inc.php
@@ -244,7 +244,7 @@
        $list_name = $this->listDef['name'];
        $settings = $_SESSION['search'][$list_name];
        unset($settings['page']);
        $data = mysql_real_escape_string(serialize($settings));
        $data = $app->db->quote(serialize($settings));
        
        $userid = $_SESSION['s']['user']['userid'];
        $groupid = $_SESSION['s']['user']['default_group'];
@@ -301,6 +301,7 @@
    public function encode($record)
    {
    global $app;
        if(is_array($record)) {
            foreach($this->listDef['item'] as $field) {
                $key = $field['field'];
@@ -309,7 +310,7 @@
                    case 'VARCHAR':
                    case 'TEXT':
                        if(!is_array($record[$key])) {
                            $record[$key] = mysql_real_escape_string($record[$key]);
                            $record[$key] = $app->db->quote($record[$key]);
                        } else {
                            $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
                        }
@@ -327,7 +328,7 @@
                        break;
                    case 'DOUBLE':
                        $record[$key] = mysql_real_escape_string($record[$key]);
                        $record[$key] = $app->db->quote($record[$key]);
                        break;
                    case 'CURRENCY':
@@ -340,4 +341,4 @@
    }
}
?>
?>