aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-03-05 10:31:56 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-03-05 10:31:56 +0000
commit4ab59312bd8b01ae94a7ca925eb299df66ea60d8 (patch)
tree1bf3e5dfbfce8d963c982c2c11156634256122e0
parent888dd84a0e92e184dd96d02d7677f4e699b1d287 (diff)
downloadelgg-4ab59312bd8b01ae94a7ca925eb299df66ea60d8.tar.gz
elgg-4ab59312bd8b01ae94a7ca925eb299df66ea60d8.tar.bz2
Changed mysql_real_escape_string to sanitise_string
git-svn-id: https://code.elgg.org/elgg/trunk@74 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/annotations.php20
-rw-r--r--engine/lib/sites.php2
2 files changed, 11 insertions, 11 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index 703538273..1a559b872 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -108,9 +108,9 @@
global $CONFIG;
$object_id = (int)$object_id;
- $object_type = mysql_real_escape_string(trim($object_type));
- $name = mysql_real_escape_string(trim($name));
- $value = mysql_real_escape_string(trim($value));
+ $object_type = sanitise_string(trim($object_type));
+ $name = sanitise_string(trim($name));
+ $value = sanitise_string(trim($value));
$owner_id = (int)$owner_id;
$limit = (int)$limit;
$offset = (int)$offset;
@@ -159,10 +159,10 @@
global $CONFIG;
$object_id = (int)$object_id;
- $object_type = mysql_real_escape_string(trim($object_type));
- $name = mysql_real_escape_string(trim($name));
- $value = mysql_real_escape_string(trim($value));
- $value_type = mysql_real_escape_string(trim($value_type));
+ $object_type = sanitise_string(trim($object_type));
+ $name = sanitise_string(trim($name));
+ $value = sanitise_string(trim($value));
+ $value_type = sanitise_string(trim($value_type));
$owner_id = (int)$owner_id;
$access_id = (int)$access_id;
@@ -184,9 +184,9 @@
global $CONFIG;
$annotation_id = (int)$annotation_id;
- $name = mysql_real_escape_string(trim($name));
- $value = mysql_real_escape_string(trim($value));
- $value_type = mysql_real_escape_string(trim($value_type));
+ $name = sanitise_string(trim($name));
+ $value = sanitise_string(trim($value));
+ $value_type = sanitise_string(trim($value_type));
$owner_id = (int)$owner_id;
$access_id = (int)$access_id;
diff --git a/engine/lib/sites.php b/engine/lib/sites.php
index 420616ca3..b5a06f45c 100644
--- a/engine/lib/sites.php
+++ b/engine/lib/sites.php
@@ -265,7 +265,7 @@
{
global $CONFIG;
- $url = mysql_real_escape_string(trim($url));
+ $url = sanitise_string(trim($url));
$access = get_access_list();
return get_data_row("select o.* from {$CONFIG->dbprefix}sites where url='$url' and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))");