From 4ab59312bd8b01ae94a7ca925eb299df66ea60d8 Mon Sep 17 00:00:00 2001 From: icewing Date: Wed, 5 Mar 2008 10:31:56 +0000 Subject: Changed mysql_real_escape_string to sanitise_string git-svn-id: https://code.elgg.org/elgg/trunk@74 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/annotations.php | 20 ++++++++++---------- engine/lib/sites.php | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) (limited to 'engine') diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 703538273..1a559b872 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -108,9 +108,9 @@ global $CONFIG; $object_id = (int)$object_id; - $object_type = mysql_real_escape_string(trim($object_type)); - $name = mysql_real_escape_string(trim($name)); - $value = mysql_real_escape_string(trim($value)); + $object_type = sanitise_string(trim($object_type)); + $name = sanitise_string(trim($name)); + $value = sanitise_string(trim($value)); $owner_id = (int)$owner_id; $limit = (int)$limit; $offset = (int)$offset; @@ -159,10 +159,10 @@ global $CONFIG; $object_id = (int)$object_id; - $object_type = mysql_real_escape_string(trim($object_type)); - $name = mysql_real_escape_string(trim($name)); - $value = mysql_real_escape_string(trim($value)); - $value_type = mysql_real_escape_string(trim($value_type)); + $object_type = sanitise_string(trim($object_type)); + $name = sanitise_string(trim($name)); + $value = sanitise_string(trim($value)); + $value_type = sanitise_string(trim($value_type)); $owner_id = (int)$owner_id; $access_id = (int)$access_id; @@ -184,9 +184,9 @@ global $CONFIG; $annotation_id = (int)$annotation_id; - $name = mysql_real_escape_string(trim($name)); - $value = mysql_real_escape_string(trim($value)); - $value_type = mysql_real_escape_string(trim($value_type)); + $name = sanitise_string(trim($name)); + $value = sanitise_string(trim($value)); + $value_type = sanitise_string(trim($value_type)); $owner_id = (int)$owner_id; $access_id = (int)$access_id; diff --git a/engine/lib/sites.php b/engine/lib/sites.php index 420616ca3..b5a06f45c 100644 --- a/engine/lib/sites.php +++ b/engine/lib/sites.php @@ -265,7 +265,7 @@ { global $CONFIG; - $url = mysql_real_escape_string(trim($url)); + $url = sanitise_string(trim($url)); $access = get_access_list(); return get_data_row("select o.* from {$CONFIG->dbprefix}sites where url='$url' and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))"); -- cgit v1.2.3