From 4ab59312bd8b01ae94a7ca925eb299df66ea60d8 Mon Sep 17 00:00:00 2001
From: icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 5 Mar 2008 10:31:56 +0000
Subject: Changed mysql_real_escape_string to sanitise_string

git-svn-id: https://code.elgg.org/elgg/trunk@74 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/annotations.php | 20 ++++++++++----------
 engine/lib/sites.php       |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

(limited to 'engine')

diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index 703538273..1a559b872 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -108,9 +108,9 @@
 		global $CONFIG;
 		
 		$object_id = (int)$object_id;
-		$object_type = mysql_real_escape_string(trim($object_type));
-		$name = mysql_real_escape_string(trim($name));
-		$value = mysql_real_escape_string(trim($value));
+		$object_type = sanitise_string(trim($object_type));
+		$name = sanitise_string(trim($name));
+		$value = sanitise_string(trim($value));
 		$owner_id = (int)$owner_id;
 		$limit = (int)$limit;
 		$offset = (int)$offset;
@@ -159,10 +159,10 @@
 		global $CONFIG;
 
 		$object_id = (int)$object_id;
-		$object_type = mysql_real_escape_string(trim($object_type));
-		$name = mysql_real_escape_string(trim($name));
-		$value = mysql_real_escape_string(trim($value));
-		$value_type = mysql_real_escape_string(trim($value_type));
+		$object_type = sanitise_string(trim($object_type));
+		$name = sanitise_string(trim($name));
+		$value = sanitise_string(trim($value));
+		$value_type = sanitise_string(trim($value_type));
 		$owner_id = (int)$owner_id;
 		$access_id = (int)$access_id;
 		
@@ -184,9 +184,9 @@
 		global $CONFIG;
 
 		$annotation_id = (int)$annotation_id;
-		$name = mysql_real_escape_string(trim($name));
-		$value = mysql_real_escape_string(trim($value));
-		$value_type = mysql_real_escape_string(trim($value_type));
+		$name = sanitise_string(trim($name));
+		$value = sanitise_string(trim($value));
+		$value_type = sanitise_string(trim($value_type));
 		$owner_id = (int)$owner_id;
 		$access_id = (int)$access_id;
 		
diff --git a/engine/lib/sites.php b/engine/lib/sites.php
index 420616ca3..b5a06f45c 100644
--- a/engine/lib/sites.php
+++ b/engine/lib/sites.php
@@ -265,7 +265,7 @@
 	{
 		global $CONFIG;
 		
-		$url = mysql_real_escape_string(trim($url));	
+		$url = sanitise_string(trim($url));	
 		$access = get_access_list();
 		
 		return get_data_row("select o.* from {$CONFIG->dbprefix}sites where url='$url' and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))");			
-- 
cgit v1.2.3