Commit 29c974a3 authored by nveid's avatar nveid
Browse files

Updated some escape string methods outside of db_mysql_inc.php to

use the standardize app->db->quote method already established.

Refs: 1722
parent f5b0ca26
......@@ -286,7 +286,7 @@ class form {
* @return record
*/
function encode($record) {
global $app;
$this->errorMessage = '';
if(is_array($record)) {
......@@ -294,7 +294,7 @@ class form {
switch ($this->tableDef[$key]['datatype']) {
case 'VARCHAR':
if(!is_array($val)) {
$new_record[$key] = mysql_real_escape_string($val);
$new_record[$key] = $app->db->quote($val);
} else {
$new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
}
......@@ -309,7 +309,7 @@ class form {
$new_record[$key] = intval($val);
break;
case 'DOUBLE':
$new_record[$key] = mysql_real_escape_string($val);
$new_record[$key] = $app->db->quote($val);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$val);
......@@ -472,4 +472,4 @@ class form {
}
?>
\ No newline at end of file
?>
......@@ -347,6 +347,7 @@ class listform {
public function encode($record)
{
global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field){
$key = $field['field'];
......@@ -355,7 +356,7 @@ class listform {
case 'VARCHAR':
case 'TEXT':
if(!is_array($record[$key])) {
$record[$key] = mysql_real_escape_string($record[$key]);
$record[$key] = $app->db->quote($record[$key]);
} else {
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
}
......@@ -384,7 +385,7 @@ class listform {
break;
case 'DOUBLE':
$record[$key] = mysql_real_escape_string($record[$key]);
$record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
......@@ -422,4 +423,4 @@ class listform {
}
?>
\ No newline at end of file
?>
......@@ -294,7 +294,7 @@ class remoting_lib {
* @return record
*/
function encode($record) {
global $app;
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
......@@ -303,14 +303,14 @@ class remoting_lib {
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
$new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
$new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
$new_record[$key] = mysql_real_escape_string($record[$key]);
$new_record[$key] = $app->db->quote($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
......@@ -347,7 +347,7 @@ class remoting_lib {
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
$new_record[$key] = mysql_real_escape_string($record[$key]);
$new_record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
......
......@@ -244,7 +244,7 @@ class searchform {
$list_name = $this->listDef['name'];
$settings = $_SESSION['search'][$list_name];
unset($settings['page']);
$data = mysql_real_escape_string(serialize($settings));
$data = $app->db->quote(serialize($settings));
$userid = $_SESSION['s']['user']['userid'];
$groupid = $_SESSION['s']['user']['default_group'];
......@@ -301,6 +301,7 @@ class searchform {
public function encode($record)
{
global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field) {
$key = $field['field'];
......@@ -309,7 +310,7 @@ class searchform {
case 'VARCHAR':
case 'TEXT':
if(!is_array($record[$key])) {
$record[$key] = mysql_real_escape_string($record[$key]);
$record[$key] = $app->db->quote($record[$key]);
} else {
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
}
......@@ -327,7 +328,7 @@ class searchform {
break;
case 'DOUBLE':
$record[$key] = mysql_real_escape_string($record[$key]);
$record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
......@@ -340,4 +341,4 @@ class searchform {
}
}
?>
\ No newline at end of file
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment