diff --git a/interface/lib/classes/form.inc.php b/interface/lib/classes/form.inc.php index 99f6cfb6249759f5e897ffcb26c110ad0fdf766c..2b2504ab038a31edefcebcf8dfc3f9590703a533 100644 --- a/interface/lib/classes/form.inc.php +++ b/interface/lib/classes/form.inc.php @@ -286,7 +286,7 @@ class form { * @return record */ function encode($record) { - + global $app; $this->errorMessage = ''; if(is_array($record)) { @@ -294,7 +294,7 @@ class form { switch ($this->tableDef[$key]['datatype']) { case 'VARCHAR': if(!is_array($val)) { - $new_record[$key] = mysql_real_escape_string($val); + $new_record[$key] = $app->db->quote($val); } else { $new_record[$key] = implode($this->tableDef[$key]['separator'],$val); } @@ -309,7 +309,7 @@ class form { $new_record[$key] = intval($val); break; case 'DOUBLE': - $new_record[$key] = mysql_real_escape_string($val); + $new_record[$key] = $app->db->quote($val); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$val); @@ -472,4 +472,4 @@ class form { } -?> \ No newline at end of file +?> diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php index d4b1390c8304181863f5313c18ad4eea73799c88..4f03c68cbb3823185f5f5d44f8c88b603b590660 100644 --- a/interface/lib/classes/listform.inc.php +++ b/interface/lib/classes/listform.inc.php @@ -347,6 +347,7 @@ class listform { public function encode($record) { + global $app; if(is_array($record)) { foreach($this->listDef['item'] as $field){ $key = $field['field']; @@ -355,7 +356,7 @@ class listform { case 'VARCHAR': case 'TEXT': if(!is_array($record[$key])) { - $record[$key] = mysql_real_escape_string($record[$key]); + $record[$key] = $app->db->quote($record[$key]); } else { $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); } @@ -384,7 +385,7 @@ class listform { break; case 'DOUBLE': - $record[$key] = mysql_real_escape_string($record[$key]); + $record[$key] = $app->db->quote($record[$key]); break; case 'CURRENCY': @@ -422,4 +423,4 @@ class listform { } -?> \ No newline at end of file +?> diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php index 8f001cdb26e6f3a32345ed9a5ec9518d6194f4de..a9dd870161b0d5b88cf05275b2b2027d54a68531 100644 --- a/interface/lib/classes/remoting_lib.inc.php +++ b/interface/lib/classes/remoting_lib.inc.php @@ -294,7 +294,7 @@ class remoting_lib { * @return record */ function encode($record) { - + global $app; if(is_array($record)) { foreach($this->formDef['fields'] as $key => $field) { @@ -303,14 +303,14 @@ class remoting_lib { switch ($field['datatype']) { case 'VARCHAR': if(!@is_array($record[$key])) { - $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):''; + $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):''; } else { $new_record[$key] = implode($field['separator'],$record[$key]); } break; case 'TEXT': if(!is_array($record[$key])) { - $new_record[$key] = mysql_real_escape_string($record[$key]); + $new_record[$key] = $app->db->quote($record[$key]); } else { $new_record[$key] = implode($field['separator'],$record[$key]); } @@ -347,7 +347,7 @@ class remoting_lib { //if($key == 'refresh') die($record[$key]); break; case 'DOUBLE': - $new_record[$key] = mysql_real_escape_string($record[$key]); + $new_record[$key] = $app->db->quote($record[$key]); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$record[$key]); diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php index 9c0c0dd35913fe2ad876be918bcea8085a2b633e..035b7444d4bda9edf3513d30e3bb07d906be0fa1 100644 --- a/interface/lib/classes/searchform.inc.php +++ b/interface/lib/classes/searchform.inc.php @@ -244,7 +244,7 @@ class searchform { $list_name = $this->listDef['name']; $settings = $_SESSION['search'][$list_name]; unset($settings['page']); - $data = mysql_real_escape_string(serialize($settings)); + $data = $app->db->quote(serialize($settings)); $userid = $_SESSION['s']['user']['userid']; $groupid = $_SESSION['s']['user']['default_group']; @@ -301,6 +301,7 @@ class searchform { public function encode($record) { + global $app; if(is_array($record)) { foreach($this->listDef['item'] as $field) { $key = $field['field']; @@ -309,7 +310,7 @@ class searchform { case 'VARCHAR': case 'TEXT': if(!is_array($record[$key])) { - $record[$key] = mysql_real_escape_string($record[$key]); + $record[$key] = $app->db->quote($record[$key]); } else { $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); } @@ -327,7 +328,7 @@ class searchform { break; case 'DOUBLE': - $record[$key] = mysql_real_escape_string($record[$key]); + $record[$key] = $app->db->quote($record[$key]); break; case 'CURRENCY': @@ -340,4 +341,4 @@ class searchform { } } -?> \ No newline at end of file +?>