Skip to content
Snippets Groups Projects
Commit 0935854d authored by tbrehm's avatar tbrehm
Browse files

Fixed a bug in tform.inc.php

parent c46870f6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
interface/lib/classes/tform.inc.php
+ 13
12
View file @ 0935854d
...@@ -470,7 +470,8 @@ class tform { ...@@ -470,7 +470,8 @@ class tform {
* @return record * @return record
*/ */
function encode($record,$tab) { function encode($record,$tab) {
global $app;
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab).");
//$this->errorMessage = ''; //$this->errorMessage = '';
...@@ -482,14 +483,14 @@ class tform { ...@@ -482,14 +483,14 @@ class tform {
switch ($field['datatype']) { switch ($field['datatype']) {
case 'VARCHAR': case 'VARCHAR':
if(!@is_array($record[$key])) { if(!@is_array($record[$key])) {
$new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):''; $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
} else { } else {
$new_record[$key] = implode($field['separator'],$record[$key]); $new_record[$key] = implode($field['separator'],$record[$key]);
} }
break; break;
case 'TEXT': case 'TEXT':
if(!is_array($record[$key])) { if(!is_array($record[$key])) {
$new_record[$key] = mysql_real_escape_string($record[$key]); $new_record[$key] = $app->db->quote($record[$key]);
} else { } else {
$new_record[$key] = implode($field['separator'],$record[$key]); $new_record[$key] = implode($field['separator'],$record[$key]);
} }
...@@ -508,7 +509,7 @@ class tform { ...@@ -508,7 +509,7 @@ class tform {
//if($key == 'refresh') die($record[$key]); //if($key == 'refresh') die($record[$key]);
break; break;
case 'DOUBLE': case 'DOUBLE':
$new_record[$key] = mysql_real_escape_string($record[$key]); $new_record[$key] = $app->db->quote($record[$key]);
break; break;
case 'CURRENCY': case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]); $new_record[$key] = str_replace(",",".",$record[$key]);
...@@ -699,14 +700,14 @@ class tform { ...@@ -699,14 +700,14 @@ class tform {
$salt.="$"; $salt.="$";
// $salt = substr(md5(time()),0,2); // $salt = substr(md5(time()),0,2);
$record[$key] = crypt($record[$key],$salt); $record[$key] = crypt($record[$key],$salt);
$sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') { } elseif ($field['encryption'] == 'MYSQL') {
$sql_insert_val .= "PASSWORD('".mysql_real_escape_string($record[$key])."'), "; $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
} elseif ($field['encryption'] == 'CLEARTEXT') { } elseif ($field['encryption'] == 'CLEARTEXT') {
$sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else { } else {
$record[$key] = md5($record[$key]); $record[$key] = md5($record[$key]);
$sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} }
} elseif ($field['formtype'] == 'CHECKBOX') { } elseif ($field['formtype'] == 'CHECKBOX') {
...@@ -732,14 +733,14 @@ class tform { ...@@ -732,14 +733,14 @@ class tform {
$salt.="$"; $salt.="$";
// $salt = substr(md5(time()),0,2); // $salt = substr(md5(time()),0,2);
$record[$key] = crypt($record[$key],$salt); $record[$key] = crypt($record[$key],$salt);
$sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$sql_update .= "`$key` = PASSWORD('".mysql_real_escape_string($record[$key])."'), "; $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
$sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else { } else {
$record[$key] = md5($record[$key]); $record[$key] = md5($record[$key]);
$sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} }
} elseif ($field['formtype'] == 'CHECKBOX') { } elseif ($field['formtype'] == 'CHECKBOX') {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment