Updated some escape string methods outside of db_mysql_inc.php to

use the standardize app->db->quote method already established. Refs: 1722

Updated some escape string methods outside of db_mysql_inc.php to
use the standardize app->db->quote method already established. Refs: 1722
29c974a3 · nveid · f5b0ca26 · 29c974a3 · 29c974a3 · 29c974a3
Commit 29c974a3 authored Dec 07, 2011 by nveid
--- a/interface/lib/classes/form.inc.php
+++ b/interface/lib/classes/form.inc.php
@@ -286,7 +286,7 @@ class form {
 	* @return record
 	*/
 	function encode($record) {
-		
+		global $app;
 		$this->errorMessage = '';
 		
 		if(is_array($record)) {
@@ -294,7 +294,7 @@ class form {
 				switch ($this->tableDef[$key]['datatype']) {
 				case 'VARCHAR':
 					if(!is_array($val)) {
-						$new_record[$key] = mysql_real_escape_string($val);
+						$new_record[$key] = $app->db->quote($val);
 					} else {
 						$new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
 					}
@@ -309,7 +309,7 @@ class form {
 					$new_record[$key] = intval($val);
 				break;
 				case 'DOUBLE':
-					$new_record[$key] = mysql_real_escape_string($val);
+					$new_record[$key] = $app->db->quote($val);
 				break;
 				case 'CURRENCY':
 					$new_record[$key] = str_replace(",",".",$val);
@@ -472,4 +472,4 @@ class form {
 	
 }

-?>
\ No newline at end of file
+?>
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -347,6 +347,7 @@ class listform {

    public function encode($record)
    {
+	global $app;
        if(is_array($record)) {
            foreach($this->listDef['item'] as $field){
                $key = $field['field'];
@@ -355,7 +356,7 @@ class listform {
                    case 'VARCHAR':
                    case 'TEXT':
                        if(!is_array($record[$key])) {
-                            $record[$key] = mysql_real_escape_string($record[$key]);
+                            $record[$key] = $app->db->quote($record[$key]);
                        } else {
                            $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
                        }
@@ -384,7 +385,7 @@ class listform {
                        break;

                    case 'DOUBLE':
-                        $record[$key] = mysql_real_escape_string($record[$key]);
+                        $record[$key] = $app->db->quote($record[$key]);
                        break;

                    case 'CURRENCY':
@@ -422,4 +423,4 @@ class listform {

 }

-?>
\ No newline at end of file
+?>
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -294,7 +294,7 @@ class remoting_lib {
        * @return record
        */
        function encode($record) {
-
+		global $app;
                if(is_array($record)) {
                        foreach($this->formDef['fields'] as $key => $field) {

@@ -303,14 +303,14 @@ class remoting_lib {
                                switch ($field['datatype']) {
                                case 'VARCHAR':
                                        if(!@is_array($record[$key])) {
-                                                $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
+                                                $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
                                break;
                                case 'TEXT':
                                        if(!is_array($record[$key])) {
-                                                $new_record[$key] = mysql_real_escape_string($record[$key]);
+                                                $new_record[$key] = $app->db->quote($record[$key]);
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
@@ -347,7 +347,7 @@ class remoting_lib {
                                        //if($key == 'refresh') die($record[$key]);
                                break;
                                case 'DOUBLE':
-                                        $new_record[$key] = mysql_real_escape_string($record[$key]);
+                                        $new_record[$key] = $app->db->quote($record[$key]);
                                break;
                                case 'CURRENCY':
                                        $new_record[$key] = str_replace(",",".",$record[$key]);

--- a/interface/lib/classes/searchform.inc.php
+++ b/interface/lib/classes/searchform.inc.php
@@ -244,7 +244,7 @@ class searchform {
 		$list_name = $this->listDef['name'];
 		$settings = $_SESSION['search'][$list_name];
 		unset($settings['page']);
-		$data = mysql_real_escape_string(serialize($settings));
+		$data = $app->db->quote(serialize($settings));
 		
 		$userid = $_SESSION['s']['user']['userid'];
 		$groupid = $_SESSION['s']['user']['default_group'];
@@ -301,6 +301,7 @@ class searchform {

    public function encode($record)
    {
+	global $app;
        if(is_array($record)) {
            foreach($this->listDef['item'] as $field) {
                $key = $field['field'];
@@ -309,7 +310,7 @@ class searchform {
                    case 'VARCHAR':
                    case 'TEXT':
                        if(!is_array($record[$key])) {
-                            $record[$key] = mysql_real_escape_string($record[$key]);
+                            $record[$key] = $app->db->quote($record[$key]);
                        } else {
                            $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
                        }
@@ -327,7 +328,7 @@ class searchform {
                        break;

                    case 'DOUBLE':
-                        $record[$key] = mysql_real_escape_string($record[$key]);
+                        $record[$key] = $app->db->quote($record[$key]);
                        break;

                    case 'CURRENCY':
@@ -340,4 +341,4 @@ class searchform {
    }
 }

-?>
\ No newline at end of file
+?>