#1882 escaping added

2006-10-20 16:30:18 +00:00 · 2006-10-20 16:30:18 +00:00 · 39ee84d0f3
parent 01bc3e4905
commit 39ee84d0f3
1 changed files with 4 additions and 2 deletions
--- a/campcaster/src/modules/storageServer/var/TransportRecord.php
+++ b/campcaster/src/modules/storageServer/var/TransportRecord.php
@ -65,12 +65,13 @@ class TransportRecord
            $names .= ", $k";
            $values .= ", $sqlVal";
        }
-        $res = $r = $trec->dbc->query("
+        $query = "
            INSERT INTO {$trec->transTable}
                ($names)
            VALUES
                ($values)
-        ");
+        ";
+        $res = $r = $trec->dbc->query($query);
        if (PEAR::isError($r)) {
        	return $r;
        }
@ -316,6 +317,7 @@ class TransportRecord
                return "x'$fldVal'::bigint";
                break;
            default:
+                $fldVal = pg_escape_string($fldVal);
                return "'$fldVal'";
                break;
        }