From 39ee84d0f38a4dd5a9dcd33a841d43a223e25596 Mon Sep 17 00:00:00 2001
From: tomash <tomash@cfc7b370-4200-0410-a6e3-cb6bdb053afe>
Date: Fri, 20 Oct 2006 16:30:18 +0000
Subject: [PATCH] #1882 escaping added

---
 .../src/modules/storageServer/var/TransportRecord.php       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/campcaster/src/modules/storageServer/var/TransportRecord.php b/campcaster/src/modules/storageServer/var/TransportRecord.php
index 5190c92e5..980ddff3d 100644
--- a/campcaster/src/modules/storageServer/var/TransportRecord.php
+++ b/campcaster/src/modules/storageServer/var/TransportRecord.php
@@ -65,12 +65,13 @@ class TransportRecord
             $names .= ", $k";
             $values .= ", $sqlVal";
         }
-        $res = $r = $trec->dbc->query("
+        $query = "
             INSERT INTO {$trec->transTable}
                 ($names)
             VALUES
                 ($values)
-        ");
+        ";
+        $res = $r = $trec->dbc->query($query);
         if (PEAR::isError($r)) {
         	return $r;
         }
@@ -316,6 +317,7 @@ class TransportRecord
                 return "x'$fldVal'::bigint";
                 break;
             default:
+                $fldVal = pg_escape_string($fldVal);
                 return "'$fldVal'";
                 break;
         }