Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

#1882 escaping added

Browse source
This commit is contained in:
tomash 2006-10-20 16:30:18 +00:00
parent 01bc3e4905
commit 39ee84d0f3
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
campcaster/src/modules/storageServer/var/TransportRecord.php
View file

@ -65,12 +65,13 @@ class TransportRecord
$names .= ", $k"; $names .= ", $k";
$values .= ", $sqlVal"; $values .= ", $sqlVal";
} }
$res = $r = $trec->dbc->query(" $query = "
INSERT INTO {$trec->transTable} INSERT INTO {$trec->transTable}
($names) ($names)
VALUES VALUES
($values) ($values)
"); ";
$res = $r = $trec->dbc->query($query);
if (PEAR::isError($r)) { if (PEAR::isError($r)) {
return $r; return $r;
} }
@ -316,6 +317,7 @@ class TransportRecord
return "x'$fldVal'::bigint"; return "x'$fldVal'::bigint";
break; break;
default: default:
$fldVal = pg_escape_string($fldVal);
return "'$fldVal'"; return "'$fldVal'";
break; break;
} }