gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- quote string propperly before using in sql statement

Browse Source
This commit is contained in:
steinm 2011-12-01 21:37:10 +00:00
parent a802ad604e
commit 19d222b4df
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inc/inc.ClassSession.php
View File

@ -66,13 +66,13 @@ class LetoDMS_Session {
* @return boolean true if successful otherwise false
*/
function load($id) { /* {{{ */
$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id)."";
$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id);
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
return false;
if (count($resArr) == 0)
return false;
$queryStr = "UPDATE tblSessions SET lastAccess = " . mktime() . " WHERE id = '" . $id . "'";
$queryStr = "UPDATE tblSessions SET lastAccess = " . mktime() . " WHERE id = " . $this->db->qstr($id);
if (!$this->db->getResult($queryStr))
return false;
return $resArr[0];
@ -119,7 +119,7 @@ class LetoDMS_Session {
* @return boolean true if successful otherwise false
*/
function delete($id) { /* {{{ */
$queryStr = "DELETE FROM tblSessions WHERE id = '$id'";
$queryStr = "DELETE FROM tblSessions WHERE id = " . $this->db->qstr($id);
if (!$this->db->getResult($queryStr)) {
return false;
}