mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-05-09 13:06:14 +00:00
- quote string propperly before using in sql statement
This commit is contained in:
steinm
parent
a802ad604e
commit
19d222b4df
|
|
@ -66,13 +66,13 @@ class LetoDMS_Session {
|
||||||
* @return boolean true if successful otherwise false
|
* @return boolean true if successful otherwise false
|
||||||
*/
|
*/
|
||||||
function load($id) { /* {{{ */
|
function load($id) { /* {{{ */
|
||||||
$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id)."";
|
$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id);
|
||||||
$resArr = $this->db->getResultArray($queryStr);
|
$resArr = $this->db->getResultArray($queryStr);
|
||||||
if (is_bool($resArr) && $resArr == false)
|
if (is_bool($resArr) && $resArr == false)
|
||||||
return false;
|
return false;
|
||||||
if (count($resArr) == 0)
|
if (count($resArr) == 0)
|
||||||
return false;
|
return false;
|
||||||
$queryStr = "UPDATE tblSessions SET lastAccess = " . mktime() . " WHERE id = '" . $id . "'";
|
$queryStr = "UPDATE tblSessions SET lastAccess = " . mktime() . " WHERE id = " . $this->db->qstr($id);
|
||||||
if (!$this->db->getResult($queryStr))
|
if (!$this->db->getResult($queryStr))
|
||||||
return false;
|
return false;
|
||||||
return $resArr[0];
|
return $resArr[0];
|
||||||
|
|
@ -119,7 +119,7 @@ class LetoDMS_Session {
|
||||||
* @return boolean true if successful otherwise false
|
* @return boolean true if successful otherwise false
|
||||||
*/
|
*/
|
||||||
function delete($id) { /* {{{ */
|
function delete($id) { /* {{{ */
|
||||||
$queryStr = "DELETE FROM tblSessions WHERE id = '$id'";
|
$queryStr = "DELETE FROM tblSessions WHERE id = " . $this->db->qstr($id);
|
||||||
if (!$this->db->getResult($queryStr)) {
|
if (!$this->db->getResult($queryStr)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user