- added method qstr() to inc.DBAccess.php and use it class Session

2025-03-12 00:45:34 +00:00 · 2011-11-29 07:17:29 +00:00 · 2011-11-29 07:17:29 +00:00 · c3c1694826
commit c3c1694826
parent f2e279f4c5
2 changed files with 12 additions and 1 deletions
--- a/LetoDMS_Core/Core/inc.DBAccess.php
+++ b/LetoDMS_Core/Core/inc.DBAccess.php
@ -120,6 +120,17 @@ class LetoDMS_Core_DatabaseAccess {
 		else return true;
 	} /* }}} */

+	/**
+	 * Sanitize String used in database operations
+	 *
+	 * @param string text
+	 * @return string sanitized string
+	 */
+	function qstr($text) { /* {{{ */
+		return $this->_conn->qstr($text);
+	} /* }}} */
+
+
 	/**
 	 * Execute SQL query and return result
 	 *
--- a/inc/inc.ClassSession.php
+++ b/inc/inc.ClassSession.php
@ -66,7 +66,7 @@ class LetoDMS_Session {
 	 * @return boolean true if successful otherwise false
 	 */
 	function load($id) { /* {{{ */
-		$queryStr = "SELECT * FROM tblSessions WHERE id = '".$id."'";
+		$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id)."";
 		$resArr = $this->db->getResultArray($queryStr);
 		if (is_bool($resArr) && $resArr == false)
 			return false;