Home Explore Help
Sign In
richard
/
sorbetcms
Watch 1
Star 0
Fork 1
Code Issues 0 Pull Requests 0 Commits 290 Releases 0 Wiki
Browse Source

Changed the stripslashes to sql_escape and added this function to mysql_connection.class.php

Victor De la Rocha 16 years ago
parent
1fa054c489
commit
5443919c6f
2 changed files with 17 additions and 24 deletions
Split View Show Diff Stats
  1. 1 13
      classes/functions.php
  2. 16 11
      classes/mysql_connection.class.php

+ 1 - 13
classes/functions.php View File 

@@ -349,19 +349,7 @@ if(!defined('entry') || !entry) die('Not a valid page');
349 349 
 		$dirs = array_unique($dirs);
350 350 
  		return $dirs;
351 351 
  	}
352 
-
353 
-	function sql_escape($value) {
354 
-	    if(get_magic_quotes_gpc()) {
355 
-	          $value = stripslashes($value);
356 
-	    }
357 
-	    if( function_exists("mysql_real_escape_string")) {
358 
-	          $value = mysql_real_escape_string($value);
359 
-	    } else {
360 
-	          $value = addslashes($value);
361 
-	    }
362 
-	    return $value;
363 
-	}
364 
-
352 
+
365 353 
 	function removeBadTags($source) {
366 354 
 		$validTags ='<p><ol><ul><li><a><abbr><acronym><blockquote><code><pre><em><i><strike><s><strong><b><br><span><div><img>';
367 355 
 		$source = strip_tags($source, $validTags);

+ 16 - 11
classes/mysql_connection.class.php View File 

@@ -115,13 +115,10 @@ class Conexion_Mysql {
115 115 
 		 }
116 116 
 		 elseif (substr_count(MYSQL_TYPES_DATE, "$tipo_col ")) {
117 117 
 			$valor = $this->formatearFecha($valor, $tipo_col); // formatea las fechas
118 
-
119 118 
 			$sqlValues .= "'$valor',";
120 119 
 		 }
121 120 
 		 elseif (substr_count(MYSQL_TYPES_STRING, "$tipo_col ")) {
122 
-			if ($this->auto_slashes) {
123 
-				$valor = addslashes($valor);
124 
-			}
121 
+			$valor = $this->sql_escape($valor);
125 122 
 			$sqlValues .= "'$valor',";
126 123 
 		 }
127 124 
 	  }

@@ -151,7 +148,7 @@ class Conexion_Mysql {
151 148 
 			$this->merror = "Debes de pasar un arreglo como parametro.";
152 149 
 			return false;
153 150 
 		}
154 
-
151 
+
155 152 
 		$sql = "UPDATE $tabla SET";
156 153 
 		foreach ($datos as $llave=>$valor) {
157 154 
 			$sql .= " $llave=";

@@ -171,9 +168,7 @@ class Conexion_Mysql {
171 168 
 			$sql .= "'$valor',";
172 169 
 			}
173 170 
 			elseif (substr_count(MYSQL_TYPES_STRING, "$tipo_col ")) {
174 
-			if ($this->auto_slashes) {
175 
-				$valor = addslashes($valor);
176 
-			}
171 
+			$valor = $this->sql_escape($valor);
177 172 
 			$sql .= "'$valor',";
178 173 
 			}
179 174 
 		}

@@ -228,8 +223,7 @@ class Conexion_Mysql {
228 223 
 	  return date('Y-m-d H:i:s', $valor);
229 224 
 	*/
230 225 
 	}
231 
-
232 
-
226 
+
233 227 
 	/**
234 228 
 	 * Obtiene el registro obtenido de una consulta.
235 229 
 	 */

@@ -284,6 +278,17 @@ class Conexion_Mysql {
284 278 
 	function cierraConexion() {
285 279 
 		mysql_free_result($this->mid_consulta);
286 280 
 	}
287 
-
281 
+
282 
+	function sql_escape($value) {
283 
+	    if(get_magic_quotes_gpc()) {
284 
+	          $value = stripslashes($value);
285 
+	    }
286 
+	    if( function_exists("mysql_real_escape_string")) {
287 
+	          $value = mysql_real_escape_string($value);
288 
+	    } else {
289 
+	          $value = addslashes($value);
290 
+	    }
291 
+	    return $value;
292 
+	}
288 293 
 } //fin de la Clase conexion_mysql
289 294 
 ?>