lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: replace addslashes by $db->escape for postgresql compatibility

Browse Source
This commit is contained in:
Regis Houssin 2011-02-14 16:18:23 +00:00
parent 511ff9abbe
commit 6d3269bb69
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dev/skeletons/build_class_from_table.php
View File

@ -240,7 +240,7 @@ foreach($property as $key => $prop)
elseif ($prop['ischar'])
{
$varprop.='".(! isset($this->'.$prop['field'].')?\'NULL\':"\'".';
$varprop.="addslashes(\$this->".$prop['field'].")";
$varprop.="$this->db->escape(\$this->".$prop['field'].")";
$varprop.='."\'")."';
if ($i < sizeof($property)) $varprop.=",";
$varprop.='";';
@ -281,8 +281,8 @@ foreach($property as $key => $prop)
else
{
$varprop.="\".";
// $sql.= " field1=".(isset($this->field1)?"'".addslashes($this->field1)."'":"null").",";
if ($prop['ischar']) $varprop.='(isset($this->'.$prop['field'].')?"\'".addslashes($this->'.$prop['field'].')."\'":"null")';
// $sql.= " field1=".(isset($this->field1)?"'".$this->db->escape($this->field1)."'":"null").",";
if ($prop['ischar']) $varprop.='(isset($this->'.$prop['field'].')?"\'".$this->db->escape($this->'.$prop['field'].')."\'":"null")';
// $sql.= " field1=".(isset($this->field1)?$this->field1:"null").",";
else $varprop.='(isset($this->'.$prop['field'].')?$this->'.$prop['field'].':"null")';
$varprop.=".\"";
@ -293,8 +293,8 @@ foreach($property as $key => $prop)
$varprop.="\n";
}
}
$targetcontent=preg_replace('/\$sql.= " field1=".\(isset\(\$this->field1\)\?"\'".addslashes\(\$this->field1\)."\'":"null"\).",";/', $varprop, $targetcontent);
$targetcontent=preg_replace('/\$sql.= " field2=".\(isset\(\$this->field2\)\?"\'".addslashes\(\$this->field2\)."\'":"null"\)."";/', '', $targetcontent);
$targetcontent=preg_replace('/\$sql.= " field1=".\(isset\(\$this->field1\)\?"\'".$this->db->escape\(\$this->field1\)."\'":"null"\).",";/', $varprop, $targetcontent);
$targetcontent=preg_replace('/\$sql.= " field2=".\(isset\(\$this->field2\)\?"\'".$this->db->escape\(\$this->field2\)."\'":"null"\)."";/', '', $targetcontent);
// Substitute select parameters
$varprop="\n";

4
dev/skeletons/skeleton_class.class.php
View File

@ -198,8 +198,8 @@ class Skeleton_class // extends CommonObject
// Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."mytable SET";
$sql.= " field1=".(isset($this->field1)?"'".addslashes($this->field1)."'":"null").",";
$sql.= " field2=".(isset($this->field2)?"'".addslashes($this->field2)."'":"null")."";
$sql.= " field1=".(isset($this->field1)?"'".$this->db->escape($this->field1)."'":"null").",";
$sql.= " field2=".(isset($this->field2)?"'".$this->db->escape($this->field2)."'":"null")."";
//...
$sql.= " WHERE rowid=".$this->id;