static function getNodeIdByName($name, $external_link=false) {
global $db;
- $qh = sprintf('select node_id from nodes where node_name = "%s"', mysql_real_escape_string($name));
+ $qh = sprintf('select node_id from nodes where node_name = "%s"', db_escape_string($name));
if ($external_link)
- $qh .= sprintf(' and external_link="%s"', mysql_real_escape_string($external_link));
+ $qh .= sprintf(' and external_link="%s"', db_escape_string($external_link));
$set = $db->query($qh);
$set->next();
<?php
-require ("result.inc");
-class CLASS_DATABASE {
+require("result.inc");
-/*
-var $Database="";
-var $User="";
-var $Password="";
-var $Url="";
-*/
-
-var $Master = true;
-var $_linkId = false;
-var $_url = "";
-var $_user = "";
-var $_password = "";
-var $_database = "";
-var $_halt_on_error = true;
-
-/*
-function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
- $this->Database=$database;
- $this->Password=$password;
- $this->User=$user;
- $this->Url=$url;
-*/
-
-function CLASS_DATABASE() {
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
+function db_escape_string($str) {
+ global $db;
+ //This function should be used in whole project instead of *_escape_string() functions!
+ //return mysql_escape_string($str); //XXX TODO $db->quote($str), mysql_real_escape_string() or pg_escape_string() should be used here!
+ return preg_replace('(^.|.$)', '', $db->quote($str)); //XXX HACK
}
-function connect($url,$user,$password,$database, $halt_on_error = true) {
- global $error;
- $this->_halt_on_error = $halt_on_error;
- if ($this->_linkId == false) {
- $this->_linkId=mysql_connect($url, $user, $password);
- if ($this->_linkId == false) {
- $error='chcipla databaza';
- $this->exception($error);
- return false;
- //die();
- }// else {
- // mysql_query('set character set utf8');
- //}
- $this->_url=$url;
- $this->_user=$user;
- $this->_password=$password;
+class CLASS_DATABASE extends PDO {
+ //All functions in this class are deprecated!
+ //Please use only native PDO functions!
- if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
- $this->exception("1Database failed.");
- return false;
- die();
- }
- $this->_database=$database;
- }
- return true;
-}
+ var $Master = true;
+ var $_linkId = false;
+ var $_url = "";
+ var $_user = "";
+ var $_password = "";
+ var $_database = "";
+ var $_halt_on_error = true;
-/* DEPRECATED!
-function closeMysql() {
- mysql_close($this->_linkId);
-}
-*/
-
-function query($sql) {
-
- $this->_linkId = false;
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
- $this->Master = true;
-
- // Simple IDS, against automats
- // When possible attack is detected,
- // query & session information is stored into log
- // Looking for following string in SQL query:
- // - "user()" (get cur. user)
- // - "@@version" (get mysql version)
- // - "AND 1=1" (blind sqli) (too many false positives?)
- // - "information_schema" (for listing of tables, columns...)
-
- // - "/*" (comment) (too many false positives?)
- // - "--" (comment) (too many false positives?)
-
- if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
- || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
- ) {
- logger::log('SQL ALARM',$sql);
-
+ function __construct() {
+ $this->connect(DB_HOST, DB_USER, DB_PASS, DB_DATABASE);
}
- $this->_queryId = mysql_query($sql,$this->_linkId);
-
- if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
- echo $sql;
- global $timer_start;
- echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
- }
+ protected function connect($host, $user, $password, $database, $halt_on_error = true) {
+ global $error;
+ parent::__construct("mysql:host=$host;dbname=$database", $user,
+ $password);
+ /*{
+ $error='chcipla databaza';
+ $this->exception($error); //deprecated
+ }; */
+ $this->setAttribute(PDO::ATTR_STATEMENT_CLASS,
+ array('result', array($this)));
- if ($this->_queryId == false) {
- $this->exception("query failed ::$sql::");
+ $this->_halt_on_error = $halt_on_error;
+ $this->_url = $host;
+ $this->_user = $user;
+ $this->_password = $password;
+ /* if ($this->_linkId == false) {
+ $this->_linkId=mysql_connect($host, $user, $password);
+ if ($this->_linkId == false) {
+ $error='chcipla databaza';
+ $this->exception($error);
+ return false;
+ //die();
+ }// else {
+ // mysql_query('set character set utf8');
+ //}
+ $this->_url=$host;
+ $this->_user=$user;
+ $this->_password=$password;
+
+ if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
+ $this->exception("1Database failed.");
+ return false;
+ die();
+ }
+ $this->_database=$database;
+ }
+ */
+ return true;
}
- return new result($this->_queryId, $sql);
-}
-
-/* DEPRECATED!
-function executequery($sql) { //same as query()!
- return($this->query($sql));
-}
-
-function executetransaction($queries) {
- $this->executequery("set autocommit=0");
- if (is_array($queries)) {
- foreach ($queries as $query) {
- $this->executequery($query);
+ function update($sql) { //DEPRECATED!!! Use $db->query($sql)->rowCount(); instead!!!
+ if (!$this->Master) {
+ $this->_linkId = false;
+ $this->connect(DB_HOST, DB_USER, DB_PASS, DB_DATABASE);
+ $this->Master = true;
}
- }
- $this->executequery("commit");
- $this->executequery("set autocommit=1");
-}
-function executeupdate($sql) {
- return($this->update($sql));
-}
-*/
-
-function update($sql) {
- if (!$this->Master) {
- $this->_linkId = false;
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
- $this->Master = true;
- }
-
- $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
+ $this->_queryId = $this->query($sql);
if ($this->_queryId == false) {
$this->exception("update failed.");
}
- $rows=@mysql_affected_rows($this->_linkId);
- return($rows);
-}
+ $rows = @$this->_queryId->rowCount();
+ return ($rows);
+ }
-function getLastInsertId() {
- return(@mysql_insert_id($this->_linkId));
-}
+ function getLastInsertId() { //DEPRECATED!!! Use $db->lastInsertId(); instead!!!
+ return (@$this->lastInsertId());
+ }
-function exception($errorMessage) { //Internal only!
+ protected function exception($errorMessage) {
- echo "<!-- ";
- echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
- echo "-->";
+ echo "<!-- ";
+ //echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
+ echo "-->";
- if ($this->_halt_on_error) {
- die("<pre>".$errorMessage."</pre>");
+ if ($this->_halt_on_error) {
+
die("<pre>".$errorMessage."</pre>");
} else {
echo $errorMessage."<br>";
return false;
}
}
}
-?>
+
$params['node_parent']=$node_parent;
$params['node_system_access']=$node_system_access;
$params['node_creator']=$_SESSION['user_id'];
- $params['node_content']=mysql_escape_string($node_content);
+ $params['node_content']=db_escape_string($node_content);
$params['external_link']=$external_link;
nodes::addNode($params);
return true;
$params['node_content'] .= "<br />node_parent: <a href='$node_parent'>".$node_parent."</a>";
$params['node_content'] .= "<br />node_system_access: ".$node_system_access;
$params['node_content'] .= "<br />node_creator: <a href='$node_creator'>".$node_creator."</a>";
- $params['node_content'] = mysql_real_escape_string($params['node_content']);
+ $params['node_content'] = db_escape_string($params['node_content']);
nodes::addNode($params);
return true;
}
-?>
\ No newline at end of file
+?>
$params['node_content'] .= "<br />node_parent: <a href='$node_parent'>".$node_parent."</a>";
$params['node_content'] .= "<br />node_system_access: ".$node_system_access;
$params['node_content'] .= "<br />node_creator: <a href='$node_creator'>".$node_creator."</a>";
- $params['node_content'] = mysql_real_escape_string($params['node_content']);
+ $params['node_content'] = db_escape_string($params['node_content']);
nodes::addNode($params);
return true;
}
-?>
\ No newline at end of file
+?>
$params['node_creator'] = UBIK_ID;
$params['node_parent'] = 2029360;
$params['node_name'] = "addTemplate execute: node $add_template_id";
- $params['node_content'] =
mysql_real_escape_string("addTemplate execute: node <a href='$add_template_id'>$add_template_id</a> by user ".$_SESSION['user_name']);
+ $params['node_content'] =
db_escape_string("addTemplate execute: node <a href='$add_template_id'>$add_template_id</a> by user ".$_SESSION['user_name']);
nodes::addNode($params);
$set=$db->query("select node_content from nodes where node_id='$add_template_id'");
return false;
}
$bans = explode(";",$_POST['bans']); // XXX sqli?
- $bans = array_map('mysql_real_escape_string', $bans);
+ $bans = array_map('db_escape_string', $bans);
$db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
foreach ($bans as $ban) {
}
}
- $node_vector=mysql_real_escape_string($_POST['node_vector']);
+ $node_vector=db_escape_string($_POST['node_vector']);
$old_vector=$node['node_vector'];
if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
$node_parent=intval($_POST['node_parent']);
- $node_created=mysql_real_escape_string($_POST['node_created']);
+ $node_created=db_escape_string($_POST['node_created']);
$node_id=$node['node_id'];
$node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
}
- $node_name=mysql_real_escape_string($_POST['node_name']);
+ $node_name=db_escape_string($_POST['node_name']);
- $node_external_access=mysql_real_escape_string($_POST['node_external_access']);
- $node_system_access=mysql_real_escape_string($_POST['node_system_access']);
+ $node_external_access=db_escape_string($_POST['node_external_access']);
+ $node_system_access=db_escape_string($_POST['node_system_access']);
require(INCLUDE_DIR.'htmlparse.inc');
global $htmlparse;
$params['node_creator'] = UBIK_ID;
$params['node_parent'] = WARNING_ZONE;
$params['node_name'] = "node $node_id configured as code";
- $params['node_content'] =
mysql_real_escape_string("node <a href=/id/$node_id>$node_id</a> added as code by user ".$_SESSION['user_name']);
+ $params['node_content'] =
db_escape_string("node <a href=/id/$node_id>$node_id</a> added as code by user ".$_SESSION['user_name']);
unset($_POST['code']);
nodes::addNode($params);
}
from nodes where node_id = '$node_id'";
$db->query($qtiamat);
- $qu = "update nodes set node_content = '".mysql_real_escape_string($node_content)."' where node_id = '$node_id'";
+ $qu = "update nodes set node_content = '".db_escape_string($node_content)."' where node_id = '$node_id'";
$result = $db->update($qu);
- $qu2 = "update node_content set node_content = '".mysql_real_escape_string($node_content)."' where node_id = '$node_id'";
+ $qu2 = "update node_content set node_content = '".db_escape_string($node_content)."' where node_id = '$node_id'";
$result = $db->update($qu2);
return true;
}
-?>
\ No newline at end of file
+?>
$user_id=$_SESSION['user_id'];\r
\r
if (($node['node_permission']=='owner') || ($node['node_permission']=='master')) {\r
- $node_name = mysql_real_escape_string($_POST['node_name']);\r
+ $node_name = db_escape_string($_POST['node_name']);\r
$test=$node_name.'[Locked_OUT]';\r
\r
if(!empty($node_id)) {\r
}\r
return true;\r
}\r
-?>
\ No newline at end of file
+?>\r
global $db,$error,$node;
$node_id=$node['node_id'];
$user_id=$_SESSION['user_id'];
- $node_system_access=mysql_real_escape_string($_POST['node_system_access']);
+ $node_system_access=db_escape_string($_POST['node_system_access']);
if (($node['node_permission']=='owner') || ($node['node_permission']=='master')) {
$descendant_count=$node['node_descendant_count'];
if (isset($_POST['listing_amount']) && is_numeric($_POST['listing_amount'])) {
- $listing_amount=mysql_real_escape_string($_POST['listing_amount']);
+ $listing_amount=db_escape_string($_POST['listing_amount']);
}elseif (!empty($_SESSION['listing_amount'])) $listing_amount=$_SESSION['listing_amount'];
else $listing_amount=DEFAULT_LISTING_AMOUNT;
$smarty->assign('listing_amount',$listing_amount);
if (isset($_POST['listing_order']) && $_POST['listing_order']) {
- $listing_order=mysql_real_escape_string($_POST['listing_order']);
+ $listing_order=db_escape_string($_POST['listing_order']);
} elseif (!empty($_SESSION['listing_order'])) $listing_order=$_SESSION['listing_order'];
else $listing_order=DEFAULT_LISTING_ORDER;
$smarty->assign('listing_order',$listing_order);
global $db,$node,$error;
$user_id=$_SESSION['user_id'];
-$k_request=mysql_real_escape_string($_POST['k_wallet']);
+$k_request=db_escape_string($_POST['k_wallet']);
$kset=$db->query("select user_k from users where user_id='$user_id'");
$kset->next();
function login_check($login, $password, $login_type='id') {
global $db,$error,$node_id;
- $login = mysql_real_escape_string($login); //Not SQLi in $password but be carefull
+ $login = db_escape_string($login); //Not SQLi in $password but be carefull
$password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
$hash_query='(';
function put() {
- if (!empty($_POST['nodeshell_id'])) $nodeshell_id = mysql_real_escape_string($_POST['nodeshell_id']);
- else $nodeshell_id = mysql_real_escape_string($_POST['nodeshell_id_select']);
+ if (!empty($_POST['nodeshell_id'])) $nodeshell_id = db_escape_string($_POST['nodeshell_id']);
+ else $nodeshell_id = db_escape_string($_POST['nodeshell_id_select']);
if (is_array($_POST['node_chosen'])) $put_array = $_POST['node_chosen'];
else {
function register() {\r
global $db, $error;\r
\r
- $guild_id = mysql_real_escape_string(strip_tags(trim($_POST['guild_id'])));\r
- $content = mysql_real_escape_string(strip_tags(trim($_POST['reg_content'])));\r
- $email = mysql_real_escape_string(strip_tags(trim($_POST['reg_email'])));\r
- $login = mysql_real_escape_string(strip_tags(trim($_POST['reg_login'])));\r
- $xmpp = mysql_real_escape_string(strtolower(strip_tags(trim($_POST['reg_login']))));\r
- $pass = mysql_real_escape_string($_POST['reg_pass']);\r
- $pass2 = mysql_real_escape_string($_POST['reg_pass2']);\r
+ $guild_id = db_escape_string(strip_tags(trim($_POST['guild_id'])));\r
+ $content = db_escape_string(strip_tags(trim($_POST['reg_content'])));\r
+ $email = db_escape_string(strip_tags(trim($_POST['reg_email'])));\r
+ $login = db_escape_string(strip_tags(trim($_POST['reg_login'])));\r
+ $xmpp = db_escape_string(strtolower(strip_tags(trim($_POST['reg_login']))));\r
+ $pass = db_escape_string($_POST['reg_pass']);\r
+ $pass2 = db_escape_string($_POST['reg_pass2']);\r
\r
if (empty($login)) {\r
$error = 'please enter your nick name';\r
<?php
function reset_password() {
global $db,$error;
- $login = mysql_real_escape_string($_POST['login']);
- $login_type = mysql_real_escape_string($_POST['login_type']);
- $vercode = mysql_real_escape_string($_POST['vercode']);
- $password1 = mysql_real_escape_string($_POST['new_password1']);
- $password2 = mysql_real_escape_string($_POST['new_password2']);
+ $login = db_escape_string($_POST['login']);
+ $login_type = db_escape_string($_POST['login_type']);
+ $vercode = db_escape_string($_POST['vercode']);
+ $password1 = db_escape_string($_POST['new_password1']);
+ $password2 = db_escape_string($_POST['new_password2']);
if ($login == '') {
$error="Please enter name or id";
return false;
}
- $user_id=mysql_real_escape_string($_SESSION['user_id']);
- $user_name=mysql_real_escape_string($_SESSION['user_name']);
- $mail_name=mysql_real_escape_string($_POST['mail_to']);
+ $user_id=db_escape_string($_SESSION['user_id']);
+ $user_name=db_escape_string($_SESSION['user_name']);
+ $mail_name=db_escape_string($_POST['mail_to']);
if (!$mail_name) {
global $error;
if ($mail_to_id) {
- $mail_text=mysql_real_escape_string(nodes::processContent($mail_text));
+ $mail_text=db_escape_string(nodes::processContent($mail_text));
global $htmlparse;
if ($htmlparse) {
$error=$htmlparse;
$result=$db->query($q);
$db->query("update users set user_mail=user_mail+1,".
//"user_mail_name='$user_name',". //Not in DB yet!
- "user_mail_id='".mysql_real_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
+ "user_mail_id='".db_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
}
return true;
function set_external_link() {
global $error,$node,$db;
- $new_exlink = mysql_real_escape_string($_POST['external_link']);
- $node_id = mysql_real_escape_string($node['node_id']);
+ $new_exlink = db_escape_string($_POST['external_link']);
+ $node_id = db_escape_string($node['node_id']);
$node_permission=$node['node_permission'];
$find = '://';
$validation = strpos($new_exlink, $find);
}
}
-?>
\ No newline at end of file
+?>
// modifikacia ktora dovoli natiahnut iba spravny header template
function set_header_template() {
global $db,$error;
-$header_id=mysql_real_escape_string($_POST['header_id']);
+$header_id=db_escape_string($_POST['header_id']);
$user_id=$_SESSION['user_id'];
if (!$user_id) {
$_SESSION['header_id']=$header_id;
}
-?>
\ No newline at end of file
+?>
function set_time_lock(){
global $db,$error;
$user_id = $_SESSION['user_id'];
-$nick=mysql_real_escape_string($_SESSION['user_name']);
+$nick=db_escape_string($_SESSION['user_name']);
$nick=$nick . '[Locked_OUT]';
-$hodina=mysql_real_escape_string($_POST['hodina']);
-$minuta=mysql_real_escape_string($_POST['minuta']);
-$den=mysql_real_escape_string($_POST['den']);
-$mesiac=mysql_real_escape_string($_POST['mesiac']);
-$rok=mysql_real_escape_string($_POST['rok']);
+$hodina=db_escape_string($_POST['hodina']);
+$minuta=db_escape_string($_POST['minuta']);
+$den=db_escape_string($_POST['den']);
+$mesiac=db_escape_string($_POST['mesiac']);
+$rok=db_escape_string($_POST['rok']);
$now=date("Y-m-d H:i:s");
$til_lockout="$rok-$mesiac-$den $hodina:$minuta:00";
$kset->next();
$nick=$kset->getString('login');
$exploded=explode("[Locked_OUT]", $nick);
-$nick=mysql_real_escape_string($exploded[0]);
+$nick=db_escape_string($exploded[0]);
$q="update nodes set node_name='$nick' where node_id=$user_id";
function verify(){
global $db;
-$uvercode=mysql_real_escape_string($_POST['vc']);
-$login=mysql_real_escape_string($_POST['login']);
+$uvercode=db_escape_string($_POST['vc']);
+$login=db_escape_string($_POST['login']);
$kset=$db->query("select user_id,guild_id from users where login='$login'");
$kset->next();
}
$node_content = eregi_Replace("((( )|(\n)|(^))+)(http://|ftp://|https://)([[:alnum:]][^,[:space:]]*)","\\2<a target='_blank' href=\"\\6\\7\">\\6\\7</a>",$node_content);
- //$node_content = mysql_real_escape_string($node_content); once is enough
+ //$node_content = db_escape_string($node_content); once is enough
}
return $node_content;
<?php
-class result {
+
+class result extends PDOStatement {
+ //All functions in this class are deprecated!
+ //Please use only native PDOStatement functions!
+
var $_numRows = 0;
var $_numFields = 0;
var $_currentRow = -1;
var $_queryId = false;
var $_sql = "";
-function result($queryId, $sql) {
- $this->_queryId = $queryId;
- $this->_sql = $sql;
- if ($this->_queryId != false) {
- $this->_numRows = @mysql_num_rows($this->_queryId);
- $this->_numFields = @mysql_num_fields($this->_queryId);
+ public $dbh;
+ protected function __construct($dbh) {
+ $this->dbh = $dbh;
+
+ $this->_numRows = @$this->rowCount();
+ //$this->_numFields = @mysql_num_fields($this->_queryId);
$this->_currentRow = -1;
$this->_currentRecord = array();
- } else {
- $this->exception("result failed.");
}
-}
- function next() {
- if ($this->_currentRow + 1 >= $this->_numRows) {
- return false;
- } else {
- $this->_currentRecord = @mysql_fetch_assoc($this->_queryId);
- $this->_currentRow++;
- return true;
+ function next() { //DEPRECATED!!! Use $this->fetch(); instead!!!
+ if ($this->_currentRow + 1 >= $this->_numRows) {
+ return false;
+ } else {
+ $this->_currentRecord = @$this->fetch();
+ $this->_currentRow++;
+ return true;
+ }
}
-}
-/* DEPRECATED!
-function absolute($row) {
- if ($row > 0) {
-// positive row number
- @mysql_data_seek($this->_queryId, $row-1);
- $this->_currentRecord = @mysql_fetch_assoc($this->_queryId);
- $this->_currentRow = $row;
- } elseif ($row < 0) {
- // not implemented yet
- } else {
- $this->exception("Cannot absolute position to row 0");
+ function getRecord() { //DEPRECATED!!! Use $this->fetch(); instead!!!
+ return $this->_currentRecord;
}
-}
-*/
-function getRecord() {
- return $this->_currentRecord;
-}
-
-function getString($column) {
- if (is_int($column) == true) {
- return (string)$this->_currentRecord[$column-1];
- } else {
- return (string)$this->_currentRecord["$column"];
+ function getString($column) { //DEPRECATED!!! Use $this->fetch(); instead!!!
+ if (is_int($column) == true) {
+ return (string) $this->_currentRecord[$column - 1];
+ } else {
+ return (string) $this->_currentRecord["$column"];
+ }
}
-}
-function getInt($column) {
- if (is_int($column) == true) {
- return (int)$this->_currentRecord[$column-1];
- } else {
- return (int)$this->_currentRecord["$column"];
+ function getInt($column) { //DEPRECATED!!! Use $this->fetch(); instead!!!
+ $this->getString(); //Dynamic typing OMG...
}
-}
-
-/* DEPRECATED!
-function getVariable($column) {
- return (int)$this->_currentRecord["$column"];
-}
-
-function getDouble() {
- if (is_int($column) == true) {
- return (double)$this->_currentRecord[$column-1];
- } else {
- return (double)$this->_currentRecord["$column"];
- }
-}
-
-function getRow() {
- if ($this->_currentRow < 0) {
- return 0;
- } else {
- return $this->_currentRow + 1;
+ function getNumRows() { //DEPRECATED!!! Use $this->rowCount(); instead!!!
+ return $this->_numRows;
}
-}
-*/
-
-function getNumRows() {
- return $this->_numRows;
-}
-
-/* DEPRECATED!
-function getNumFields() {
- return $this->_numFields;
-}
-*/
-
-function exception($errorMsg) { //Internal only!
- die("<pre>SQLException: ".$msg."</pre>");
-}
}
-?>
<?php
function smarty_function_get_id_by_name($params,&$smarty) {
- $name = mysql_real_escape_string($params['name']);
- global $db;
- $q="select user_id from users where login='$name'";
- $set=$db->query($q);
- if ($set->getNumRows() > 0) {
- $set->next();
- $id=$set->getString('user_id');
- }
- else $id = '1';
- $smarty->assign('get_id_by_name',$id);
+ $name = db_escape_string($params['name']);
+ global $db;
+ $q="select user_id from users where login='$name'";
+ $set=$db->query($q);
+ if ($set && $set->getNumRows() > 0) {
+ $set->next();
+ $id=$set->getString('user_id');
+ }
+ else $id = '1';
+ $smarty->assign('get_id_by_name',$id);
}
-?>
\ No newline at end of file
+
if ($_POST['search_type']=='content')
$sql_type.=" and node_content like '%".addslashes($_POST['node_content'])."%' ";
else {
- $q2="select user_id from users where login='".mysql_real_escape_string($_POST['node_content'])."'";
+ $q2="select user_id from users where login='".db_escape_string($_POST['node_content'])."'";
$userset=$db->query($q2);
$userset->next();
$id=$userset->getString('user_id');
$params['node_creator'] = UBIK_ID;
$params['node_parent'] = 2029360;
$params['node_name'] = "addTemplate execute: node $add_template_id";
- $params['node_content'] =
mysql_real_escape_string("addTemplate execute: node <a href='$add_template_id'>$add_template_id</a> by user ".$_SESSION['user_name']);
+ $params['node_content'] =
db_escape_string("addTemplate execute: node <a href='$add_template_id'>$add_template_id</a> by user ".$_SESSION['user_name']);
nodes::addNode($params);
*/
/*
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / commitdiff
