[SUCS Devel] site r639 - branches/sucs-site/htdocs

arthur at sucs.org arthur at sucs.org
Fri Jan 30 16:57:13 GMT 2015


Author: arthur
Date: 2015-01-30 16:57:12 +0000 (Fri, 30 Jan 2015)
New Revision: 639

Modified:
   branches/sucs-site/htdocs/index.php
Log:
remove addslashes usage in path building


Modified: branches/sucs-site/htdocs/index.php
===================================================================
--- branches/sucs-site/htdocs/index.php	2015-01-30 15:46:20 UTC (rev 638)
+++ branches/sucs-site/htdocs/index.php	2015-01-30 16:57:12 UTC (rev 639)
@@ -111,11 +111,14 @@
 $smarty->assign_by_ref("pathlist", $pathlist);
 $path = '';
 $query = "select * from pagemap where path='/' ";
+$params = array();
 foreach($pathlist as $item) {
 	if ($item && $item != '/') {
-	$query .= "or path = '".addslashes($path)."/*' ";
-	$path .= "/$item";
-	$query .= "or path = '".addslashes($path)."' ";
+		$query .= "or path=? ";
+		$params[] = $path."/*";
+		$path .= "/$item";
+		$query .= "or path=? ";
+		$params[] = $path;
 	}
 }
 
@@ -123,7 +126,7 @@
 $smarty->assign_by_ref("path", $path);
 
 $query .= "order by depth desc";
-$pagemap = $DB->GetAll($query);
+$pagemap = $DB->GetAll($query, $params);
 //echo $query;
 if (!$pagemap) $smarty->assign("error", $DB->ErrorMsg());
 if (!$pagemap || count($pagemap)<1) {




More information about the Devel mailing list