[SUCS Devel] site r639 - branches/sucs-site/htdocs
arthur at sucs.org
arthur at sucs.org
Fri Jan 30 16:57:13 GMT 2015
Author: arthur
Date: 2015-01-30 16:57:12 +0000 (Fri, 30 Jan 2015)
New Revision: 639
Modified:
branches/sucs-site/htdocs/index.php
Log:
remove addslashes usage in path building
Modified: branches/sucs-site/htdocs/index.php
===================================================================
--- branches/sucs-site/htdocs/index.php 2015-01-30 15:46:20 UTC (rev 638)
+++ branches/sucs-site/htdocs/index.php 2015-01-30 16:57:12 UTC (rev 639)
@@ -111,11 +111,14 @@
$smarty->assign_by_ref("pathlist", $pathlist);
$path = '';
$query = "select * from pagemap where path='/' ";
+$params = array();
foreach($pathlist as $item) {
if ($item && $item != '/') {
- $query .= "or path = '".addslashes($path)."/*' ";
- $path .= "/$item";
- $query .= "or path = '".addslashes($path)."' ";
+ $query .= "or path=? ";
+ $params[] = $path."/*";
+ $path .= "/$item";
+ $query .= "or path=? ";
+ $params[] = $path;
}
}
@@ -123,7 +126,7 @@
$smarty->assign_by_ref("path", $path);
$query .= "order by depth desc";
-$pagemap = $DB->GetAll($query);
+$pagemap = $DB->GetAll($query, $params);
//echo $query;
if (!$pagemap) $smarty->assign("error", $DB->ErrorMsg());
if (!$pagemap || count($pagemap)<1) {
More information about the Devel
mailing list