Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-10-13 18:04:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes escape string by using custom function #18

Browse Source
This commit is contained in:
Stefan Brannfjell
2014-02-06 22:51:05 +01:00
parent 29a7de9751
commit 801e0bcbef
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin_news.php
View File

@@ -59,7 +59,7 @@ if (empty($_POST) === false) {
// Insert news
if ($action === 'i') {
echo '<font color="green"><b>News created successfully!</b></font>';
list($charid, $title, $text) = array((int)$_POST['selected_char'], mysql_real_escape_string($_POST['title']), mysql_real_escape_string($_POST['text']));
list($charid, $title, $text) = array((int)$_POST['selected_char'], mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
$date = time();
mysql_insert("INSERT INTO `znote_news` (`title`, `text`, `date`, `pid`) VALUES ('$title', '$text', '$date', '$charid');");
// Reload the cache.
@@ -71,7 +71,7 @@ if (empty($_POST) === false) {
// Save
if ($action === 's') {
echo '<font color="green"><b>News successfully updated!</b></font>';
list($title, $text) = array(mysql_real_escape_string($_POST['title']), mysql_real_escape_string($_POST['text']));
list($title, $text) = array(mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
mysql_update("UPDATE `znote_news` SET `title`='$title',`text`='$text' WHERE `id`='$id';") or die("FUCK!");
$cache = new Cache('engine/cache/news');
$news = fetchAllNews();