use MDB2's escape instead of mysql_escape

author Robin <robin@Amaya.(none)>

Sat, 22 May 2010 21:05:49 +0000 (23:05 +0200)

committer Robin <robin@Amaya.(none)>

Sat, 22 May 2010 21:05:49 +0000 (23:05 +0200)
author Robin <robin@Amaya.(none)>
Sat, 22 May 2010 21:05:49 +0000 (23:05 +0200)
committer Robin <robin@Amaya.(none)>
Sat, 22 May 2010 21:05:49 +0000 (23:05 +0200)
diff --git a/inc/lib_base.php b/inc/lib_base.php

index e6c02722b49d21d5025fa0b77a4a66f751c2ecac..506bca221089c8009cdf654e7144f3102418ed6f 100755 (executable)
--- a/inc/lib_base.php
+++ b/inc/lib_base.php
@@ -474,14 +474,15 @@ class OC_DB {
                 }
         }
         
-       static public function createTable($name,$definition){
-               self::connect();
-               self::$DBConnection->createTable($name,$definition);
-       }
-       
-       static public function createConstraint($table,$name,$definition){
-               self::connect();
-               self::$DBConnection->createConstraint($table,$name,$definition);
+       /**
+       * escape strings so they can be used in queries
+       *
+       * @param string string
+       * @return string
+       */
+       static function escape($string){
+               OC_DB::connect();
+               return self::$DBConnection->escape($string);
         }
  
  }
diff --git a/inc/lib_user.php b/inc/lib_user.php

index 989af7d4261fe6ee1385f2ff508b3bc1e37969d9..86ef53df669a2a55b2481605b115579588dd5207 100755 (executable)
--- a/inc/lib_user.php
+++ b/inc/lib_user.php
@@ -60,8 +60,8 @@ class OC_USER {
                 }else{
                         $password=sha1($password);
                         $usernameclean=strtolower($username);
-                       $username=mysql_escape_string($username);
-                       $usernameclean=mysql_escape_string($usernameclean);
+                       $username=OC_DB::escape($username);
+                       $usernameclean=OC_DB::escape($usernameclean);
                         $query="INSERT INTO  `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`) VALUES (NULL ,  '$username',  '$usernameclean',  '$password')";
                         $result=OC_DB::query($query);
                         return ($result)?true:false;
@@ -76,8 +76,8 @@ class OC_USER {
         public static function login($username,$password){
                 $password=sha1($password);
                 $usernameclean=strtolower($username);
-               $username=mysql_escape_string($username);
-               $usernameclean=mysql_escape_string($usernameclean);
+               $username=OC_DB::escape($username);
+               $usernameclean=OC_DB::escape($usernameclean);
                 $query="SELECT user_id FROM  users WHERE  user_name_clean =  '$usernameclean' AND  user_password =  '$password' LIMIT 1";
                 $result=OC_DB::select($query);
                 if(isset($result[0]) && isset($result[0]['user_id'])){
@@ -117,7 +117,7 @@ class OC_USER {
         */
         public static function creategroup($groupname){
                 if(OC_USER::getgroupid($groupname)==0){
-                       $groupname=mysql_escape_string($groupname);
+                       $groupname=OC_DB::escape($groupname);
                         $query="INSERT INTO  `groups` (`group_id` ,`group_name`) VALUES (NULL ,  '$groupname')";
                         $result=OC_DB::query($query);
                         return ($result)?true:false;
@@ -132,8 +132,8 @@ class OC_USER {
         */
         public static function getuserid($username){
                 $usernameclean=strtolower($username);
-               $username=mysql_escape_string($username);
-               $usernameclean=mysql_escape_string($usernameclean);
+               $username=OC_DB::escape($username);
+               $usernameclean=OC_DB::escape($usernameclean);
                 $query="SELECT user_id FROM  users WHERE user_name_clean = '$usernameclean'";
                 $result=OC_DB::select($query);
                 if(!is_array($result)){
@@ -151,7 +151,7 @@ class OC_USER {
         *
         */
         public static function getgroupid($groupname){
-               $groupname=mysql_escape_string($groupname);
+               $groupname=OC_DB::escape($groupname);
                 $query="SELECT group_id FROM groups WHERE  group_name = '$groupname'";
                 $result=OC_DB::select($query);
                 if(!is_array($result)){
@@ -268,8 +268,8 @@ class OC_USER {
         public static function checkpassword($username,$password){
                 $password=sha1($password);
                 $usernameclean=strtolower($username);
-               $username=mysql_escape_string($username);
-               $usernameclean=mysql_escape_string($usernameclean);
+               $username=OC_DB::escape($username);
+               $usernameclean=OC_DB::escape($usernameclean);
                 $query="SELECT user_id FROM  'users' WHERE  user_name_clean =  '$usernameclean' AND  user_password =  '$password' LIMIT 1";
                 $result=OC_DB::select($query);
                 if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
author	Robin <robin@Amaya.(none)>
	Sat, 22 May 2010 21:05:49 +0000 (23:05 +0200)
committer	Robin <robin@Amaya.(none)>
	Sat, 22 May 2010 21:05:49 +0000 (23:05 +0200)
inc/lib_base.php		patch \| blob \| history
inc/lib_user.php		patch \| blob \| history