From 7b08854f705ff56ac041ad8baaeec85e0e7189d0 Mon Sep 17 00:00:00 2001 From: Robin Date: Sat, 22 May 2010 23:05:49 +0200 Subject: [PATCH] use MDB2's escape instead of mysql_escape --- inc/lib_base.php | 17 +++++++++-------- inc/lib_user.php | 20 ++++++++++---------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/inc/lib_base.php b/inc/lib_base.php index e6c02722b49..506bca22108 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -474,14 +474,15 @@ class OC_DB { } } - static public function createTable($name,$definition){ - self::connect(); - self::$DBConnection->createTable($name,$definition); - } - - static public function createConstraint($table,$name,$definition){ - self::connect(); - self::$DBConnection->createConstraint($table,$name,$definition); + /** + * escape strings so they can be used in queries + * + * @param string string + * @return string + */ + static function escape($string){ + OC_DB::connect(); + return self::$DBConnection->escape($string); } } diff --git a/inc/lib_user.php b/inc/lib_user.php index 989af7d4261..86ef53df669 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -60,8 +60,8 @@ class OC_USER { }else{ $password=sha1($password); $usernameclean=strtolower($username); - $username=mysql_escape_string($username); - $usernameclean=mysql_escape_string($usernameclean); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`) VALUES (NULL , '$username', '$usernameclean', '$password')"; $result=OC_DB::query($query); return ($result)?true:false; @@ -76,8 +76,8 @@ class OC_USER { public static function login($username,$password){ $password=sha1($password); $usernameclean=strtolower($username); - $username=mysql_escape_string($username); - $usernameclean=mysql_escape_string($usernameclean); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); $query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id'])){ @@ -117,7 +117,7 @@ class OC_USER { */ public static function creategroup($groupname){ if(OC_USER::getgroupid($groupname)==0){ - $groupname=mysql_escape_string($groupname); + $groupname=OC_DB::escape($groupname); $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname')"; $result=OC_DB::query($query); return ($result)?true:false; @@ -132,8 +132,8 @@ class OC_USER { */ public static function getuserid($username){ $usernameclean=strtolower($username); - $username=mysql_escape_string($username); - $usernameclean=mysql_escape_string($usernameclean); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); $query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'"; $result=OC_DB::select($query); if(!is_array($result)){ @@ -151,7 +151,7 @@ class OC_USER { * */ public static function getgroupid($groupname){ - $groupname=mysql_escape_string($groupname); + $groupname=OC_DB::escape($groupname); $query="SELECT group_id FROM groups WHERE group_name = '$groupname'"; $result=OC_DB::select($query); if(!is_array($result)){ @@ -268,8 +268,8 @@ class OC_USER { public static function checkpassword($username,$password){ $password=sha1($password); $usernameclean=strtolower($username); - $username=mysql_escape_string($username); - $usernameclean=mysql_escape_string($usernameclean); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); $query="SELECT user_id FROM 'users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; $result=OC_DB::select($query); if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ -- 2.39.5