diff options
Diffstat (limited to 'class/CommonTable.php')
| -rw-r--r-- | class/CommonTable.php | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/class/CommonTable.php b/class/CommonTable.php index ab06cfd..d8852c7 100644 --- a/class/CommonTable.php +++ b/class/CommonTable.php @@ -57,6 +57,18 @@ abstract class CommonTable } /** + * Escape a string + * + * @param string $val Value to be escaped + * + * @return string + */ + function escape($val) + { + return $this->db->quote($val); + } + + /** * Check if the table already exists * * @param string $table with table name @@ -109,7 +121,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $val[] = $value; } else { - $val[] = "'".addslashes($value)."'"; + $val[] = "'".$this->escape($value)."'"; } } $sql = "INSERT INTO `".$this->table."` (".implode(',', $col).") @@ -173,7 +185,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $sql .= '='.$value; } else { - $sql .= "='".addslashes($value)."'"; + $sql .= "='".$this->escape($value)."'"; } $link = "AND"; @@ -208,7 +220,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $sql .= $value; } else { - $sql .= "'".addslashes($value)."'"; + $sql .= "'".$this->escape($value)."'"; } $link = ','; } |