summaryrefslogtreecommitdiffstats
path: root/class/CommonTable.php
diff options
context:
space:
mode:
Diffstat (limited to 'class/CommonTable.php')
-rw-r--r--class/CommonTable.php18
1 files changed, 15 insertions, 3 deletions
diff --git a/class/CommonTable.php b/class/CommonTable.php
index ab06cfd..d8852c7 100644
--- a/class/CommonTable.php
+++ b/class/CommonTable.php
@@ -57,6 +57,18 @@ abstract class CommonTable
}
/**
+ * Escape a string
+ *
+ * @param string $val Value to be escaped
+ *
+ * @return string
+ */
+ function escape($val)
+ {
+ return $this->db->quote($val);
+ }
+
+ /**
* Check if the table already exists
*
* @param string $table with table name
@@ -109,7 +121,7 @@ abstract class CommonTable
} else if (is_numeric($value)) {
$val[] = $value;
} else {
- $val[] = "'".addslashes($value)."'";
+ $val[] = "'".$this->escape($value)."'";
}
}
$sql = "INSERT INTO `".$this->table."` (".implode(',', $col).")
@@ -173,7 +185,7 @@ abstract class CommonTable
} else if (is_numeric($value)) {
$sql .= '='.$value;
} else {
- $sql .= "='".addslashes($value)."'";
+ $sql .= "='".$this->escape($value)."'";
}
$link = "AND";
@@ -208,7 +220,7 @@ abstract class CommonTable
} else if (is_numeric($value)) {
$sql .= $value;
} else {
- $sql .= "'".addslashes($value)."'";
+ $sql .= "'".$this->escape($value)."'";
}
$link = ',';
}