Skip to content
Permalink
Browse files

dbwrapper changes

  • Loading branch information...
NB-Core committed Dec 24, 2015
1 parent ebd9e48 commit 6fcb4a5d2e06e18ad90f28b7113df6a9e7796b8e
Showing with 27 additions and 8 deletions.
  1. +1 −0 CHANGELOG.txt
  2. +5 −5 create.php
  3. +6 −0 lib/dbwrapper_mysql.php
  4. +6 −0 lib/dbwrapper_mysqli_oos.php
  5. +6 −0 lib/dbwrapper_mysqli_proc.php
  6. +1 −1 list.php
  7. +1 −1 logdnet.php
  8. +1 −1 modules.php
@@ -9,6 +9,7 @@ Changes to 1.2.5 +nb
*superuser.php --> new hook to make the section "switchable"
[FIXES]
*lib/commentary.php --> forgot a closing > at a </div> - section close
*lib/dbwrapper_* + create.php + modules.php + list.php + logdnet.php --> mysql_real_escape_string depends on server type. made new function to wrappers for mysqli (mysql wrapper is now obsolete with ubuntu 15.04 LTS fyi)
[REMOVES]

Changes to 1.2.4 +nb
@@ -31,7 +31,7 @@
if ($op=="forgotval"){
$id = httpget('id');
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress,emailvalidation FROM ". db_prefix("accounts") . " WHERE forgottenpassword='".mysql_real_escape_string($id)."' AND forgottenpassword!=''";
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress,emailvalidation FROM ". db_prefix("accounts") . " WHERE forgottenpassword='".db_real_escape_string($id)."' AND forgottenpassword!=''";
$result = db_query($sql);
if (db_num_rows($result)>0) {
$row = db_fetch_assoc($result);
@@ -67,7 +67,7 @@
}
} elseif ($op=="val"){
$id = httpget('id');
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress FROM ". db_prefix("accounts") . " WHERE emailvalidation='".mysql_real_escape_string($id)."' AND emailvalidation!=''";
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress FROM ". db_prefix("accounts") . " WHERE emailvalidation='".db_real_escape_string($id)."' AND emailvalidation!=''";
$result = db_query($sql);
if (db_num_rows($result)>0) {
$row = db_fetch_assoc($result);
@@ -131,7 +131,7 @@
if ($op=="forgot"){
$charname = httppost('charname');
if ($charname!=""){
$sql = "SELECT acctid,login,emailaddress,forgottenpassword,password FROM " . db_prefix("accounts") . " WHERE login='".mysql_real_escape_string($charname)."'";
$sql = "SELECT acctid,login,emailaddress,forgottenpassword,password FROM " . db_prefix("accounts") . " WHERE login='".db_real_escape_string($charname)."'";
$result = db_query($sql);
if (db_num_rows($result)>0){
$row = db_fetch_assoc($result);
@@ -197,7 +197,7 @@
$pass1= httppost('pass1');
$pass2= httppost('pass2');
if (getsetting("blockdupeemail",0)==1 && getsetting("requireemail",0)==1){
$sql = "SELECT login FROM " . db_prefix("accounts") . " WHERE emailaddress='".mysql_real_escape_string($email)."'";
$sql = "SELECT login FROM " . db_prefix("accounts") . " WHERE emailaddress='".db_real_escape_string($email)."'";
$result = db_query($sql);
if (db_num_rows($result)>0){
$blockaccount=true;
@@ -264,7 +264,7 @@
}
$refer = httpget('r');
if ($refer>""){
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='".mysql_real_escape_string($refer)."'";
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='".db_real_escape_string($refer)."'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
@@ -150,6 +150,12 @@ function db_select_db($dbname){
$r = $fname($dbname);
return $r;
}
function db_real_escape_string($string){
$r = mysql_real_escape_string($string);
return $r;
}
function db_free_result($result){
if (is_array($result)){
//cached data
@@ -166,6 +166,12 @@ function db_select_db($dbname){
return $r;
}
function db_real_escape_string($string){
global $mysqli_resource;
$r = $mysqli_resource->real_escape_string($string);
return $r;
}
function db_free_result($result){
if (is_array($result)){
//cached data
@@ -159,6 +159,12 @@ function db_select_db($dbname){
return $r;
}
function db_real_escape_string($string){
global $mysqli_resource;
$r = mysqli_real_escape_string($mysqli_resource,$string);
return $r;
}
function db_free_result($result){
if (is_array($result)){
//cached data
@@ -43,7 +43,7 @@
if ($op=="search"){
$search="%";
$n = mysqli_real_escape_string($mysqli_resource,httppost('name'));
$n = db_real_escape_string(httppost('name'));
for ($x=0;$x<strlen($n);$x++){
$search .= substr($n,$x,1)."%";
}
@@ -84,7 +84,7 @@ function lotgdsort($a, $b)
$admin = "unknown";
// See if we know this server.
$sql = "SELECT lastupdate,serverid,lastping,recentips FROM " . db_prefix("logdnet") . " WHERE address='".mysql_real_escape_string($addy)."'";
$sql = "SELECT lastupdate,serverid,lastping,recentips FROM " . db_prefix("logdnet") . " WHERE address='".db_real_escape_string($addy)."'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
@@ -129,7 +129,7 @@
addnav("","modules.php?cat=$cat&sortby=formalname&order=".($sortby=="formalname"?!$order:1));
addnav("","modules.php?cat=$cat&sortby=moduleauthor&order=".($sortby=="moduleauthor"?!$order:1));
addnav("","modules.php?cat=$cat&sortby=installdate&order=".($sortby=="installdate"?$order:0));
$sql = "SELECT * FROM " . db_prefix("modules") . " WHERE category='$cat' ORDER BY ".$sortby." ".($order?"ASC":"DESC");
$sql = "SELECT * FROM " . db_prefix("modules") . " WHERE category='".db_real_escape_string($cat)."' ORDER BY ".$sortby." ".($order?"ASC":"DESC");
$result = db_query($sql);
if (db_num_rows($result)==0){
rawoutput("<tr class='trlight'><td colspan='6' align='center'>");

0 comments on commit 6fcb4a5

Please sign in to comment.
You can’t perform that action at this time.