Permalink
Browse files

fixed some quote problems in inserting items

  • Loading branch information...
1 parent 8b5fb13 commit b2ce9cfe0a18d59971a392044e4d1a5ecf483e28 Spiros Ioannou committed Nov 18, 2012
Showing with 8 additions and 6 deletions.
  1. +8 −6 php/edititem.php
View
14 php/edititem.php
@@ -111,13 +111,15 @@
if ($formvar == "purchasedate") $$formvar=ymd2sec($$formvar);
if ($formvar == "maintend") $$formvar=ymd2sec($$formvar);
if ($formvar == "warrantymonths") {
- if ($$formvar=="") $$formvar="NULL";
- else
- $$formvar=(int)($$formvar);
+ if ($$formvar=="")
+ $$formvar="NULL";
+ else
+ $$formvar=(int)($$formvar);
$set.="$formvar=".($$formvar).""; //without quotes for integer
}
- else
- $set.="$formvar='".($$formvar)."'";
+ else {
+ $set.="$formvar='".htmlspecialchars($$formvar,ENT_QUOTES,"UTF-8")."'";
+ }
$set.=", ";
$i++;
}
@@ -244,7 +246,7 @@
" '$warrinfo', '$model', '$sn', '$sn2', '$sn3', '$origin', ".
" $warrantymonths, '$purchasedate2', ".
" '$purchprice', '$dnsname', $userid, $locationid,$locareaid, '$maintenanceinfo', ".
- " '$comments',$ispart, $rackid, $rackposition,$rackposdepth, $rackmountable, " .
+ " '". htmlspecialchars($comments,ENT_QUOTES,'UTF-8') ."',$ispart, $rackid, $rackposition,$rackposdepth, $rackmountable, " .
" $usize, $status, '$macs', '$ipv4', '$ipv6', '$remadmip', ".
" '$hd', '$cpu', '$cpuno', '$corespercpu', '$ram', ".
" '$panelport', $switchid, '$switchport', '$ports' ) ";

0 comments on commit b2ce9cf

Please sign in to comment.