Changeset 3258


Ignore:
Timestamp:
09/16/10 16:29:57 (14 years ago)
Author:
rafaelraymundo
Message:

Ticket #1300 - Escapando strings das variaveis usadas pelo help.php no sql.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.2/phpgwapi/inc/class.translation_sql.inc.php

    r266 r3258  
    229229                        if (!isset($this->loaded_apps[$app]) || $this->loaded_apps[$app] != $lang) 
    230230                        { 
    231                                 $sql = "select message_id,content from phpgw_lang where lang='".$lang."' and app_name='".$app."'"; 
     231                                $sql = "select message_id,content from phpgw_lang where lang='".pg_escape_string($lang)."' and app_name='".pg_escape_string($app)."'"; 
    232232                                $this->db->query($sql,__LINE__,__FILE__); 
    233233                                while ($this->db->next_record()) 
Note: See TracChangeset for help on using the changeset viewer.