Changeset 3259 for branches/2.0


Ignore:
Timestamp:
09/16/10 16:41:19 (14 years ago)
Author:
niltonneto
Message:

Ticket #1300 - Escapando strings das variaveis usadas pelo help.php no sql.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/phpgwapi/inc/class.translation_sql.inc.php

    r266 r3259  
    229229                        if (!isset($this->loaded_apps[$app]) || $this->loaded_apps[$app] != $lang) 
    230230                        { 
    231                                 $sql = "select message_id,content from phpgw_lang where lang='".$lang."' and app_name='".$app."'"; 
     231                                $sql = "select message_id,content from phpgw_lang where lang='".pg_escape_string($lang)."' and app_name='".pg_escape_string($app)."'"; 
    232232                                $this->db->query($sql,__LINE__,__FILE__); 
    233233                                while ($this->db->next_record()) 
Note: See TracChangeset for help on using the changeset viewer.