diff options
author | Philip Häusler <msquare@notrademark.de> | 2014-12-28 13:44:56 +0100 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2014-12-28 13:44:56 +0100 |
commit | 6bede2fd229395f34c321a37efa2ea93e7b1a7ba (patch) | |
tree | a20c74d5bdddae9e1ec9a988e1ba468371a4a995 /includes/model/ShiftTypes_model.php | |
parent | a6ab81b834fe91b0f0704a7db33e377c8dc63a23 (diff) |
harden the sql queries
Diffstat (limited to 'includes/model/ShiftTypes_model.php')
-rw-r--r-- | includes/model/ShiftTypes_model.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/model/ShiftTypes_model.php b/includes/model/ShiftTypes_model.php index 7b502585..907ad076 100644 --- a/includes/model/ShiftTypes_model.php +++ b/includes/model/ShiftTypes_model.php @@ -5,7 +5,7 @@ * @param int $shifttype_id */ function ShiftType_delete($shifttype_id) { - return sql_query("DELETE FROM `ShiftTypes` WHERE `id`=" . sql_escape($shifttype_id)); + return sql_query("DELETE FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'"); } /** @@ -21,7 +21,7 @@ function ShiftType_update($shifttype_id, $name, $angeltype_id, $description) { `name`='" . sql_escape($name) . "', `angeltype_id`=" . sql_null($angeltype_id) . ", `description`='" . sql_escape($description) . "' - WHERE `id`=" . sql_escape($shifttype_id)); + WHERE `id`='" . sql_escape($shifttype_id) . "'"); } /** @@ -35,7 +35,7 @@ function ShiftType_update($shifttype_id, $name, $angeltype_id, $description) { function ShiftType_create($name, $angeltype_id, $description) { $result = sql_query("INSERT INTO `ShiftTypes` SET `name`='" . sql_escape($name) . "', - `angeltype_id`=" . sql_null($angeltype_id) . ", + `angeltype_id`='" . sql_null($angeltype_id) . "', `description`='" . sql_escape($description) . "'"); if ($result === false) return false; @@ -48,7 +48,7 @@ function ShiftType_create($name, $angeltype_id, $description) { * @param int $shifttype_id */ function ShiftType($shifttype_id) { - $shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`=" . sql_escape($shifttype_id)); + $shifttype = sql_select("SELECT * FROM `ShiftTypes` WHERE `id`='" . sql_escape($shifttype_id) . "'"); if ($shifttype === false) return false; if ($shifttype == null) |