diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2011-06-03 20:24:36 +0200 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2011-06-03 20:24:36 +0200 |
| commit | 5d9335fe183a0486c593975c45c2abe6875ab719 (patch) | |
| tree | d816682945e3a6121b853202dcf5aac2d4d2837b /includes/pages/admin_language.php | |
| parent | 200053d720dbec25b2c7f3a8a408b74a4fa66244 (diff) | |
admin_questions: More templates + sql fixes
Diffstat (limited to 'includes/pages/admin_language.php')
| -rw-r--r-- | includes/pages/admin_language.php | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php index a866528e..749cd643 100644 --- a/includes/pages/admin_language.php +++ b/includes/pages/admin_language.php @@ -72,19 +72,29 @@ function admin_language() { foreach ($_POST as $k => $v) { if ($k != "TextID") { $sql_test = "SELECT * FROM `Sprache` " . - "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k'"; + "WHERE `TextID`='" . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" + . sql_escape($k) . "'"; + $erg_test = sql_query($sql_test); if (mysql_num_rows($erg_test) == 0) { $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . - "VALUES ('" . $_POST["TextID"] . "', '$k', '$v')"; + "VALUES ('" . sql_escape($_POST["TextID"]) . "', '" + . sql_escape($k) . "', '" + . sql_escape($v) . "')"; + $html .= $sql_save . "<br />"; $Erg = sql_query($sql_save); $html .= success("$k Save: OK<br />\n"); } else if (mysql_result($erg_test, 0, "Text") != $v) { - $sql_save = "UPDATE `Sprache` SET `Text`='$v' " . - "WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k' "; + $sql_save = "UPDATE `Sprache` SET `Text`='" + . sql_escape($v) . "' " . + "WHERE `TextID`='" + . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" . sql_escape($k) . "' "; + $html .= $sql_save . "<br />"; $Erg = sql_query($sql_save); $html .= success(" $k Update: OK<br />\n"); |