Changeset 2652 in spip-zone


Ignore:
Timestamp:
Apr 6, 2006, 8:20:13 PM (14 years ago)
Author:
fil@…
Message:

SpipFeeder?: addslashes() et intval() sur la query

File:
1 edited

Legend:

Unmodified
Added
Removed
  • _squelettes_/SpipFeeder/mes_fonctions.php3

    r1867 r2652  
    7777
    7878  if ($IdRubrique)
    79     $filtre .= "AND ss.id_rubrique = $IdRubrique ";
     79    $filtre .= "AND ss.id_rubrique = ".intval($IdRubrique);
    8080  if ($IdSyndic)
    81     $filtre .= "AND ss.id_syndic = $IdSyndic ";
     81    $filtre .= "AND ss.id_syndic = ".intval($IdSyndic);
    8282
    8383  $query =
     
    9191    "WHERE ss.id_syndic = ssa.id_syndic ".
    9292    "AND ssa.statut = 'publie' ".
    93     "AND DATE_FORMAT(ssa.date, '%Y-%m') = '".$date_req."' ".
     93    "AND DATE_FORMAT(ssa.date, '%Y-%m') = '".addslashes($date_req)."' ".
    9494    $filtre.
    9595    "ORDER BY ssa.date DESC";
     
    234234  $filtre = "";
    235235  if ($IdRubrique)
    236     $filtre .= "AND ss.id_rubrique = $IdRubrique ";
     236    $filtre .= "AND ss.id_rubrique = ".intval($IdRubrique);
    237237  if ($IdSyndic)
    238     $filtre .= "AND ss.id_syndic = $IdSyndic ";
     238    $filtre .= "AND ss.id_syndic = ".intval($IdSyndic);
    239239  if ($CalDate) {
    240240    if (ereg("^([0-9]{4})-([0-9]{2})-([0-9]{2})$", $CalDate)) {
     
    246246      $DateFormat = "%Y-%v";
    247247    }
    248     $filtre .= "AND DATE_FORMAT(ssa.date , '$DateFormat') = '$CalDate' ";
     248    $filtre .= "AND DATE_FORMAT(ssa.date , '$DateFormat') = '".addslashes($CalDate)."' ";
    249249  }
    250250
Note: See TracChangeset for help on using the changeset viewer.