From 2ca9740c1747d984136b2b9864af5917dcbb60a5 Mon Sep 17 00:00:00 2001 From: Isaac Flores Date: Sun, 12 Jul 2009 06:50:55 +0200 Subject: [PATCH] [svn r21996] minor-logic changes-added function escape_string --- main/admin/admin.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main/admin/admin.class.php b/main/admin/admin.class.php index c44c737d8e..ada0fac005 100644 --- a/main/admin/admin.class.php +++ b/main/admin/admin.class.php @@ -170,7 +170,7 @@ class AdminManager { */ public static function check_if_language_is_sub_language ($language_id) { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); - $sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE id="'.$language_id.'" AND NOT ISNULL(parent_id)'; + $sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($language_id).'" AND NOT ISNULL(parent_id)'; $rs=Database::query($sql,__FILE__,__LINE__); if (Database::num_rows($rs)>0 && Database::result($rs,'0','count')==1) { @@ -186,7 +186,7 @@ class AdminManager { */ public static function check_if_language_is_father ($language_id) { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); - $sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE parent_id="'.$language_id.'" AND NOT ISNULL(parent_id);'; + $sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE parent_id="'.Database::escape_string($language_id).'" AND NOT ISNULL(parent_id);'; $rs=Database::query($sql,__FILE__,__LINE__); if (Database::num_rows($rs)>0 && Database::result($rs,'0','count')==1) {