From 5db18576b60465b72ebcb4acc10842cc579b2cde Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Sat, 30 May 2009 00:32:15 +0200 Subject: [PATCH] [svn r21100] Adding escape_strings --- main/inc/lib/online.inc.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/main/inc/lib/online.inc.php b/main/inc/lib/online.inc.php index 978708f3b9..a1e52732d8 100644 --- a/main/inc/lib/online.inc.php +++ b/main/inc/lib/online.inc.php @@ -133,9 +133,9 @@ function online_logout() { */ function LoginDelete($user_id) { - $online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE); + $online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE); $user_id = (int) $user_id; - $query = "DELETE FROM ".$online_table ." WHERE login_user_id = '".$user_id."'"; + $query = "DELETE FROM ".$online_table ." WHERE login_user_id = '".Database::escape_string($user_id)."'"; @api_sql_query($query,__FILE__,__LINE__); } @@ -211,6 +211,7 @@ function WhoIsOnline($uid=0,$statistics_database='',$valid) function GetFullUserName($uid) { $uid = (int) $uid; + $uid = Database::escape_string($uid); $user_table = Database::get_main_table(TABLE_MAIN_USER); $query = "SELECT firstname,lastname FROM ".$user_table." WHERE user_id='$uid'"; $result = @api_sql_query($query,__FILE__,__LINE__); @@ -292,6 +293,8 @@ function who_is_online_in_this_course($uid, $valid, $coursecode=null) if(empty($coursecode)) return false; $track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE); $coursecode = Database::escape_string($coursecode); + $valid = Database::escape_string($valid); + $query = "SELECT login_user_id,login_date FROM ".$track_online_table ." WHERE course='".$coursecode."' AND DATE_ADD(login_date,INTERVAL $valid MINUTE) >= NOW() "; $result = api_sql_query($query,__FILE__,__LINE__); if (count($result)>0)