chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r15156] escaping the title of each slides when inserting into the database

Browse Source
skala
Arnaud Ligot 17 years ago
parent e36df807ca
commit 941a296905
1 changed files with 2 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      main/inc/lib/fileUpload.lib.php

3
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -1189,7 +1189,8 @@ function add_document($_course,$path,$filetype,$filesize,$title,$comment=NULL, $
$table_document = Database::get_course_table(TABLE_DOCUMENT,$_course['dbName']);
$sql="INSERT INTO $table_document
(`path`,`filetype`,`size`,`title`, `comment`, readonly)
VALUES ('$path','$filetype','$filesize','$title', '$comment',$readonly)";
VALUES ('$path','$filetype','$filesize','".mysql_escape_string($title)."
', '$comment',$readonly)";
if(api_sql_query($sql,__FILE__,__LINE__))
{
//display_message("Added to database (id ".mysql_insert_id().")!");

Write Preview
Loading…
Cancel
Save