summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--admin/additem.php2
-rw-r--r--cron/eqdkp-bonus.php2
-rw-r--r--cron/eqdkp-checkinactive.php4
-rw-r--r--dbal/mysql.php5
4 files changed, 5 insertions, 8 deletions
diff --git a/admin/additem.php b/admin/additem.php
index f889330..1afa2ce 100644
--- a/admin/additem.php
+++ b/admin/additem.php
@@ -355,7 +355,7 @@ class Add_Item extends EQdkp_Admin
{
$sql = 'UPDATE ' . MEMBERS_TABLE . '
SET member_spent = member_spent + ' . $_POST['item_value'] . '
- WHERE member_name = \'' . mysql_escape_string($member_name) . '\'';
+ WHERE member_name = \'' . $db->escape($member_name) . '\'';
$db->query($sql);
/* $result = mysql_affected_rows();
if ($result != 1)
diff --git a/cron/eqdkp-bonus.php b/cron/eqdkp-bonus.php
index eff159d..56b5601 100644
--- a/cron/eqdkp-bonus.php
+++ b/cron/eqdkp-bonus.php
@@ -16,7 +16,7 @@ $sql = 'SELECT ra.member_name AS member_name, count(ra.raid_id) AS raid_count fr
if ( !($members_result = $db->query($sql)) )
{
- echo mysql_error();
+ echo $db->error()['message'];
}
while($row = $db->fetch_record($members_result)) {
diff --git a/cron/eqdkp-checkinactive.php b/cron/eqdkp-checkinactive.php
index 83310c4..5eebaab 100644
--- a/cron/eqdkp-checkinactive.php
+++ b/cron/eqdkp-checkinactive.php
@@ -24,7 +24,7 @@ $sql = 'SELECT m.member_name FROM R60 ra LEFT JOIN ' . MEMBERS_TABLE . ' m ON m.
if ( !($members_result = $db->query($sql)) )
{
- echo mysql_error();
+ echo $db->error()['message'];
}
$logme = new EQdkp_Admin;
@@ -53,7 +53,7 @@ $sql = 'SELECT m.member_name FROM ' . MEMBERS_TABLE .' m LEFT JOIN R30 r3 ON r3.
if ( !($members_result = $db->query($sql)) )
{
- echo mysql_error();
+ echo $db->error()['message'];
}
while($row = $db->fetch_record($members_result)) {
diff --git a/dbal/mysql.php b/dbal/mysql.php
index 3dc860f..0f2db7a 100644
--- a/dbal/mysql.php
+++ b/dbal/mysql.php
@@ -356,10 +356,7 @@ class SQL_DB
*/
function escape($string)
{
- $string = str_replace("'", "''", $string);
- $string = str_replace('\\', '\\\\', $string);
-
- return $string;
+ return mysqli_real_escape_string($this->link_id, $string);
}
/**