diff options
-rw-r--r-- | admin/additem.php | 2 | ||||
-rw-r--r-- | cron/eqdkp-bonus.php | 2 | ||||
-rw-r--r-- | cron/eqdkp-checkinactive.php | 4 | ||||
-rw-r--r-- | dbal/mysql.php | 5 |
4 files changed, 5 insertions, 8 deletions
diff --git a/admin/additem.php b/admin/additem.php index f889330..1afa2ce 100644 --- a/admin/additem.php +++ b/admin/additem.php @@ -355,7 +355,7 @@ class Add_Item extends EQdkp_Admin {
$sql = 'UPDATE ' . MEMBERS_TABLE . '
SET member_spent = member_spent + ' . $_POST['item_value'] . '
- WHERE member_name = \'' . mysql_escape_string($member_name) . '\'';
+ WHERE member_name = \'' . $db->escape($member_name) . '\'';
$db->query($sql);
/* $result = mysql_affected_rows();
if ($result != 1)
diff --git a/cron/eqdkp-bonus.php b/cron/eqdkp-bonus.php index eff159d..56b5601 100644 --- a/cron/eqdkp-bonus.php +++ b/cron/eqdkp-bonus.php @@ -16,7 +16,7 @@ $sql = 'SELECT ra.member_name AS member_name, count(ra.raid_id) AS raid_count fr if ( !($members_result = $db->query($sql)) ) { - echo mysql_error(); + echo $db->error()['message']; } while($row = $db->fetch_record($members_result)) { diff --git a/cron/eqdkp-checkinactive.php b/cron/eqdkp-checkinactive.php index 83310c4..5eebaab 100644 --- a/cron/eqdkp-checkinactive.php +++ b/cron/eqdkp-checkinactive.php @@ -24,7 +24,7 @@ $sql = 'SELECT m.member_name FROM R60 ra LEFT JOIN ' . MEMBERS_TABLE . ' m ON m. if ( !($members_result = $db->query($sql)) ) { - echo mysql_error(); + echo $db->error()['message']; } $logme = new EQdkp_Admin; @@ -53,7 +53,7 @@ $sql = 'SELECT m.member_name FROM ' . MEMBERS_TABLE .' m LEFT JOIN R30 r3 ON r3. if ( !($members_result = $db->query($sql)) ) { - echo mysql_error(); + echo $db->error()['message']; } while($row = $db->fetch_record($members_result)) { diff --git a/dbal/mysql.php b/dbal/mysql.php index 3dc860f..0f2db7a 100644 --- a/dbal/mysql.php +++ b/dbal/mysql.php @@ -356,10 +356,7 @@ class SQL_DB */ function escape($string) { - $string = str_replace("'", "''", $string); - $string = str_replace('\\', '\\\\', $string); - - return $string; + return mysqli_real_escape_string($this->link_id, $string); } /** |