summaryrefslogtreecommitdiffstats
path: root/library
diff options
context:
space:
mode:
authorSimon2011-04-18 15:31:39 +0200
committerSimon2011-04-18 15:31:39 +0200
commit42d6aac89b897f2dedd5a938e597d551152c7a60 (patch)
tree4404b45d5f7759de7c22532ee033c08b4c13aa5c /library
parentPersonController Eigene DEtails dürfen immer angezeigt werden (diff)
downloadpbs2-42d6aac89b897f2dedd5a938e597d551152c7a60.tar.gz
pbs2-42d6aac89b897f2dedd5a938e597d551152c7a60.tar.xz
pbs2-42d6aac89b897f2dedd5a938e597d551152c7a60.zip
FilterLibrary - Escapen von Argumenten
Diffstat (limited to 'library')
-rw-r--r--library/Pbs/Filter.php32
1 files changed, 16 insertions, 16 deletions
diff --git a/library/Pbs/Filter.php b/library/Pbs/Filter.php
index 5231e59..cb6233a 100644
--- a/library/Pbs/Filter.php
+++ b/library/Pbs/Filter.php
@@ -75,8 +75,8 @@ class Pbs_Filter{
$ipAdress = str_replace(".","",$this->fillIP($ipAdress));
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- REPLACE(fe.filtervalue,'.','') <= '".$ipAdress."' AND
- '".$ipAdress."' <= REPLACE(fe.filtervalue2,'.','') AND
+ REPLACE(fe.filtervalue,'.','') <= '".mysql_real_escape_string($ipAdress)."' AND
+ '".mysql_real_escape_string($ipAdress)."' <= REPLACE(fe.filtervalue2,'.','') AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
@@ -102,8 +102,8 @@ class Pbs_Filter{
$macAdress = $this->fillMac($macAdress);
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue <= '".$macAdress."' AND
- '".$macAdress."' <= fe.filtervalue2 AND
+ fe.filtervalue <= '".mysql_real_escape_string($macAdress)."' AND
+ '".mysql_real_escape_string($macAdress)."' <= fe.filtervalue2 AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
@@ -132,7 +132,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$poolID." AND
+ fe.filtervalue = ".mysql_real_escape_string($poolID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -157,7 +157,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$clientID." AND
+ fe.filtervalue = ".mysql_real_escape_string($clientID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
@@ -180,7 +180,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$bootisoID." AND
+ fe.filtervalue = ".mysql_real_escape_string($bootisoID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -204,7 +204,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$membershipID." AND
+ fe.filtervalue = ".mysql_real_escape_string($membershipID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -231,7 +231,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$membergroupID." AND
+ fe.filtervalue = ".mysql_real_escape_string($membergroupID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -259,8 +259,8 @@ class Pbs_Filter{
$stmt = $db->query('SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = '.$filtertypID.' AND
- REPLACE(fe.filtervalue,":","") <= '.$nowShort.' AND
- REPLACE(fe.filtervalue2,":","") >= '.$nowShort." AND
+ REPLACE(fe.filtervalue,":","") <= '.mysql_real_escape_string($nowShort).' AND
+ REPLACE(fe.filtervalue2,":","") >= '.mysql_real_escape_string($nowShort)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -286,7 +286,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$hardwarehash." AND
+ fe.filtervalue = ".mysql_real_escape_string($hardwarehash)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -309,8 +309,8 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue <= ".$weekday." AND
- ".$weekday." <= fe.filtervalue2 AND
+ fe.filtervalue <= ".mysql_real_escape_string($weekday)." AND
+ ".mysql_real_escape_string($weekday)." <= fe.filtervalue2 AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -332,8 +332,8 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- REPLACE(fe.filtervalue,'.','') <= ".$date." AND
- ".$date." <= REPLACE(fe.filtervalue2,'.','') <= AND
+ REPLACE(fe.filtervalue,'.','') <= ".mysql_real_escape_string($date)." AND
+ ".mysql_real_escape_string($date)." <= REPLACE(fe.filtervalue2,'.','') <= AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();