From d7fb965b76faf6e4f3e6d7827abf8e173349e749 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sun, 3 Feb 2008 13:45:56 +0000 Subject: [PATCH] more fixes --- inc/libs/nickname_functions.php | 2 +- inc/modules/guest/what-register.php | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/inc/libs/nickname_functions.php b/inc/libs/nickname_functions.php index 9123ebcc55..dbaee3b66e 100644 --- a/inc/libs/nickname_functions.php +++ b/inc/libs/nickname_functions.php @@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) function NICKNAME_IS_ACTIVE($uidNick) { $ret = false; - $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0 AND nickname != '') OR nickname='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0) OR nickname='%s' LIMIT 1", array(bigintval($uidNick), $uidNick), __FILE__, __LINE__); // Check existence of nickname diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index 39f60d12e0..541575379c 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -238,14 +238,14 @@ if ((isset($_POST['ok'])) && (!$FAILED)) VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")", array( $countryRow, - addslashes(substr($_POST['sex'], 0, 1)), - addslashes($_POST['surname']), - addslashes($_POST['family_name']), - addslashes($_POST['street_nr']), + SQL_ESCAPE(substr($_POST['sex'], 0, 1)), + SQL_ESCAPE($_POST['surname']), + SQL_ESCAPE($_POST['family_name']), + SQL_ESCAPE($_POST['street_nr']), $countryData, bigintval($_POST['zip']), - addslashes($_POST['city']), - addslashes($_POST['addy']), + SQL_ESCAPE($_POST['city']), + SQL_ESCAPE($_POST['addy']), bigintval($_POST['day']), bigintval($_POST['month']), bigintval($_POST['year']), -- 2.39.5