projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Unnessarry addslashes() and SQL_ESCAPE() removed, some added, some bigintval() added
[mailer.git] / inc / modules / member / what-order.php
diff --git a/inc/modules/member/what-order.php b/inc/modules/member/what-order.php
index 5f5422dc5eb1d9092658829e54310a1ba4880edc..a41eb096a08a768861ae9f2a05b1197c3245fac8 100644 (file)
--- a/inc/modules/member/what-order.php
+++ b/inc/modules/member/what-order.php
@@ -55,13 +55,6 @@ if (empty($_POST['html']))     $_POST['html']     = "";
 if (empty($_POST['receiver'])) $_POST['receiver'] = "";
 if (IS_ADMIN()) $whereStatement = "";
 
-// Add slashes to every value
-foreach($_POST as $key => $value)
-{
-       // Skip submit buttons
-       if (($key != "data") && ($key != "frametester")) $_POST[$key] = addslashes($value);
-}
-
 // Minimum mails / order
 define('__MIN_VALUE', $_CONFIG['order_min']);
 
@@ -138,7 +131,7 @@ WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
                                // URL found!
                                $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND;
                        }
-                       $TEST = str_replace("\n", "", str_replace("\r", "", addslashes($_POST['text'])));
+                       $TEST = str_replace("\n", "", str_replace("\r", "", $_POST['text']));
                        if (strlen($TEST) > $_CONFIG['max_tlength'])
                        {
                                // Text is too long!
@@ -297,8 +290,8 @@ WHERE userid=%s AND holiday_start < UNIX_TIMESTAMP() AND holiday_end > UNIX_TIME
  VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')",
 array(
        $GLOBALS['userid'],
-       addslashes($_POST['subject']),
-       addslashes($_POST['text']),
+       $_POST['subject'],
+       $_POST['text'],
        $RECEIVER,
        bigintval($_POST['type']),
        $TIME,
@@ -316,8 +309,8 @@ array(
  VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s')",
 array(
        $GLOBALS['userid'],
-       addslashes($_POST['subject']),
-       addslashes($_POST['text']),
+       $_POST['subject'],
+       $_POST['text'],
        $RECEIVER,
        bigintval($_POST['type']),
        $TIME,
Mailer-Project repository