$query = "DELETE FROM patches WHERE oid = $id";
} else {
$query = "UPDATE patches SET "
- . "subject='$subject',"
- . "package='$package',"
- . "version='$version',"
- . "description='$description',"
- . "download='$download'"
+ . sprintf ("subject='%s',package='%s',version='%s',description='%s',download='%s'",
+ addslashes ($subject),
+ addslashes ($package),
+ addslashes ($version),
+ addslashes ($description),
+ addslashes ($download))
. " WHERE oid = $id";
}
} else {
. " WHERE oid = $oid";
} else {
$query = "UPDATE zeitungen SET "
- . "name='$name',"
- . "url='$url',"
- . "description='$description',"
- . "city='$city',"
- . "type='$type',"
- . "changed='$date'"
+ . sprintf ("name='%s',url='%s',description='%s',city='%s',type='%s',changed='%s'",
+ addslashes ($name),
+ addslashes ($url),
+ addslashes ($description),
+ addslashes ($city),
+ addslashes ($type),
+ addslashes ($changed))
. " WHERE oid = $oid";
}
} else {
$query = "INSERT INTO zeitungen "
. "(name,url,description,city,type,changed) VALUES ("
- . "'$name',"
- . "'$url',"
- . "'$description',"
- . "'$city',"
- . "'$type',"
- . "'$date'"
+ . sprintf ("'%s','%s','%s','%s','%s','%s'",
+ addslashes ($name),
+ addslashes ($url),
+ addslashes ($description),
+ addslashes ($city),
+ addslashes ($type),
+ addslashes ($date))
. ")";
}