} elseif ($oid == 0) {
$query = sprintf ("INSERT INTO workshop (title,speaker,date_time,room,project,abstract,visible,comment) "
."VALUES ('%s','%s','%s %s','%s','%s','%s',%d,'%s')",
- $title, $speaker, $date, $time, $room, $project, $abstract, $visible, $comment);
+ addslashes ($title),
+ addslashes ($speaker),
+ $date, $time, $room,
+ addslashes ($project),
+ addslashes ($abstract),
+ $visible,
+ addslashes ($comment));
} else {
$query = sprintf ("UPDATE workshop SET title='%s',speaker='%s',date_time='%s %s',"
."room='%s',project='%s',abstract='%s',visible=%d,comment='%s' "
."WHERE oid = %d",
- $title, $speaker, $date, $time, $room, $project, $abstract, $visible, $comment, $oid);
+ addslashes ($title),
+ addslashes ($speaker),
+ $date, $time, $room,
+ addslashes ($project),
+ addslashes ($abstract),
+ $visible,
+ addslashes ($comment),
+ $oid);
}
} else {
echo ("<p><b>Unknown type</b><p>");