/[drupal]/contributions/modules/ecommerce/store/store.module
ViewVC logotype

Diff of /contributions/modules/ecommerce/store/store.module

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.23, Fri Oct 29 03:09:01 2004 UTC revision 1.24, Wed Nov 24 22:03:32 2004 UTC
# Line 1  Line 1 
1  <?php  <?php
2  // $Id: store.module,v 1.22 2004/10/12 04:12:17 mathias Exp $  // $Id: store.module,v 1.23 2004/10/29 03:09:01 mathias Exp $
3    
4  require_once('store.inc');  require_once('store.inc');
5  require_once('store_macros.inc');  require_once('store_macros.inc');
# Line 523  function store_transaction_save($edit) { Line 523  function store_transaction_save($edit) {
523    
524      foreach ($edit as $key => $value) {      foreach ($edit as $key => $value) {
525        if (in_array($key, $transaction_fields)) {        if (in_array($key, $transaction_fields)) {
526          $fields[] = check_query($key);          $fields[] = db_escape_string($key);
527          $values[] = $value;          $values[] = $value;
528          $s[] = "'%s'";          $s[] = "'%s'";
529        }        }
# Line 856  function store_query() { Line 856  function store_query() {
856        if (strpos($v, ',') !== false) {        if (strpos($v, ',') !== false) {
857          $operator = ',';          $operator = ',';
858          $data     = explode(',', $v);          $data     = explode(',', $v);
859          $data = array_map('check_query', $data);          $data = array_map('db_escape_string', $data);
860        }        }
861        elseif (strpos($v, '-') !== false) {        elseif (strpos($v, '-') !== false) {
862          $operator = '-';          $operator = '-';
863          $data     = explode('-', $v);          $data     = explode('-', $v);
864          $data = array_map('check_query', $data);          $data = array_map('db_escape_string', $data);
865        }        }
866        else {        else {
867          /* This order is important */          /* This order is important */
# Line 872  function store_query() { Line 872  function store_query() {
872            if (strlen($v) >= $n && substr($v, 0, $n) == $o) {            if (strlen($v) >= $n && substr($v, 0, $n) == $o) {
873              $operator = '<>';              $operator = '<>';
874              $data['op']    = $o;              $data['op']    = $o;
875              $data[0] = check_query(trim(substr($v, $n)));              $data[0] = db_escape_string(trim(substr($v, $n)));
876              break;              break;
877            }            }
878          }          }
879        }        }
880    
881        if ($operator == null) {        if ($operator == null) {
882          $data[] = check_query($v);          $data[] = db_escape_string($v);
883        }        }
884    
885        $select[] = "*";        $select[] = "*";
Legend:
Removed from v.1.23  
changed lines
  Added in v.1.24
  ViewVC Help
Powered by ViewVC 1.1.2