s.probst/OpenXE
1
0
Fork 0
mirror of https://github.com/OpenXE-org/OpenXE.git synced 2024-11-14 20:17:14 +01:00
Code Issues Projects Releases Wiki Activity

erpapi files createdatei added escaping

Browse Source
This commit is contained in:
OpenXE 2024-04-11 16:57:00 +02:00
parent ba17741470
commit 3f66d92903
1 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
www/lib/class.erpapi.php
View File

@ -37013,11 +37013,35 @@ function Firmendaten($field,$projekt="")
if(!$without_log) if(!$without_log)
{ {
$this->app->DB->Insert("INSERT INTO datei (id,titel,beschreibung,nummer,firma) VALUES $this->app->DB->Insert("INSERT INTO datei (
('','$titel','$beschreibung','$nummer','".$this->app->User->GetFirma()."')"); id,
titel,
beschreibung,
nummer,
firma
) VALUES (
'',
'".$this->app->DB->real_escape_string($titel)."',
'".$this->app->DB->real_escape_string($beschreibung)."',
'".$this->app->DB->real_escape_string($nummer)."',
'".$this->app->User->GetFirma()."'
)"
);
} else { } else {
$this->app->DB->InsertWithoutLog("INSERT INTO datei (id,titel,beschreibung,nummer,firma) VALUES $this->app->DB->InsertWithoutLog("INSERT INTO datei (
('','$titel','$beschreibung','$nummer',1)"); id,
titel,
beschreibung,
nummer,
firma
) VALUES (
'',
'".$this->app->DB->real_escape_string($titel)."',
'".$this->app->DB->real_escape_string($beschreibung)."',
'".$this->app->DB->real_escape_string($nummer)."',
1
)
");
} }
$fileid = $this->app->DB->GetInsertID(); $fileid = $this->app->DB->GetInsertID();