mirror of
https://github.com/OpenXE-org/OpenXE.git
synced 2024-12-25 06:00:28 +01:00
erpapi files createdatei added escaping
This commit is contained in:
parent
ba17741470
commit
3f66d92903
@ -37013,11 +37013,35 @@ function Firmendaten($field,$projekt="")
|
||||
|
||||
if(!$without_log)
|
||||
{
|
||||
$this->app->DB->Insert("INSERT INTO datei (id,titel,beschreibung,nummer,firma) VALUES
|
||||
('','$titel','$beschreibung','$nummer','".$this->app->User->GetFirma()."')");
|
||||
$this->app->DB->Insert("INSERT INTO datei (
|
||||
id,
|
||||
titel,
|
||||
beschreibung,
|
||||
nummer,
|
||||
firma
|
||||
) VALUES (
|
||||
'',
|
||||
'".$this->app->DB->real_escape_string($titel)."',
|
||||
'".$this->app->DB->real_escape_string($beschreibung)."',
|
||||
'".$this->app->DB->real_escape_string($nummer)."',
|
||||
'".$this->app->User->GetFirma()."'
|
||||
)"
|
||||
);
|
||||
} else {
|
||||
$this->app->DB->InsertWithoutLog("INSERT INTO datei (id,titel,beschreibung,nummer,firma) VALUES
|
||||
('','$titel','$beschreibung','$nummer',1)");
|
||||
$this->app->DB->InsertWithoutLog("INSERT INTO datei (
|
||||
id,
|
||||
titel,
|
||||
beschreibung,
|
||||
nummer,
|
||||
firma
|
||||
) VALUES (
|
||||
'',
|
||||
'".$this->app->DB->real_escape_string($titel)."',
|
||||
'".$this->app->DB->real_escape_string($beschreibung)."',
|
||||
'".$this->app->DB->real_escape_string($nummer)."',
|
||||
1
|
||||
)
|
||||
");
|
||||
}
|
||||
|
||||
$fileid = $this->app->DB->GetInsertID();
|
||||
|
Loading…
Reference in New Issue
Block a user