arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Converted Log to prepared statements (#38 #214 #196)

Browse Source
This commit is contained in:
Tobias Reich 2014-08-29 21:28:20 +02:00
parent 1be2789023
commit e92635b44b
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
php/modules/Log.php
View File

@ -36,14 +36,8 @@ class Log extends Module {
# Get time
$sysstamp = time();
# Escape
$type = mysqli_real_escape_string($database, $type);
$function = mysqli_real_escape_string($database, $function);
$line = mysqli_real_escape_string($database, $line);
$text = mysqli_real_escape_string($database, $text);
# Save in database
$query = "INSERT INTO lychee_log (time, type, function, line, text) VALUES ('$sysstamp', '$type', '$function', '$line', '$text');";
$query = Database::prepare($database, "INSERT INTO ? (time, type, function, line, text) VALUES ('?', '?', '?', '?', '?')", [LYCHEE_TABLE_LOG, $sysstamp, $type, $function, $line, $text]);
$result = $database->query($query);
if (!$result) return false;