arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Hmmm, add some missins stripslashes.. stupid fucking magic quotes

Browse Source
This commit is contained in:
james 2010-01-19 04:32:12 +00:00
parent de835bf5f5
commit 3ebb655d08
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
admin/fundraising_setup.php
View File

@ -46,9 +46,9 @@
$q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='-1'");
while($r=mysql_fetch_object($q)) {
mysql_query("INSERT INTO fundraising_goals (`goal`,`name`,`description`,`system`,`budget`,`fiscalyear`) VALUES (
'".mysql_real_escape_string($r->goal)."',
'".mysql_real_escape_string($r->name)."',
'".mysql_real_escape_string($r->description)."',
'".mysql_real_escape_string(stripslashes($r->goal))."',
'".mysql_real_escape_string(stripslashes($r->name))."',
'".mysql_real_escape_string(stripslashes($r->description))."',
'".mysql_real_escape_string($r->system)."',
'".mysql_real_escape_string($r->budget)."',
'".$config['FISCALYEAR']."')");
@ -67,7 +67,7 @@
echo "<input type=\"hidden\" name=\"id\" value=\"$r->id\">\n";
echo "<table style=\"width: 100%;\">";
echo "<tr><td>";
echo i18n("Level Name").":</td><td><input type=\"text\" size=\"40\" name=\"level\" value=\"$r->level\"></td></tr>\n";
echo i18n("Level Name").":</td><td><input type=\"text\" size=\"40\" name=\"level\" value=\"".htmlspecialchars($r->level)."\"></td></tr>\n";
echo "<tr><td>";
echo i18n("Value Range").":</td><td>\$<input size=\"5\" type=\"text\" name=\"min\" value=\"$r->min\"> to \$<input size=\"5\" type=\"text\" name=\"max\" value=\"$r->max\"><br />\n";
echo "</td></tr>\n";
@ -122,7 +122,7 @@
echo "<table style=\"width: 100%;\">";
echo "<tr><td>";
echo i18n("Purpose").":</td><td><input type=\"text\" size=\"40\" name=\"name\" value=\"$r->name\"></td></tr>\n";
echo i18n("Purpose").":</td><td><input type=\"text\" size=\"40\" name=\"name\" value=\"".htmlspecialchars($r->name)."\"></td></tr>\n";
echo "<tr><td>";
echo i18n("Budget Amount").":</td><td>\$<input size=\"5\" type=\"text\" name=\"budget\" value=\"$r->budget\"></td></tr>";
echo "<tr><td>";
@ -213,8 +213,8 @@
mysql_query("UPDATE fundraising_donor_levels SET
min='".mysql_real_escape_string($_POST['min'])."',
max='".mysql_real_escape_string($_POST['max'])."',
level='".mysql_real_escape_string($_POST['level'])."',
description='".mysql_real_escape_string($_POST['description'])."'
level='".mysql_real_escape_string(stripslashes($_POST['level']))."',
description='".mysql_real_escape_string(stripslashes($_POST['description']))."'
WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
");
happy_("Level Saved");
@ -247,8 +247,8 @@
mysql_query("UPDATE fundraising_goals SET
budget='".mysql_real_escape_string($_POST['budget'])."',
deadline='".mysql_real_escape_string($_POST['deadline'])."',
name='".mysql_real_escape_string($_POST['name'])."',
description='".mysql_real_escape_string($_POST['description'])."'
name='".mysql_real_escape_string(stripslashes($_POST['name']))."',
description='".mysql_real_escape_string(stripslashes($_POST['description']))."'
WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
");
happy_("Purpose Saved");