$query = 'INSERT INTO ' . sql_table('plugin_option_desc')
.' (opid, oname, ocontext, odesc, otype)'
." VALUES ("
- ."'".addslashes($o->opid)."',"
- ."'".addslashes($o->oname) ."',"
+ ."'".sql_real_escape_string($o->opid)."',"
+ ."'".sql_real_escape_string($o->oname) ."',"
."'global',"
- ."'".addslashes($o->odesc) ."',"
- ."'".addslashes($o->otype) ."')";
+ ."'".sql_real_escape_string($o->odesc) ."',"
+ ."'".sql_real_escape_string($o->otype) ."')";
upgrade_query('Moving option description for '.htmlspecialchars($o->oname).' to ' . sql_table('plugin_option_desc'), $query);
// store new id
foreach ($aValues as $aInfo) {
$query = 'INSERT INTO ' . sql_table('plugin_option')
.' (oid, ocontextid, ovalue)'
- ." VALUES (".$aInfo['id'].",'0','".addslashes($aInfo['value'])."')";
+ ." VALUES (".$aInfo['id'].",'0','".sql_real_escape_string($aInfo['value'])."')";
upgrade_query('Re-filling ' . sql_table('plugin_option') . ' ('.$aInfo['id'].')', $query);
}
}