$this->description = stripslashes($this->description);\r
$this->description = addslashes($this->description);\r
sql_query("update ".sql_table('plug_gallery_picture')\r
- ." set title='".addslashes($this->title)."', "\r
- ."description='".addslashes($this->description)."', " \r
+ ." set title='".$this->title."', "\r
+ ."description='".$this->description."', " \r
."keywords='".addslashes($this->keywords)."',"\r
."albumid=".intval($this->albumid)." "\r
."where pictureid=".intval($this->id) );\r
if(!$NPG_CONF['viewtime']) $NPG_CONF['viewtime'] = 30 ;\r
$cuttime = $NPG_CONF['viewtime'];\r
//first test for duplicates\r
- $query = 'select * from '.sql_table('plug_gallery_views')." where vpictureid = ".($pictureid);\r
+ $query = 'select * from '.sql_table('plug_gallery_views')." where vpictureid = ".intval($pictureid);\r
//$result = mysql_query($query);\r
//print_r($result);\r
//$numrows= mysql_num_rows($result);\r