summary refs log tree commit diff stats
path: root/pages/quotes.php
diff options
context:
space:
mode:
Diffstat (limited to 'pages/quotes.php')
-rwxr-xr-xpages/quotes.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/pages/quotes.php b/pages/quotes.php index 8aaa5db..55d12d9 100755 --- a/pages/quotes.php +++ b/pages/quotes.php
@@ -43,10 +43,10 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest'))
43 $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n"))); 43 $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n")));
44 if (!isLoggedIn()) 44 if (!isLoggedIn())
45 { 45 {
46 $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . addslashes(htmlspecialchars($_POST['rash_quote'])) . "\")"; 46 $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
47 } else { 47 } else {
48 $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); 48 $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y'));
49 $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . addslashes($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; 49 $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")";
50 } 50 }
51 $insquote2 = mysql_query($insquote); 51 $insquote2 = mysql_query($insquote);
52 } 52 }