diff options
Diffstat (limited to 'pages/quotes.php')
| -rwxr-xr-x | pages/quotes.php | 4 |
1 files changed, 2 insertions, 2 deletions
| diff --git a/pages/quotes.php b/pages/quotes.php index 8aaa5db..55d12d9 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
| @@ -43,10 +43,10 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest')) | |||
| 43 | $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n"))); | 43 | $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n"))); |
| 44 | if (!isLoggedIn()) | 44 | if (!isLoggedIn()) |
| 45 | { | 45 | { |
| 46 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . addslashes(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 46 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; |
| 47 | } else { | 47 | } else { |
| 48 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); | 48 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); |
| 49 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . addslashes($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; | 49 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; |
| 50 | } | 50 | } |
| 51 | $insquote2 = mysql_query($insquote); | 51 | $insquote2 = mysql_query($insquote); |
| 52 | } | 52 | } |