Replaced addslashes with the database abstraction method for escaping.

author: Nathan Kinkade <nath@nkinka.de> 2012-03-03 15:44:34 +0000
committer: Nathan Kinkade <nath@nkinka.de> 2012-03-03 15:44:34 +0000
commit: fd99315e70b6f800efc0578e49d9bf6215020ddb (patch)
tree: 5daa67571d7d260077d86b5c89c0fed063fc5f14
parent: 4cb3b75d72bdfd7a152cf38586071352a561b92e (diff)
1 files changed, 12 insertions, 12 deletions
diff --git a/db_update_scripts/update_foodDescs.php b/db_update_scripts/update_foodDescs.php
index 09a40b6..3c410c3 100755
--- a/db_update_scripts/update_foodDescs.php
+++ b/db_update_scripts/update_foodDescs.php
@@ -64,14 +64,14 @@ while ( ($row = fgetcsv($fh_add, 0, $delimiter, $enclosure)) !== FALSE ) {
 		",
 		$row[0],
 		$row[1],
-		addslashes($row[2]),
-		addslashes($row[3]),
-		addslashes($row[4]),
-		addslashes($row[5]),
+		$db->EscapeString($row[2]),
+		$db->EscapeString($row[3]),
+		$db->EscapeString($row[4]),
+		$db->EscapeString($row[5]),
 		$row[6],
-		addslashes($row[7]),
+		$db->EscapeString($row[7]),
 		$row[8],
-		addslashes($row[9]),
+		$db->EscapeString($row[9]),
 		$row[10],
 		$row[11],
 		$row[12],
@@ -108,14 +108,14 @@ while ( ($row = fgetcsv($fh_chg, 0, $delimiter, $enclosure)) !== FALSE ) {
 		WHERE ndb_no = '%s'
 		",
 		$row[1],
-		addslashes($row[2]),
-		addslashes($row[3]),
-		addslashes($row[4]),
-		addslashes($row[5]),
+		$db->EscapeString($row[2]),
+		$db->EscapeString($row[3]),
+		$db->EscapeString($row[4]),
+		$db->EscapeString($row[5]),
 		$row[6],
-		addslashes($row[7]),
+		$db->EscapeString($row[7]),
 		$row[8],
-		addslashes($row[9]),
+		$db->EscapeString($row[9]),
 		$row[10],
 		$row[11],
 		$row[12],
author	Nathan Kinkade <nath@nkinka.de>	2012-03-03 15:44:34 +0000
committer	Nathan Kinkade <nath@nkinka.de>	2012-03-03 15:44:34 +0000
commit	fd99315e70b6f800efc0578e49d9bf6215020ddb (patch)
tree	5daa67571d7d260077d86b5c89c0fed063fc5f14
parent	4cb3b75d72bdfd7a152cf38586071352a561b92e (diff)