From fd99315e70b6f800efc0578e49d9bf6215020ddb Mon Sep 17 00:00:00 2001
From: Nathan Kinkade <nath@nkinka.de>
Date: Sat, 3 Mar 2012 15:44:34 +0000
Subject: Replaced addslashes with the database abstraction method for
 escaping.

---
 db_update_scripts/update_foodDescs.php | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/db_update_scripts/update_foodDescs.php b/db_update_scripts/update_foodDescs.php
index 09a40b6..3c410c3 100755
--- a/db_update_scripts/update_foodDescs.php
+++ b/db_update_scripts/update_foodDescs.php
@@ -64,14 +64,14 @@ while ( ($row = fgetcsv($fh_add, 0, $delimiter, $enclosure)) !== FALSE ) {
 		",
 		$row[0],
 		$row[1],
-		addslashes($row[2]),
-		addslashes($row[3]),
-		addslashes($row[4]),
-		addslashes($row[5]),
+		$db->EscapeString($row[2]),
+		$db->EscapeString($row[3]),
+		$db->EscapeString($row[4]),
+		$db->EscapeString($row[5]),
 		$row[6],
-		addslashes($row[7]),
+		$db->EscapeString($row[7]),
 		$row[8],
-		addslashes($row[9]),
+		$db->EscapeString($row[9]),
 		$row[10],
 		$row[11],
 		$row[12],
@@ -108,14 +108,14 @@ while ( ($row = fgetcsv($fh_chg, 0, $delimiter, $enclosure)) !== FALSE ) {
 		WHERE ndb_no = '%s'
 		",
 		$row[1],
-		addslashes($row[2]),
-		addslashes($row[3]),
-		addslashes($row[4]),
-		addslashes($row[5]),
+		$db->EscapeString($row[2]),
+		$db->EscapeString($row[3]),
+		$db->EscapeString($row[4]),
+		$db->EscapeString($row[5]),
 		$row[6],
-		addslashes($row[7]),
+		$db->EscapeString($row[7]),
 		$row[8],
-		addslashes($row[9]),
+		$db->EscapeString($row[9]),
 		$row[10],
 		$row[11],
 		$row[12],
-- 
cgit v1.2.3