|
|
@@ -17,12 +17,12 @@
|
|
|
//Save to database script:
|
|
|
|
|
|
if (isset($_POST['name']) and $type !== "CSS") {
|
|
|
- $name = addslashes($_POST['name']);
|
|
|
+ $name = $conn->escapeString($_POST['name']);
|
|
|
$uid = $_POST['uid'];
|
|
|
$sql = "";
|
|
|
|
|
|
if (isset($_POST['content']) and ($type === "Section" or $type === "Component")) {
|
|
|
- $content = addslashes($_POST['content']);
|
|
|
+ $content = $conn->escapeString($_POST['content']);
|
|
|
$sql = "UPDATE $type SET name='$name', content='$content' WHERE UID='$uid'";
|
|
|
|
|
|
} else if (isset($_POST['sections']) and $type === "Page") {
|
|
|
@@ -30,7 +30,7 @@
|
|
|
$sections = $_POST['sections'];
|
|
|
$sql = "UPDATE Page SET name='$name', sections='$sections', CSS='$css' WHERE UID='$uid'";
|
|
|
} else if ($type === "Menu") {
|
|
|
- $value = addslashes($_POST['value']);
|
|
|
+ $value = $conn->escapeString($_POST['value']);
|
|
|
$valuetype = $_POST['type'];
|
|
|
|
|
|
$sql = "UPDATE Menu SET name='$name', valuetype='$valuetype', value='$value' WHERE UID='$uid'";
|
