From f7fad2457ef229b0f33cc2a9e72913173fae71a2 Mon Sep 17 00:00:00 2001 From: Andy Date: Mon, 22 Feb 2016 16:15:15 +0000 Subject: [PATCH] addslashes to escape country names with quotes :/ --- application/models/logbook_model.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/models/logbook_model.php b/application/models/logbook_model.php index b37afa37..8a1ea66a 100644 --- a/application/models/logbook_model.php +++ b/application/models/logbook_model.php @@ -974,7 +974,7 @@ class Logbook_model extends CI_Model { $d = $this->check_dxcc_table($row['COL_CALL']); if ($d[0] != 'Not Found'){ $sql = sprintf("update %s set COL_COUNTRY = '%s', COL_DXCC='%s' where COL_PRIMARY_KEY=%d", - $this->config->item('table_name'), $d[1], $d[0], $row['COL_PRIMARY_KEY']); + $this->config->item('table_name'), addslashes($d[1]), $d[0], $row['COL_PRIMARY_KEY']); $this->db->query($sql); //print($sql."\n"); printf("Updating %s to %s and %s\n
", $row['COL_PRIMARY_KEY'], $d[1], $d[0]);