@@ -1530,8 +1530,6 @@ public static function update_extra_field_value($user_id, $fname, $fvalue = '')
15301530 $ fvalues$ fvalue
15311531 }
15321532
1533- $ fvaluesescape_string ($ fvalues
1534-
15351533 $ sqluf"SELECT * FROM $ t_uf WHERE field_variable=' $ fname' " ;
15361534 $ resufquery ($ sqluf
15371535 $ is_extra_filefalse ;
@@ -1546,9 +1544,9 @@ public static function update_extra_field_value($user_id, $fname, $fvalue = '')
15461544 UserManager::process_tags (explode ('; ' , $ fvalues$ user_id$ rowuf'id ' ]);
15471545 return true ;
15481546 break ;
1549- case self ::USER_FIELD_TYPE_SELECT_MULTIPLE :
1547+ /* case self::USER_FIELD_TYPE_SELECT_MULTIPLE :
15501548 // check code from UserManager::update_user_picture() to use something similar here
1551- break ;
1549+ break;*/
15521550 case self ::USER_FIELD_TYPE_RADIO :
15531551 case self ::USER_FIELD_TYPE_SELECT :
15541552 case self ::USER_FIELD_TYPE_SELECT_MULTIPLE :
@@ -1610,7 +1608,7 @@ public static function update_extra_field_value($user_id, $fname, $fvalue = '')
16101608 $ rowufvfetch_array ($ resufv
16111609 if ($ rowufv'field_value ' ] != $ fvalues
16121610 $ sqlu"UPDATE $ t_ufv SET
1613- field_value = ' $ fvalues',
1611+ field_value = ' " .Database:: escape_string ( $ fvalues). " ',
16141612 tms = FROM_UNIXTIME( $ tms)
16151613 WHERE id = "$ rowufv'id ' ];
16161614 $ resuquery ($ sqlu
@@ -1624,7 +1622,11 @@ public static function update_extra_field_value($user_id, $fname, $fvalue = '')
16241622 if ($ rowufv'field_value ' ] != $ fvalues
16251623 if ($ is_extra_file
16261624 // To remove from user folder
1627- self ::remove_user_extra_file ($ user_id$ fname$ rowufv'field_value ' ]);
1625+ self ::remove_user_extra_file (
1626+ $ user_id
1627+ $ fname
1628+ $ rowufv'field_value ' ]
1629+ );
16281630 }
16291631 // If the new field is empty, delete it
16301632 if ($ fvalues'' ) {
@@ -1633,7 +1635,7 @@ public static function update_extra_field_value($user_id, $fname, $fvalue = '')
16331635 } else {
16341636 // Otherwise update it
16351637 $ sql_query"UPDATE $ t_ufv SET
1636- field_value = ' $ fvalues',
1638+ field_value = ' " .Database:: escape_string ( $ fvalues). " ',
16371639 tms = FROM_UNIXTIME( $ tms)
16381640 WHERE id = "$ rowufv'id ' ];
16391641 }
@@ -1644,10 +1646,10 @@ public static function update_extra_field_value($user_id, $fname, $fvalue = '')
16441646
16451647 return true ;
16461648 } else {
1647- $ sqli "INSERT INTO $ t_ufv (user_id,field_id,field_value,tms)
1648- VALUES ( $ user_id, "$ rowuf'id ' ].", ' $ fvalues', FROM_UNIXTIME( $ tms)) " ;
1649- $ resi query ($ sqli
1650- return ( $ resi true : false ) ;
1649+ $ sql "INSERT INTO $ t_ufv (user_id,field_id,field_value,tms)
1650+ VALUES ( $ user_id, "$ rowuf'id ' ].", ' " .Database:: escape_string ( $ fvalues). " ', FROM_UNIXTIME( $ tms)) "
1651+ $ res query ($ sql
1652+ return $ res true : false ;
16511653 }
16521654 } else {
16531655 // Field not found
@@ -3491,12 +3493,12 @@ public static function add_tag($tag, $user_id, $field_id)
34913493 if ($ tag_id0 ) {
34923494 //the tag doesn't exist
34933495 $ sql"INSERT INTO $ table_user_tag (tag, field_id,count) VALUES (' $ tag',' $ field_id', count + 1) " ;
3494- $ result = Database::query ($ sql
3495- $ last_insert_idget_last_insert_id ();
3496+ Database::query ($ sql
3497+ $ last_insert_idinsert_id ();
34963498 } else {
34973499 //the tag exists we update it
34983500 $ sql"UPDATE $ table_user_tag SET count = count + 1 WHERE id = $ tag_id ;
3499- $ result = Database::query ($ sql
3501+ Database::query ($ sql
35003502 $ last_insert_id$ tag_id
35013503 }
35023504
@@ -3507,7 +3509,7 @@ public static function add_tag($tag, $user_id, $field_id)
35073509 //if the relationship does not exist we create it
35083510 if (Database::num_rows ($ result0 ) {
35093511 $ sql"INSERT INTO $ table_user_tag_values SET user_id = $ user_id, tag_id = $ last_insert_id ;
3510- $ result = Database::query ($ sql
3512+ Database::query ($ sql
35113513 }
35123514 }
35133515 }
0 commit comments