Mercurial > hg > ywww
diff php/read/getBookDetails.php @ 25:828895488948
more db column protection
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Tue, 01 Jan 2019 07:30:05 -0500 |
| parents | d606320ec331 |
| children | b058736bc9ad |
line wrap: on
line diff
--- a/php/read/getBookDetails.php Tue Jan 01 07:29:44 2019 -0500 +++ b/php/read/getBookDetails.php Tue Jan 01 07:30:05 2019 -0500 @@ -287,13 +287,23 @@ if ($publisher and strlen($publisher)>30) { $publisher=substr($publisher,0,30); } + if ($author and strlen($author)>30) { + $author=substr($author,0,30); + } if ($title and strlen($title)>100) { $title=substr($title,0,100); } $publisher=mysqli_real_escape_string($link,$publisher); + $author=mysqli_real_escape_string($link,$author); $title=mysqli_real_escape_string($link,$title); if (strlen($pubDate)==4) { $pubDate=$pubDate."-01-01";} if (strlen($pubDate)==7) { $pubDate=$pubDate."-01";} + if (strlen($pubDate)==0) { + $pubDate="null"; + } + else { + $pubDate="\"$pubDate\""; + } /*echo $title; echo $author; echo $binding; @@ -363,7 +373,7 @@ include "../../../private/db.php"; $title = strtr($title, '"', "'"); - $queryInsert = "CALL b_addNewBook(\"$isbn\",\"$title\", \"$author\",\"$binding\",\"$imageURL\", $dewey, $salesRank,\"$pubDate\",\"$publisher\",$g1,$g2,$g3,$loc)"; + $queryInsert = "CALL b_addNewBook(\"$isbn\",\"$title\", \"$author\",\"$binding\",\"$imageURL\", $dewey, $salesRank,$pubDate,\"$publisher\",$g1,$g2,$g3,$loc)"; //echo $queryInsert; $res = mysqli_query($link, $queryInsert);