Jump to content
Larry Ullman's Book Forums

Recommended Posts

I'm having an issue with mysql_real_escape_string. This is used to display a custom post type (food menu items) for the WooThemes Diner theme (for WordPress). Food menu items no longer display on the Diner menu page because they are being called with mysql_real_escape_string.

 

What is the proper way to call these items?

 

Theme: Diner by WooThemes version 1.9.8 (now retired from active support)

Affected file: admin-interface.php

Lines: 111 & 118

/*-----------------------------------------------------------------------------------*/
/* WooThemes Admin Interface - woothemes_add_admin */
/*-----------------------------------------------------------------------------------*/

if ( ! function_exists( 'woothemes_add_admin' ) ) {
	function woothemes_add_admin() {

		global $query_string;
		global $current_user;
		$current_user_id = $current_user->user_login;
		$super_user = get_option( 'framework_woo_super_user' );

		$themename =  get_option( 'woo_themename' );
		$shortname =  get_option( 'woo_shortname' );

		// Reset the settings, sanitizing the various requests made.
		// Use a SWITCH to determine which settings to update.

		/* Make sure we're making a request.
   	------------------------------------------------------------*/

		if ( isset( $_REQUEST['page'] ) ) {

			// Sanitize page being requested.
			$_page = '';

			$_page = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['page'] ) ) ) );

			// Sanitize action being requested.
			$_action = '';

			if ( isset( $_REQUEST['woo_save'] ) ) {

				$_action = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['woo_save'] ) ) ) );

			} // End IF Statement

			// If the action is "reset", run the SWITCH.

			/* Perform settings reset.
  		------------------------------------------------------------*/

Share this post


Link to post
Share on other sites

With more current versions of PHP and MySQL, you'd want to use mysqli_real_escape_string() instead, which requires a database connection as its first argument.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...