Cleanup Invalid Mods on Cfg Update

includes/database.php

@@ -37,9 +37,9 @@ abstract class OGPDatabase {
 		$inClause = "IN ('";
 		for($i = 0; $i < count($arrayOfInputs); $i++){
 			if($i == 0){
-				$inClause .= $arrayOfInputs[$i];
+				$inClause .= $this->realEscapeSingle($arrayOfInputs[$i]);
 			}else{
-				$inClause .= "','" . $arrayOfInputs[$i];
+				$inClause .= "','" . $this->realEscapeSingle($arrayOfInputs[$i]);
 			}
 		}
 		$inClause .= "')";
@@ -55,6 +55,9 @@ abstract class OGPDatabase {
 
     /// Get all available settings
     abstract public function getSettings();
+    
+    // Real escape
+    abstract public function realEscapeSingle();
 
     /// Get one setting value
     /// \return FALSE if setting does not exist.

includes/database_mysql.php

@@ -30,9 +30,9 @@ function real_escape_string_recursive(&$item, $key, $link){
 
 class OGPDatabaseMySQL extends OGPDatabase
 {
-	private $link;
+	protected $link;
 
-	private $table_prefix;
+	protected $table_prefix;
 
 	function __construct()
 	{
@@ -73,6 +73,10 @@ class OGPDatabaseMySQL extends OGPDatabase
 		
 		return TRUE;
 	}
+	
+	public function realEscapeSingle($string){
+		return mysql_real_escape_string($string, $this->link);
+	}
 
 	private function listQuery($query) {
 		if ( !$this->link ) return FALSE;
@@ -868,7 +872,7 @@ class OGPDatabaseMySQL extends OGPDatabase
 		$query = sprintf($qStr,	
 				$this->table_prefix,
 				mysql_real_escape_string($game_id,$this->link),
-				mysql_real_escape_string($inClause,$this->link));
+				$inClause);
 		++$this->queries_;
 		$result = mysql_query($query, $this->link);
 		if ( mysql_num_rows($result) != 0 )
@@ -884,7 +888,7 @@ class OGPDatabaseMySQL extends OGPDatabase
 			$query = sprintf('DELETE FROM `%1$sconfig_mods` WHERE `home_cfg_id` = \'%2$s\' AND mod_key NOT %3$s;',
 					$this->table_prefix,
 					mysql_real_escape_string($game_id,$this->link),
-					mysql_real_escape_string($inClause,$this->link));
+					$inClause);
 			++$this->queries_;
 			$result = mysql_query($query,$this->link);
 			
@@ -892,7 +896,7 @@ class OGPDatabaseMySQL extends OGPDatabase
 			$inClause = parent::generateMySQLInClause($delVals);
 			$query = sprintf('DELETE FROM `%1$sgame_mods` WHERE `mod_cfg_id` %2$s;',
 				$this->table_prefix,
-				mysql_real_escape_string($inClause,$this->link));
+				$inClause);
 			++$this->queries_;
 			$result = mysql_query($query,$this->link);
 		}

includes/database_mysqli.php

@@ -30,9 +30,9 @@ function real_escape_string_recursive(&$item, $key, $link){
 
 class OGPDatabaseMySQL extends OGPDatabase
 {
-	private $link;
+	protected $link;
 
-	private $table_prefix;
+	protected $table_prefix;
 
 	function __construct()
 	{
@@ -70,6 +70,10 @@ class OGPDatabaseMySQL extends OGPDatabase
 
 		return TRUE;
 	}
+	
+	public function realEscapeSingle($string){
+		return mysqli_real_escape_string($this->link, $string);
+	}
 
 	private function listQuery($query) {
 		if ( !$this->link ) return FALSE;
@@ -865,7 +869,7 @@ class OGPDatabaseMySQL extends OGPDatabase
 		$query = sprintf($qStr,	
 				$this->table_prefix,
 				mysqli_real_escape_string($this->link,$game_id),
-				mysqli_real_escape_string($this->link,$inClause));
+				$inClause);
 		++$this->queries_;
 		$result = mysqli_query($this->link, $query);
 		if ( mysqli_num_rows($result) != 0 )
@@ -881,7 +885,7 @@ class OGPDatabaseMySQL extends OGPDatabase
 			$query = sprintf('DELETE FROM `%1$sconfig_mods` WHERE `home_cfg_id` = \'%2$s\' AND mod_key NOT %3$s;',
 					$this->table_prefix,
 					mysqli_real_escape_string($this->link,$game_id),
-					mysqli_real_escape_string($this->link,$inClause));
+					$inClause);
 			++$this->queries_;
 			$result = mysqli_query($this->link,$query);
 		
@@ -889,7 +893,7 @@ class OGPDatabaseMySQL extends OGPDatabase
 			$inClause = parent::generateMySQLInClause($delVals);
 			$query = sprintf('DELETE FROM `%1$sgame_mods` WHERE `mod_cfg_id` %2$s;',
 				$this->table_prefix,
-				mysqli_real_escape_string($this->link,$inClause));
+				$inClause);
 			++$this->queries_;
 			$result = mysqli_query($this->link, $query);
 		}