function mysql2_query_secure($sql, $link, $arg = '', $log = false) { global $l, $lbl_log; $query = generate_secure_sql($sql, $arg); if ($log) { addLog($log, $query, $lbl_log); } if ($_SESSION['OCS']['DEBUG'] == 'ON') { $_SESSION['OCS']['SQL_DEBUG'][] = html_entity_decode($query, ENT_QUOTES); } if (DEMO) { $rest = mb_strtoupper(substr($query, 0, 6)); if ($rest == 'UPDATE' or $rest == 'INSERT' or $rest == 'DELETE') { if (DEMO_MSG != 'show') { msg_info($l->g(2103)); define('DEMO_MSG', 'show'); } return false; } } $result = mysqli_query($link, $query); if ($_SESSION['OCS']['DEBUG'] == 'ON' and !$result) { msg_error(mysqli_error($link)); } return $result; }
$result_temp = mysql2_query_secure($sql_temp, $_SESSION['OCS']["readServer"], $arg_temp); while ($val_temp = mysqli_fetch_array($result_temp)) { $list[] = $val_temp['id']; if ($limit_result_cache < count($list)) { $ERROR = $l->g(959); break; } } if (!isset($list)) { $ERROR = $l->g(960); } else { $field[$i] = $field[$i] . "_ID"; $field_compar[$i] = " IN "; $field_value[$i] = " (" . implode(",", $list) . ")"; $field_modif = "field_value"; $sql_temp = generate_secure_sql($sql_temp, $arg_temp); unset($list); } } elseif (isset($table_cache)) { //si on est sur une table de cache if ($table_cache[$table[$i]]) { //on remet à zero le tableau de logiciels unset($list); //champ sur lequel s'effectue la recherche $field_temp = $field_cache[$table_cache[$table[$i]]]; if ($field_temp == $field[$i]) { $sql_temp = "select " . $field_temp . " as name "; if (isset($_SESSION['OCS']['USE_NEW_SOFT_TABLES']) and $_SESSION['OCS']['USE_NEW_SOFT_TABLES'] == 1) { $sql_temp .= ",id "; } $sql_temp .= " from " . strtolower($table_cache[$table[$i]]) . " where " . $field_temp . $field_compar[$i] . $field_value[$i];