*** 1209,1215 ****
foreach ($ddd as $key => $value) {
$count++;
! $update .= $key .' = \''. $value .'\'';
if ($count < $numddd) {
$update .= ', ';
}
--- 1209,1215 ----
foreach ($ddd as $key => $value) {
$count++;
! $update .= $key .' = '. $db->qstr($value);
if ($count < $numddd) {
$update .= ', ';
}
Obviously, if $value contains an apostrophe then the query is going to fail. If it contains a slash, then the value will probably change without anyone noticing.
I changed it to call ADODB's qstr() and removed the enclosing apostrophes (qstr automatically adds them).
The reason I 'm mentioning this is that it's an ultra far-reaching change, and obviously all code that uses it cannot be tested. It looks completely safe to me, but just in case I 'm overlooking something...