Index: helpers/frontend_helper.php
===================================================================
--- helpers/frontend_helper.php (revision 12258)
+++ helpers/frontend_helper.php (working copy)
@@ -1029,7 +1029,7 @@
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust);
// check how many uses the token has left
- $usesquery = "SELECT usesleft FROM {{tokens_$surveyid}} WHERE token=".$clienttoken;
+ $usesquery = "SELECT usesleft FROM {{tokens_$surveyid}} WHERE token='".$clienttoken."'";
$usesresult = dbExecuteAssoc($usesquery);
$usesrow = $usesresult->read();
if (isset($usesrow)) { $usesleft = $usesrow['usesleft']; }
@@ -1061,14 +1061,14 @@
$utquery .= "SET usesleft=usesleft-1\n";
}
}
- $utquery .= "WHERE token=".$clienttoken."";
+ $utquery .= "WHERE token='".$clienttoken."'";
$utresult = dbExecuteAssoc($utquery) or safeDie ("Couldn't update tokens table!
\n$utquery
\n"); //Checked
if ($quotaexit==false)
{
// TLR change to put date into sent and completed
- $cnfquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token=".$clienttoken." AND completed!='N' AND completed!=''";
+ $cnfquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token='".$clienttoken."' AND completed!='N' AND completed!=''";
$cnfresult = dbExecuteAssoc($cnfquery); //Checked
$cnfrow = $cnfresult->read();
@@ -1529,9 +1529,9 @@
//check if token actually does exist
// check also if it is allowed to change survey after completion
if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
- $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token=".trim(strip_tags($clienttoken))." ";
+ $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token='".trim(strip_tags($clienttoken))."'";
} else {
- $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token=".trim(strip_tags($clienttoken))." AND (completed = 'N' or completed='')";
+ $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token='".trim(strip_tags($clienttoken))."' AND (completed = 'N' or completed='')";
}
$tkresult = dbExecuteAssoc($tkquery); //Checked
@@ -1706,7 +1706,7 @@
{
//get language from token (if one exists)
- $tkquery2 = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".db_quote($clienttoken)."' AND (completed = 'N' or completed='')";
+ $tkquery2 = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$clienttoken."' AND (completed = 'N' or completed='')";
//echo $tkquery2;
$result = dbExecuteAssoc($tkquery2) or safeDie ("Couldn't get tokens
$tkquery
"); //Checked
foreach ($result->readAll() as $rw)