@@ -188,7 +188,7 @@ public static function addNode($code, $name, $canHaveCourses, $parent_id)
188188 $ tree_pos$ row'maxTreePos ' ] + 1 ;
189189
190190 $ params
191- 'name ' => $ name
191+ 'name ' => html_filter ( $ name) ,
192192 'code ' => $ code
193193 'parent_id ' => empty ($ parent_idnull : $ parent_id
194194 'tree_pos ' => $ tree_pos
@@ -300,29 +300,34 @@ public static function editNode(
300300 $ tbl_courseget_main_table (TABLE_MAIN_COURSE );
301301 $ tbl_categoryget_main_table (TABLE_MAIN_CATEGORY );
302302
303- $ codetrim (Database::escape_string ($ code
304- $ nametrim (Database::escape_string ($ name
305- $ old_codeescape_string ($ old_code
306- $ canHaveCoursesescape_string ($ canHaveCourses
303+ $ codegenerate_course_code ($ code
304+ $ namehtml_filter ($ name
307305
308306 $ codegenerate_course_code ($ code
309307 // Updating category
310- $ sql"UPDATE $ tbl_category SET
311- name=' $ name',
312- code=' $ code',
313- auth_course_child = ' $ canHaveCourses'
314- WHERE code = ' $ old_code' "
315- Database::query ($ sql
308+ Database::update (
309+ $ tbl_category
310+ [
311+ 'name ' => $ name
312+ 'code ' => $ code
313+ 'auth_course_child ' => $ canHaveCourses
314+ ],
315+ ['code = ? ' => $ old_code
316+ );
316317
317318 // Updating children
318- $ sql"UPDATE $ tbl_category SET parent_id = ' $ code'
319- WHERE parent_id = ' $ old_code' "
320- Database::query ($ sql
319+ Database::update (
320+ $ tbl_category
321+ ['parent_id ' => $ code
322+ ['parent_id = ? ' => $ old_code
323+ );
321324
322325 // Updating course category
323- $ sql"UPDATE $ tbl_course SET category_code = ' $ code'
324- WHERE category_code = ' $ old_code' "
325- Database::query ($ sql
326+ Database::update (
327+ $ tbl_course
328+ ['category_code ' => $ code
329+ ['category_code = ? ' => $ old_code
330+ );
326331
327332 Database::update (
328333 $ tbl_category
0 commit comments