From b5b65852c6cf24caa6033ab0e12146c34835413f Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Mon, 28 May 2007 08:20:07 +0000
Subject: [PATCH] apply magic quotes before using var in sql query in
 fetch_all_using_this()

---
 lib/grade/grade_object.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/grade/grade_object.php b/lib/grade/grade_object.php
index 42a3cf99fc..17b1630e9d 100644
--- a/lib/grade/grade_object.php
+++ b/lib/grade/grade_object.php
@@ -162,6 +162,7 @@ class grade_object {
         
         foreach ($variables as $var => $value) {
             if (!empty($value) && !in_array($var, $this->nonfields)) {
+                $value = addslashes($value);
                 $wheresql .= " $var = '$value' AND ";
             }
         }
-- 
2.39.5