- $res = sql_query('SELECT * FROM '.sql_table('template').' WHERE tpartname=\'DATE_HEADER\'');
- while ($o = mysql_fetch_object($res)) {
- $newval = str_replace('<%daylink%>','<%%daylink%%>',$o->tcontent);
- $query = 'UPDATE '.sql_table('template').' SET tcontent=\''. addslashes($newval).'\' WHERE tdesc=' . $o->tdesc . ' AND tpartname=\'DATE_HEADER\'';
- upgrade_query('Updating DATE_HEADER part in template ' . $o->tdesc, $query);
+ $res = DB::getResult('SELECT * FROM '.sql_table('template').' WHERE tpartname=\'DATE_HEADER\'');
+ foreach ( $res as $row ) {
+ $newval = str_replace('<%daylink%>','<%%daylink%%>',$row['tcontent']);
+ $query = 'UPDATE '.sql_table('template').' SET tcontent='. DB::quoteValue($newval).' WHERE tdesc=' . $row['tdesc'] . ' AND tpartname=\'DATE_HEADER\'';
+ upgrade_query('Updating DATE_HEADER part in template ' . $row['tdesc'], $query);