From 67a7080e59262bd17db336f659fbac733dfd51bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ricardo=20Monta=C3=B1ana=20G=C3=B3mez?=
 <rmontanana@gmail.com>
Date: Wed, 24 Apr 2024 12:44:52 +0200
Subject: [PATCH] Fix escape string deprectaed method

---
 Ajax.php | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/Ajax.php b/Ajax.php
index 546b1d0..e7c60f0 100644
--- a/Ajax.php
+++ b/Ajax.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @package Inventario
  * @copyright Copyright (c) 2008, Ricardo Montañana Gómez
@@ -25,10 +26,11 @@ require_once 'Sql.php';
 $ajax = new Ajax();
 echo $ajax->procesa();
 
-class Ajax {
+class Ajax
+{
     private $sql;
     private $tabla;
-    
+
     public function __construct()
     {
         $this->sql = new Sql(SERVIDOR, USUARIO, CLAVE, BASEDATOS);
@@ -46,8 +48,10 @@ class Ajax {
     {
         $opc = $_GET['opc'];
         switch ($opc) {
-            case "get": return $this->obtiene();
-            case "put": return $this->actualiza();
+            case "get":
+                return $this->obtiene();
+            case "put":
+                return $this->actualiza();
         }
     }
     private function mensaje($exito, $texto)
@@ -56,18 +60,18 @@ class Ajax {
     }
     private function actualiza()
     {
-        if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
-            $comando = "update " . mysql_escape_string($this->tabla) . " set " . mysql_escape_string($_POST['name']) . " = '" . mysql_escape_string($_POST['value']) . "' where id = '" . mysql_escape_string($_POST['pk']). "';";
+        if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+            $comando = "update " . $this->sql->filtra($this->tabla) . " set " . $this->sql->filtra($_POST['name']) . " = '" . $this->sql->filtra($_POST['value']) . "' where id = '" . $this->sql->filtra($_POST['pk']) . "';";
             $this->sql->ejecuta($comando);
             $exito = !$this->sql->error();
             $mensaje = $this->sql->mensajeError();
-            $resp = $this->mensaje($exito, $mensaje);  
+            $resp = $this->mensaje($exito, $mensaje);
             return $this->respuesta($resp);
         }
     }
     private function obtiene()
     {
-        if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+        if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
             $comando = "select id, descripcion from " . $this->tabla . " order by descripcion asc;";
             $this->sql->ejecuta($comando);
             $exito = !$this->sql->error();
@@ -76,13 +80,11 @@ class Ajax {
                 return $this->respuesta($this->mensaje($exito, $mensaje));
             }
             $filas = array();
-            while($r = $this->sql->procesaResultado()) {
+            while ($r = $this->sql->procesaResultado()) {
                 $filas[] = array($r['id'] => $r['descripcion']);
             }
             $resp = json_encode($filas);
             return $this->respuesta($resp);
         }
     }
-}  
-
-?>
+}