external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Wrap mysql_real_escape_string() in a function

Browse source 
Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.

This is a rebased version of a patch by elij submitted about half a year
ago.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Conflicts:

	web/lib/aur.inc.php
This commit is contained in:
Lukas Fleischer 2011-10-20 08:15:02 +02:00
parent e1687f1830
commit 10b6a8fff7
12 changed files with 67 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

10
web/html/addvote.php
View file

@ -20,7 +20,7 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
$error = "";
if (!empty($_POST['user'])) {
$qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'";
$qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'";
$result = db_query($qcheck, $dbh);
if ($result) {
$check = mysql_num_rows($result);
@ -32,7 +32,7 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
if ($check == 0) {
$error.= __("Username does not exist.");
} else {
$qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'";
$qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'";
$qcheck.= " AND End > UNIX_TIMESTAMP()";
$result = db_query($qcheck, $dbh);
if ($result) {
@ -67,9 +67,9 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
if (!empty($_POST['addVote']) && empty($error)) {
$q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
$q.= "('" . mysql_real_escape_string($_POST['agenda']) . "', ";
$q.= "'" . mysql_real_escape_string($_POST['user']) . "', ";
$q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len);
$q.= "('" . db_escape_string($_POST['agenda']) . "', ";
$q.= "'" . db_escape_string($_POST['user']) . "', ";
$q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len);
$q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
db_query($q, $dbh);