external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Wrap mysql_real_escape_string() in a function

Browse source 
Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.

This is a rebased version of a patch by elij submitted about half a year
ago.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-10-20 08:15:02 +02:00
parent 54d5dcc6e8
commit 323d418f02
12 changed files with 66 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/template/pkg_comment_form.php
View file

@ -7,7 +7,7 @@ if (isset($_REQUEST['comment'])) {
$q = 'INSERT INTO PackageComments ';
$q.= '(PackageID, UsersID, Comments, CommentTS) VALUES (';
$q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', ';
$q.= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', ";
$q.= "'" . db_escape_string($_REQUEST['comment']) . "', ";
$q.= 'UNIX_TIMESTAMP())';
db_query($q, $dbh);