summaryrefslogtreecommitdiffstats
path: root/web/html/addvote.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-10-20 08:15:02 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-10-25 09:25:30 +0200
commit10b6a8fff7e6d407421c74889455b969be7f867f (patch)
tree7865ce99ce1d45e7261f32c539ed42ab7f265823 /web/html/addvote.php
parente1687f18302a49b5d1b57aceb703fffe09c76375 (diff)
downloadaur-10b6a8fff7e6d407421c74889455b969be7f867f.tar.gz
aur-10b6a8fff7e6d407421c74889455b969be7f867f.tar.xz
Wrap mysql_real_escape_string() in a function
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Conflicts: web/lib/aur.inc.php
Diffstat (limited to 'web/html/addvote.php')
-rw-r--r--web/html/addvote.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php
index fe3037d5..f0e7d31a 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -20,7 +20,7 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
$error = "";
if (!empty($_POST['user'])) {
- $qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'";
+ $qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'";
$result = db_query($qcheck, $dbh);
if ($result) {
$check = mysql_num_rows($result);
@@ -32,7 +32,7 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
if ($check == 0) {
$error.= __("Username does not exist.");
} else {
- $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'";
+ $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'";
$qcheck.= " AND End > UNIX_TIMESTAMP()";
$result = db_query($qcheck, $dbh);
if ($result) {
@@ -67,9 +67,9 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
if (!empty($_POST['addVote']) && empty($error)) {
$q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
- $q.= "('" . mysql_real_escape_string($_POST['agenda']) . "', ";
- $q.= "'" . mysql_real_escape_string($_POST['user']) . "', ";
- $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len);
+ $q.= "('" . db_escape_string($_POST['agenda']) . "', ";
+ $q.= "'" . db_escape_string($_POST['user']) . "', ";
+ $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len);
$q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
db_query($q, $dbh);