summaryrefslogtreecommitdiffstats
path: root/web/html/pkgsubmit.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-10-20 08:15:02 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-10-24 17:57:54 +0200
commit323d418f02074613241d65b9cabbfd65afea9abe (patch)
treeafa3290e6d2d0ad04955e3e9331b885587e7e1f6 /web/html/pkgsubmit.php
parent54d5dcc6e87732f89e6346eb35e30837a23a32b3 (diff)
downloadaur-323d418f02074613241d65b9cabbfd65afea9abe.tar.gz
aur-323d418f02074613241d65b9cabbfd65afea9abe.tar.xz
Wrap mysql_real_escape_string() in a function
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html/pkgsubmit.php')
-rw-r--r--web/html/pkgsubmit.php28
1 files changed, 14 insertions, 14 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index f715e15f..75a4b697 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -301,7 +301,7 @@ if ($uid):
$dbh = db_connect();
db_query("BEGIN", $dbh);
- $q = "SELECT * FROM Packages WHERE Name = '" . mysql_real_escape_string($new_pkgbuild['pkgname']) . "'";
+ $q = "SELECT * FROM Packages WHERE Name = '" . db_escape_string($new_pkgbuild['pkgname']) . "'";
$result = db_query($q, $dbh);
$pdata = mysql_fetch_assoc($result);
@@ -346,11 +346,11 @@ if ($uid):
# Update package data
$q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d",
- mysql_real_escape_string($new_pkgbuild['pkgname']),
- mysql_real_escape_string($pkg_version),
- mysql_real_escape_string($new_pkgbuild['license']),
- mysql_real_escape_string($new_pkgbuild['pkgdesc']),
- mysql_real_escape_string($new_pkgbuild['url']),
+ db_escape_string($new_pkgbuild['pkgname']),
+ db_escape_string($pkg_version),
+ db_escape_string($new_pkgbuild['license']),
+ db_escape_string($new_pkgbuild['pkgdesc']),
+ db_escape_string($new_pkgbuild['url']),
$uid,
$packageID);
@@ -359,12 +359,12 @@ if ($uid):
} else {
# This is a brand new package
$q = sprintf("INSERT INTO Packages (Name, License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s', %d, '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)",
- mysql_real_escape_string($new_pkgbuild['pkgname']),
- mysql_real_escape_string($new_pkgbuild['license']),
- mysql_real_escape_string($pkg_version),
+ db_escape_string($new_pkgbuild['pkgname']),
+ db_escape_string($new_pkgbuild['license']),
+ db_escape_string($pkg_version),
$category_id,
- mysql_real_escape_string($new_pkgbuild['pkgdesc']),
- mysql_real_escape_string($new_pkgbuild['url']),
+ db_escape_string($new_pkgbuild['pkgdesc']),
+ db_escape_string($new_pkgbuild['url']),
$uid,
$uid);
@@ -389,8 +389,8 @@ if ($uid):
$q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')",
$packageID,
- mysql_real_escape_string($deppkgname),
- mysql_real_escape_string($depcondition));
+ db_escape_string($deppkgname),
+ db_escape_string($depcondition));
db_query($q, $dbh);
}
@@ -401,7 +401,7 @@ if ($uid):
foreach ($sources as $src) {
if ($src != "" ) {
$q = "INSERT INTO PackageSources (PackageID, Source) VALUES (";
- $q .= $packageID . ", '" . mysql_real_escape_string($src) . "')";
+ $q .= $packageID . ", '" . db_escape_string($src) . "')";
db_query($q, $dbh);
}
}