diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-10-20 08:15:02 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-10-25 09:25:30 +0200 |
commit | 10b6a8fff7e6d407421c74889455b969be7f867f (patch) | |
tree | 7865ce99ce1d45e7261f32c539ed42ab7f265823 /web/html/pkgsubmit.php | |
parent | e1687f18302a49b5d1b57aceb703fffe09c76375 (diff) | |
download | aur-10b6a8fff7e6d407421c74889455b969be7f867f.tar.gz aur-10b6a8fff7e6d407421c74889455b969be7f867f.tar.xz |
Wrap mysql_real_escape_string() in a function
Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.
This is a rebased version of a patch by elij submitted about half a year
ago.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Conflicts:
web/lib/aur.inc.php
Diffstat (limited to 'web/html/pkgsubmit.php')
-rw-r--r-- | web/html/pkgsubmit.php | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 21776f9c..539f0561 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -301,7 +301,7 @@ if ($uid): $dbh = db_connect(); db_query("BEGIN", $dbh); - $q = "SELECT * FROM Packages WHERE Name = '" . mysql_real_escape_string($new_pkgbuild['pkgname']) . "'"; + $q = "SELECT * FROM Packages WHERE Name = '" . db_escape_string($new_pkgbuild['pkgname']) . "'"; $result = db_query($q, $dbh); $pdata = mysql_fetch_assoc($result); @@ -346,11 +346,11 @@ if ($uid): # Update package data $q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d", - mysql_real_escape_string($new_pkgbuild['pkgname']), - mysql_real_escape_string($pkg_version), - mysql_real_escape_string($new_pkgbuild['license']), - mysql_real_escape_string($new_pkgbuild['pkgdesc']), - mysql_real_escape_string($new_pkgbuild['url']), + db_escape_string($new_pkgbuild['pkgname']), + db_escape_string($pkg_version), + db_escape_string($new_pkgbuild['license']), + db_escape_string($new_pkgbuild['pkgdesc']), + db_escape_string($new_pkgbuild['url']), $uid, $packageID); @@ -359,12 +359,12 @@ if ($uid): } else { # This is a brand new package $q = sprintf("INSERT INTO Packages (Name, License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s', %d, '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)", - mysql_real_escape_string($new_pkgbuild['pkgname']), - mysql_real_escape_string($new_pkgbuild['license']), - mysql_real_escape_string($pkg_version), + db_escape_string($new_pkgbuild['pkgname']), + db_escape_string($new_pkgbuild['license']), + db_escape_string($pkg_version), $category_id, - mysql_real_escape_string($new_pkgbuild['pkgdesc']), - mysql_real_escape_string($new_pkgbuild['url']), + db_escape_string($new_pkgbuild['pkgdesc']), + db_escape_string($new_pkgbuild['url']), $uid, $uid); @@ -389,8 +389,8 @@ if ($uid): $q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')", $packageID, - mysql_real_escape_string($deppkgname), - mysql_real_escape_string($depcondition)); + db_escape_string($deppkgname), + db_escape_string($depcondition)); db_query($q, $dbh); } @@ -401,7 +401,7 @@ if ($uid): foreach ($sources as $src) { if ($src != "" ) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; - $q .= $packageID . ", '" . mysql_real_escape_string($src) . "')"; + $q .= $packageID . ", '" . db_escape_string($src) . "')"; db_query($q, $dbh); } } |