diff options
| author | elij <elij.mx@gmail.com> | 2011-05-12 01:17:12 +0200 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-05-17 10:43:42 +0200 |
| commit | 0898f1447a2d6bdc893f55f4718f867734841361 (patch) | |
| tree | 22ab9736ad4b92af12daeb3a5215b126c3a8c22c /web/html | |
| parent | d38f3460e55ad4e8486c63902f3b581684d6f188 (diff) | |
| download | aur-0898f1447a2d6bdc893f55f4718f867734841361.tar.gz aur-0898f1447a2d6bdc893f55f4718f867734841361.tar.xz | |
test return value from db_query before assuming it is valid
make the sql query form consistent in usage by cleaning up instances
where db_query's result was not inspected before attempting to fetch row
data from the handle
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
| -rw-r--r-- | web/html/addvote.php | 16 | ||||
| -rw-r--r-- | web/html/tu.php | 17 |
2 files changed, 28 insertions, 5 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php index 5936d563..a4596105 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -21,14 +21,26 @@ if ($atype == "Trusted User" OR $atype == "Developer") { if (!empty($_POST['user'])) { $qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'"; - $check = mysql_num_rows(db_query($qcheck, $dbh)); + $result = db_query($qcheck, $dbh); + if ($result) { + $check = mysql_num_rows($result); + } + else { + $check = 0; + } if ($check == 0) { $error.= __("Username does not exist."); } else { $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'"; $qcheck.= " AND End > UNIX_TIMESTAMP()"; - $check = mysql_num_rows(db_query($qcheck, $dbh)); + $result = db_query($qcheck, $dbh); + if ($result) { + $check = mysql_num_rows($result); + } + else { + $check = 0; + } if ($check != 0) { $error.= __("%s already has proposal running for them.", htmlentities($_POST['user'])); diff --git a/web/html/tu.php b/web/html/tu.php index c5cc36b5..6ab8ae9e 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -36,7 +36,13 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $qvoted = "SELECT * FROM TU_Votes WHERE "; $qvoted.= "VoteID = " . $row['ID'] . " AND "; $qvoted.= "UserID = " . uid_from_sid($_COOKIE["AURSID"]); - $hasvoted = mysql_num_rows(db_query($qvoted, $dbh)); + $result = db_query($qvoted, $dbh); + if ($result) { + $hasvoted = mysql_num_rows($result); + } + else { + $hasvoted = 0; + } # List voters of a proposal. $qwhoVoted = "SELECT tv.UserID,U.Username @@ -85,10 +91,15 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $canvote = 0; $errorvote = __("You've already voted for this proposal."); # Update if they voted - $hasvoted = mysql_num_rows(db_query($qvoted, $dbh)); + $result = db_query($qvoted, $dbh); + if ($result) { + $hasvoted = mysql_num_rows($result); + } $results = db_query($q, $dbh); - $row = mysql_fetch_assoc($results); + if ($results) { + $row = mysql_fetch_assoc($results); + } } } include("tu_details.php"); |