summaryrefslogtreecommitdiffstats
path: root/web/lib/aurjson.class.php
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-04-12 07:15:48 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-04-16 17:49:00 +0200
commita3ad06015896f132054fece17abb0dfa1808d3b4 (patch)
tree6ed1a75986467e5ec73f6b3e6d86e1ae0c13b405 /web/lib/aurjson.class.php
parentaa206b343af8821e01c4984ae27ab510b87a43e8 (diff)
downloadaur-a3ad06015896f132054fece17abb0dfa1808d3b4.tar.gz
aur-a3ad06015896f132054fece17abb0dfa1808d3b4.tar.xz
rpc.php: be a bit more consistent in query building
Do the implode as the same but separate step each time, and remove indentation where no other query has it. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/aurjson.class.php')
-rw-r--r--web/lib/aurjson.class.php20
1 files changed, 10 insertions, 10 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 321fee39..25219485 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -117,10 +117,11 @@ class AurJSON {
return $this->json_error('Query arg too small');
}
+ $fields = implode(',', self::$fields);
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_');
- $query = "SELECT " . implode(',', self::$fields) .
+ $query = "SELECT {$fields} " .
" FROM Packages WHERE " .
" ( Name LIKE '%{$keyword_string}%' OR " .
" Description LIKE '%{$keyword_string}%' )";
@@ -134,7 +135,9 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data
**/
private function info($pqdata) {
- $base_query = "SELECT " . implode(',', self::$fields) .
+ $fields = implode(',', self::$fields);
+
+ $base_query = "SELECT {$fields} " .
" FROM Packages WHERE ";
if ( is_numeric($pqdata) ) {
@@ -144,11 +147,8 @@ class AurJSON {
$query_stub = "ID={$pqdata}";
}
else {
- if(get_magic_quotes_gpc()) {
- $pqdata = stripslashes($pqdata);
- }
$query_stub = sprintf("Name=\"%s\"",
- mysql_real_escape_string($pqdata));
+ mysql_real_escape_string($pqdata, $this->dbh));
}
$query = $base_query . $query_stub;
@@ -161,13 +161,13 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data
**/
private function msearch($maintainer) {
- $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
$fields = implode(',', self::$fields);
+ $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
$query = "SELECT Users.Username as Maintainer, {$fields} " .
- " FROM Packages, Users " .
- " WHERE Packages.MaintainerUID = Users.ID AND " .
- " Users.Username = '{$maintainer}'";
+ " FROM Packages, Users WHERE " .
+ " Packages.MaintainerUID = Users.ID AND " .
+ " Users.Username = '{$maintainer}'";
return $this->process_query('msearch', $query);
}