diff options
author | eliott <eliott@cactuswax.net> | 2007-11-23 04:28:11 +0100 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2008-01-20 07:21:19 +0100 |
commit | 32b863203fcda13f322aa0802bc64eec64dcaa51 (patch) | |
tree | 89cee28878ce78da8abe7e88389bf923ee14993b /web | |
parent | 47e80c24afa539d23f9060ee876303e24a1b1c89 (diff) | |
download | aur-32b863203fcda13f322aa0802bc64eec64dcaa51.tar.gz aur-32b863203fcda13f322aa0802bc64eec64dcaa51.tar.xz |
Modified to get details based on an exact package name, or based on a package id.
Diffstat (limited to 'web')
-rw-r--r-- | web/lib/aurjson.class.php | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index b8dff396..e6e40ffb 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -101,16 +101,27 @@ class AurJSON { } /** - * Returns the info on a specific package id. - * @param $package_id The ID of the package to fetch info. + * Returns the info on a specific package. + * @param $pqdata The ID or name of the package. Package Query Data. * @return mixed Returns an array of value data containing the package data **/ - private function info($package_id) { - // using sprintf to coerce the package_id to an int - // should handle sql injection issues, since sprintf will - // bork if not an int, or convert the string to a number - $query = sprintf("SELECT ID,Name,Version,Description,URL,URLPath,License,NumVotes,OutOfDate FROM Packages WHERE ID=%d",$package_id); - $result = db_query($query, $this->dbh); + private function info($pqdata) { + $base_query = "SELECT ID,Name,Version,Description,URL,URLPath,License,NumVotes,OutOfDate FROM Packages WHERE "; + + if is_numeric($pqdata) { + // just using sprintf to coerce the pqd to an int + // should handle sql injection issues, since sprintf will + // bork if not an int, or convert the string to a number 0 + $query_stub = sprintf("ID=%d",$pqdata); + } + else { + if(get_magic_quotes_gpc()) { + $pqd = stripslashes($pqdata); + } + $query_stub = sprintf("Name=%s",mysql_real_escape_string($pqdata)); + } + + $result = db_query($query.$base_query, $this->dbh); if ( $result && (mysql_num_rows($result) > 0) ) { $row = mysql_fetch_assoc($result); |