From a3ad06015896f132054fece17abb0dfa1808d3b4 Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Tue, 12 Apr 2011 00:15:48 -0500
Subject: rpc.php: be a bit more consistent in query building

Do the implode as the same but separate step each time, and remove
indentation where no other query has it.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/aurjson.class.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 321fee39..25219485 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -117,10 +117,11 @@ class AurJSON {
             return $this->json_error('Query arg too small');
         }
 
+        $fields = implode(',', self::$fields);
         $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
         $keyword_string = addcslashes($keyword_string, '%_');
 
-        $query = "SELECT " . implode(',', self::$fields) .
+        $query = "SELECT {$fields} " .
             " FROM Packages WHERE " .
             "  ( Name LIKE '%{$keyword_string}%' OR " .
             "    Description LIKE '%{$keyword_string}%' )";
@@ -134,7 +135,9 @@ class AurJSON {
      * @return mixed Returns an array of value data containing the package data
      **/
     private function info($pqdata) {
-        $base_query = "SELECT " . implode(',', self::$fields) .
+        $fields = implode(',', self::$fields);
+
+        $base_query = "SELECT {$fields} " .
             " FROM Packages WHERE ";
 
         if ( is_numeric($pqdata) ) {
@@ -144,11 +147,8 @@ class AurJSON {
             $query_stub = "ID={$pqdata}";
         }
         else {
-            if(get_magic_quotes_gpc()) {
-                $pqdata = stripslashes($pqdata);
-            }
             $query_stub = sprintf("Name=\"%s\"",
-                mysql_real_escape_string($pqdata));
+                mysql_real_escape_string($pqdata, $this->dbh));
         }
         $query = $base_query . $query_stub;
 
@@ -161,13 +161,13 @@ class AurJSON {
      * @return mixed Returns an array of value data containing the package data
      **/
     private function msearch($maintainer) {
-        $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
         $fields = implode(',', self::$fields);
+        $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
 
         $query = "SELECT Users.Username as Maintainer, {$fields} " .
-            " FROM Packages, Users " .
-            "        WHERE Packages.MaintainerUID = Users.ID AND " .
-            "              Users.Username = '{$maintainer}'";
+            " FROM Packages, Users WHERE " .
+            "   Packages.MaintainerUID = Users.ID AND " .
+            "   Users.Username = '{$maintainer}'";
 
         return $this->process_query('msearch', $query);
     }
-- 
cgit v1.2.3-24-g4f1b