From 10b6a8fff7e6d407421c74889455b969be7f867f Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Thu, 20 Oct 2011 08:15:02 +0200
Subject: Wrap mysql_real_escape_string() in a function

Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.

This is a rebased version of a patch by elij submitted about half a year
ago.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Conflicts:

	web/lib/aur.inc.php
---
 web/html/passreset.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'web/html/passreset.php')

diff --git a/web/html/passreset.php b/web/html/passreset.php
index ed5d4d31..97fbebb0 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -40,8 +40,8 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
 		      Salt = '$salt',
 		      ResetKey = ''
 		      WHERE ResetKey != ''
-		      AND ResetKey = '".mysql_real_escape_string($resetkey)."'
-		      AND Email = '".mysql_real_escape_string($email)."'";
+		      AND ResetKey = '".db_escape_string($resetkey)."'
+		      AND Email = '".db_escape_string($email)."'";
 		$result = db_query($q, $dbh);
 		if (!mysql_affected_rows($dbh)) {
 			$error = __('Invalid e-mail and reset key combination.');
-- 
cgit v1.2.3-24-g4f1b