From e171f6f34eeacf35cf7142b4788d43e7d0978546 Mon Sep 17 00:00:00 2001 From: canyonknight Date: Wed, 8 Aug 2012 18:09:51 -0400 Subject: Migrate all DB code to use PDO All DB code currently uses the quickly aging mysql_* functions. These functions are strongly discouraged and may eventually be deprecated. Transition all code to utilize the PDO data access abstraction layer. PDO allows for consistent query code across multiple databases. This could potentially allow for someone to use a database other than MySQL with minimal code changes. All functions and behaviors are reproduced as faithfully as possible with PDO equivalents and some changes in code. Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/lib/aurjson.class.php | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'web/lib/aurjson.class.php') diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index c1b079a4..fbdc7118 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -122,12 +122,13 @@ class AurJSON { "FROM Packages LEFT JOIN Users " . "ON Packages.MaintainerUID = Users.ID " . "WHERE ${where_condition}"; - $result = db_query($query, $this->dbh); + $result = $this->dbh->query($query); - $resultcount = mysql_num_rows($result); - if ( $result && $resultcount > 0 ) { + if ($result) { + $resultcount = 0; $search_data = array(); - while ( $row = mysql_fetch_assoc($result) ) { + while ($row = $result->fetch(PDO::FETCH_ASSOC)) { + $resultcount++; $name = $row['Name']; $row['URLPath'] = URL_DIR . substr($name, 0, 2) . "/" . $name . "/" . $name . ".tar.gz"; @@ -148,7 +149,6 @@ class AurJSON { } } - mysql_free_result($result); return $this->json_results($type, $resultcount, $search_data); } else { @@ -178,8 +178,7 @@ class AurJSON { if (is_numeric($arg)) { $id_args[] = intval($arg); } else { - $escaped = db_escape_string($arg, $this->dbh); - $name_args[] = "'" . $escaped . "'"; + $name_args[] = $this->dbh->quote($arg); } } @@ -196,10 +195,10 @@ class AurJSON { return $this->json_error('Query arg too small'); } - $keyword_string = db_escape_like($keyword_string, $this->dbh); + $keyword_string = $this->dbh->quote("%" . addcslashes($keyword_string, '%_') . "%"); - $where_condition = "( Name LIKE '%{$keyword_string}%' OR " . - "Description LIKE '%{$keyword_string}%' )"; + $where_condition = "(Name LIKE {$keyword_string} OR "; + $where_condition.= "Description LIKE {$keyword_string})"; return $this->process_query('search', $where_condition); } @@ -217,8 +216,7 @@ class AurJSON { $where_condition = "Packages.ID={$pqdata}"; } else { - $where_condition = sprintf("Name=\"%s\"", - db_escape_string($pqdata, $this->dbh)); + $where_condition = sprintf("Name=%s", $this->dbh->quote($pqdata)); } return $this->process_query('info', $where_condition); } @@ -260,9 +258,9 @@ class AurJSON { * @return mixed Returns an array of value data containing the package data **/ private function msearch($maintainer) { - $maintainer = db_escape_string($maintainer, $this->dbh); + $maintainer = $this->dbh->quote($maintainer); - $where_condition = "Users.Username = '{$maintainer}'"; + $where_condition = "Users.Username = {$maintainer}"; return $this->process_query('msearch', $where_condition); } -- cgit v1.2.3-24-g4f1b