From 10b6a8fff7e6d407421c74889455b969be7f867f Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Thu, 20 Oct 2011 08:15:02 +0200
Subject: Wrap mysql_real_escape_string() in a function

Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.

This is a rebased version of a patch by elij submitted about half a year
ago.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Conflicts:

	web/lib/aur.inc.php
---
 web/lib/pkgfuncs.inc.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'web/lib/pkgfuncs.inc.php')

diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 3e89fa35..b078c48a 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -100,7 +100,7 @@ function pkgid_from_name($name="", $dbh=NULL) {
 		$dbh = db_connect();
 	}
 	$q = "SELECT ID FROM Packages ";
-	$q.= "WHERE Name = '".mysql_real_escape_string($name)."' ";
+	$q.= "WHERE Name = '".db_escape_string($name)."' ";
 	$result = db_query($q, $dbh);
 	if (!$result) {return NULL;}
 	$row = mysql_fetch_row($result);
@@ -137,7 +137,7 @@ function package_required($name="", $dbh=NULL) {
 		}
 		$q = "SELECT p.Name, PackageID FROM PackageDepends pd ";
 		$q.= "JOIN Packages p ON pd.PackageID = p.ID ";
-		$q.= "WHERE DepName = '".mysql_real_escape_string($name)."' ";
+		$q.= "WHERE DepName = '".db_escape_string($name)."' ";
 		$q.= "ORDER BY p.Name";
 		$result = db_query($q, $dbh);
 		if (!$result) {return array();}
@@ -234,7 +234,7 @@ function pkgvotes_from_sid($sid="", $dbh=NULL) {
 	$q.= "FROM PackageVotes, Users, Sessions ";
 	$q.= "WHERE Users.ID = Sessions.UsersID ";
 	$q.= "AND Users.ID = PackageVotes.UsersID ";
-	$q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'";
+	$q.= "AND Sessions.SessionID = '".db_escape_string($sid)."'";
 	$result = db_query($q, $dbh);
 	if ($result) {
 		while ($row = mysql_fetch_row($result)) {
@@ -257,7 +257,7 @@ function pkgnotify_from_sid($sid="", $dbh=NULL) {
 	$q.= "FROM CommentNotify, Users, Sessions ";
 	$q.= "WHERE Users.ID = Sessions.UsersID ";
 	$q.= "AND Users.ID = CommentNotify.UserID ";
-	$q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'";
+	$q.= "AND Sessions.SessionID = '".db_escape_string($sid)."'";
 	$result = db_query($q, $dbh);
 	if ($result) {
 		while ($row = mysql_fetch_row($result)) {
@@ -291,7 +291,7 @@ function pkgname_is_blacklisted($name, $dbh=NULL) {
 	if(!$dbh) {
 		$dbh = db_connect();
 	}
-	$q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . mysql_real_escape_string($name) . "'";
+	$q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . db_escape_string($name) . "'";
 	$result = db_query($q, $dbh);
 
 	if (!$result) return false;
@@ -457,7 +457,7 @@ function pkg_search_page($SID="", $dbh=NULL) {
 	}
 
 	if (isset($_GET['K'])) {
-		$_GET['K'] = mysql_real_escape_string(trim($_GET['K']));
+		$_GET['K'] = db_escape_string(trim($_GET['K']));
 
 		# Search by maintainer
 		if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") {
-- 
cgit v1.2.3-24-g4f1b