From 10b6a8fff7e6d407421c74889455b969be7f867f Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Thu, 20 Oct 2011 08:15:02 +0200
Subject: Wrap mysql_real_escape_string() in a function

Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.

This is a rebased version of a patch by elij submitted about half a year
ago.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Conflicts:

	web/lib/aur.inc.php
---
 web/template/pkg_comment_form.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'web/template/pkg_comment_form.php')

diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php
index e52c92d2..d3b602cd 100644
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@@ -7,7 +7,7 @@ if (isset($_REQUEST['comment'])) {
 	$q = 'INSERT INTO PackageComments ';
 	$q.= '(PackageID, UsersID, Comments, CommentTS) VALUES (';
 	$q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', ';
-	$q.= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', ";
+	$q.= "'" . db_escape_string($_REQUEST['comment']) . "', ";
 	$q.= 'UNIX_TIMESTAMP())';
 	db_query($q, $dbh);
 
-- 
cgit v1.2.3-24-g4f1b