diff options
author | Andrew Dolgov <[email protected]> | 2005-10-16 09:52:44 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2005-10-16 09:52:44 +0100 |
commit | 8823cd590f1c72c211ac3a1f58590ef60fa82240 (patch) | |
tree | a8a7cb72b70354c6d9c3e23cdbd39970fce71d7b | |
parent | 571c7f235d1fec84875221e21133344d8028e2bb (diff) |
escape html characters in db_query() error output
-rw-r--r-- | db.php | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -55,12 +55,14 @@ function db_query($link, $query) { if (DB_TYPE == "pgsql") { $result = pg_query($link, $query); if (!$result) { + $query = htmlspecialchars($query); // just in case die("Query <i>$query</i> failed: " . pg_last_error($link)); } return $result; } else if (DB_TYPE == "mysql") { $result = mysql_query($query, $link); if (!$result) { + $query = htmlspecialchars($query); die("Query <i>$query</i> failed: " . mysql_error($link)); } return $result; |