diff options
author | Andrew Dolgov <[email protected]> | 2005-10-13 02:05:47 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2005-10-13 02:05:47 +0100 |
commit | 8b7395bb64506180f9b7a76b00948cd4f3cb9de3 (patch) | |
tree | 4b4d130b133fdb2b7f487f3c6534bfcdab6f0075 | |
parent | 1696229f9df3a65e06246ea9e5b1ee1424f4c02a (diff) |
escape data on OPML import (take 2)
-rw-r--r-- | db.php | 10 | ||||
-rw-r--r-- | opml.php | 11 |
2 files changed, 19 insertions, 2 deletions
@@ -41,6 +41,16 @@ function db_escape_string($s) { } } +/* I hate MySQL :( */ + +function db_escape_string_2($s, $link) { + if (DB_TYPE == "pgsql") { + return pg_escape_string($s); + } else { + return mysql_real_escape_string($s, $link); + } +} + function db_query($link, $query) { if (DB_TYPE == "pgsql") { $result = pg_query($link, $query); @@ -46,12 +46,19 @@ } } + /* this is suboptimal */ + + $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); + + if (!$link) return; + + $title = db_escape_string_2($title, $link); + $url = db_escape_string_2($url, $link); + if (!$title || !$url) return; print "Feed <b>$title</b> ($url)... "; - $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE title = '$title' OR feed_url = '$url'"); |