escape html characters in db_query() error output

author: Andrew Dolgov <[email protected]> 2005-10-16 09:52:44 +0100
committer: Andrew Dolgov <[email protected]> 2005-10-16 09:52:44 +0100
commit: 8823cd590f1c72c211ac3a1f58590ef60fa82240 (patch)
tree: a8a7cb72b70354c6d9c3e23cdbd39970fce71d7b /db.php
parent: 571c7f235d1fec84875221e21133344d8028e2bb (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/db.php b/db.php
index 35985815b..c72bbd9df 100644
--- a/db.php
+++ b/db.php
@@ -55,12 +55,14 @@ function db_query($link, $query) {
 	if (DB_TYPE == "pgsql") {
 		$result = pg_query($link, $query);
 		if (!$result) {
+			$query = htmlspecialchars($query); // just in case
 		  	die("Query <i>$query</i> failed: " . pg_last_error($link));			
 		}
 		return $result;
 	} else if (DB_TYPE == "mysql") {
 		$result = mysql_query($query, $link);
 		if (!$result) {
+			$query = htmlspecialchars($query);
 		  	die("Query <i>$query</i> failed: " . mysql_error($link));
 		}
 		return $result;
author	Andrew Dolgov <[email protected]>	2005-10-16 09:52:44 +0100
committer	Andrew Dolgov <[email protected]>	2005-10-16 09:52:44 +0100
commit	8823cd590f1c72c211ac3a1f58590ef60fa82240 (patch)
tree	a8a7cb72b70354c6d9c3e23cdbd39970fce71d7b /db.php
parent	571c7f235d1fec84875221e21133344d8028e2bb (diff)