diff options
| author | Andrew Dolgov <[email protected]> | 2005-11-19 18:33:17 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2005-11-19 18:33:17 +0100 |
| commit | b17fcb1a0c627db9539e2d12c70dec76f543d30a (patch) | |
| tree | 9a5332e2557f50c236f6408655274f39c87c7fce /functions.php | |
| parent | 262bd8ea53c3e96bfeb1d82d952ab7cc2f67e8e4 (diff) | |
fix double escaping of entry data on insert/update sequence
Diffstat (limited to 'functions.php')
| -rw-r--r-- | functions.php | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/functions.php b/functions.php index cb45435d0..37ad6c1d4 100644 --- a/functions.php +++ b/functions.php @@ -274,6 +274,11 @@ $owner_uid = $_SESSION["uid"]; + $entry_content = db_escape_string($entry_content); + $entry_title = db_escape_string($entry_title); + $entry_link = db_escape_string($entry_link); + $entry_comments = db_escape_string($entry_comments); + if (db_num_rows($result) == 0) { // base post entry does not exist, create it @@ -284,11 +289,6 @@ } error_reporting (E_ERROR | E_WARNING | E_PARSE); - $entry_content = db_escape_string($entry_content); - $entry_title = db_escape_string($entry_title); - $entry_link = db_escape_string($entry_link); - $entry_comments = db_escape_string($entry_comments); - $result = db_query($link, "INSERT INTO ttrss_entries (title, @@ -376,9 +376,6 @@ // print "<!-- post $orig_title needs update : $post_needs_update -->"; - $entry_content = db_escape_string($entry_content); - $entry_title = db_escape_string($entry_title); - db_query($link, "UPDATE ttrss_entries SET title = '$entry_title', content = '$entry_content' WHERE id = '$ref_id'"); |