diff options
| author | Andrew Dolgov <[email protected]> | 2017-12-03 10:43:19 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-12-03 10:43:19 +0300 |
| commit | ef2438a5032fcbbd1e7534397b4f06de47a87a0c (patch) | |
| tree | 6bb3a3912ca7f1d8efd03c27abbdda9391089bd2 /plugins/note | |
| parent | 2179332acdca0b96af5d7278a12d41ea753cf775 (diff) | |
plugins/note: use PDO
Diffstat (limited to 'plugins/note')
| -rw-r--r-- | plugins/note/init.php | 44 |
1 files changed, 26 insertions, 18 deletions
diff --git a/plugins/note/init.php b/plugins/note/init.php index 65cdf30e4..354591b75 100644 --- a/plugins/note/init.php +++ b/plugins/note/init.php @@ -1,5 +1,7 @@ <?php class Note extends Plugin { + + /* @var PluginHost $host */ private $host; function about() { @@ -27,24 +29,29 @@ class Note extends Plugin { } function edit() { - $param = db_escape_string($_REQUEST['param']); + $param = $_REQUEST['param']; + + $sth = $this->pdo->prepare("SELECT note FROM ttrss_user_entries WHERE + ref_id = ? AND owner_uid = ?"); + $sth->execute([$param, $_SESSION['uid']]); + + if ($row = $sth->fetch()) { - $result = db_query("SELECT note FROM ttrss_user_entries WHERE - ref_id = '$param' AND owner_uid = " . $_SESSION['uid']); + $note = $row['note']; - $note = db_fetch_result($result, 0, "note"); + print_hidden("id", "$param"); + print_hidden("op", "pluginhandler"); + print_hidden("method", "setNote"); + print_hidden("plugin", "note"); - print_hidden("id", "$param"); - print_hidden("op", "pluginhandler"); - print_hidden("method", "setNote"); - print_hidden("plugin", "note"); + print "<table width='100%'><tr><td>"; + print "<textarea dojoType=\"dijit.form.SimpleTextarea\" + style='font-size : 12px; width : 98%; height: 100px;' + placeHolder='body#ttrssMain { font-size : 14px; };' + name='note'>$note</textarea>"; + print "</td></tr></table>"; - print "<table width='100%'><tr><td>"; - print "<textarea dojoType=\"dijit.form.SimpleTextarea\" - style='font-size : 12px; width : 98%; height: 100px;' - placeHolder='body#ttrssMain { font-size : 14px; };' - name='note'>$note</textarea>"; - print "</td></tr></table>"; + } print "<div class='dlgButtons'>"; print "<button dojoType=\"dijit.form.Button\" @@ -56,11 +63,12 @@ class Note extends Plugin { } function setNote() { - $id = db_escape_string($_REQUEST["id"]); - $note = trim(strip_tags(db_escape_string($_REQUEST["note"]))); + $id = $_REQUEST["id"]; + $note = trim(strip_tags($_REQUEST["note"])); - db_query("UPDATE ttrss_user_entries SET note = '$note' - WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET note = ? + WHERE ref_id = ? AND owner_uid = ?"); + $sth->execute([$note, $id, $_SESSION['uid']]); $formatted_note = Article::format_article_note($id, $note); |