diff options
| -rw-r--r-- | db.php | 4 | ||||
| -rw-r--r-- | functions.php | 2 |
2 files changed, 4 insertions, 2 deletions
@@ -41,7 +41,9 @@ function db_connect($host, $user, $pass, $db) { } } -function db_escape_string($s) { +function db_escape_string($s, $strip_tags = true) { + if ($strip_tags) $s = strip_tags($s); + if (DB_TYPE == "pgsql") { return pg_escape_string($s); } else { diff --git a/functions.php b/functions.php index 0a7559368..16780fd1f 100644 --- a/functions.php +++ b/functions.php @@ -954,7 +954,7 @@ $result = db_query($link, "SELECT id FROM ttrss_entries WHERE guid = '$entry_guid'"); - $entry_content = db_escape_string($entry_content); + $entry_content = db_escape_string($entry_content, true); $content_hash = "SHA1:" . sha1(strip_tags($entry_content)); |