From 8823cd590f1c72c211ac3a1f58590ef60fa82240 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Sun, 16 Oct 2005 09:52:44 +0100
Subject: escape html characters in db_query() error output

---
 db.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'db.php')

diff --git a/db.php b/db.php
index 35985815b..c72bbd9df 100644
--- a/db.php
+++ b/db.php
@@ -55,12 +55,14 @@ function db_query($link, $query) {
 	if (DB_TYPE == "pgsql") {
 		$result = pg_query($link, $query);
 		if (!$result) {
+			$query = htmlspecialchars($query); // just in case
 		  	die("Query <i>$query</i> failed: " . pg_last_error($link));			
 		}
 		return $result;
 	} else if (DB_TYPE == "mysql") {
 		$result = mysql_query($query, $link);
 		if (!$result) {
+			$query = htmlspecialchars($query);
 		  	die("Query <i>$query</i> failed: " . mysql_error($link));
 		}
 		return $result;
-- 
cgit v1.2.3