Browse Source

use raw db queries wherever query items could contain '%'

pull/1/head
Friendika 11 years ago
parent
commit
f7c0480f1b
  1. 10
      include/dba.php
  2. 2
      include/items.php
  3. 2
      mod/dfrn_notify.php
  4. 2
      mod/profiles.php

10
include/dba.php

@ -134,6 +134,16 @@ function q($sql) {
return $ret;
}}
// raw db query, no arguments
if(! function_exists('dbq')) {
function dbq($sql) {
global $db;
$ret = $db->q($sql);
return $ret;
}}
// Caller is responsible for ensuring that any integer arguments to
// dbesc_array are actually integers and not malformed strings containing

2
include/items.php

@ -550,7 +550,7 @@ function item_store($arr) {
logger('item_store: ' . print_r($arr,true), LOGGER_DATA);
$r = q("INSERT INTO `item` (`"
$r = dbq("INSERT INTO `item` (`"
. implode("`, `", array_keys($arr))
. "`) VALUES ('"
. implode("', '", array_values($arr))

2
mod/dfrn_notify.php

@ -106,7 +106,7 @@ function dfrn_notify_post(&$a) {
dbesc_array($msg);
$r = q("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg))
$r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg))
. "`) VALUES ('" . implode("', '", array_values($msg)) . "')" );
// send email notification if requested.

2
mod/profiles.php

@ -249,7 +249,7 @@ function profiles_content(&$a) {
dbesc_array($r1[0]);
$r2 = q("INSERT INTO `profile` (`"
$r2 = dbq("INSERT INTO `profile` (`"
. implode("`, `", array_keys($r1[0]))
. "`) VALUES ('"
. implode("', '", array_values($r1[0]))

Loading…
Cancel
Save