From 323d418f02074613241d65b9cabbfd65afea9abe Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Thu, 20 Oct 2011 08:15:02 +0200 Subject: Wrap mysql_real_escape_string() in a function Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij Signed-off-by: Lukas Fleischer --- web/template/pkg_comment_form.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'web/template') diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index e52c92d..d3b602c 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -7,7 +7,7 @@ if (isset($_REQUEST['comment'])) { $q = 'INSERT INTO PackageComments '; $q.= '(PackageID, UsersID, Comments, CommentTS) VALUES ('; $q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', '; - $q.= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', "; + $q.= "'" . db_escape_string($_REQUEST['comment']) . "', "; $q.= 'UNIX_TIMESTAMP())'; db_query($q, $dbh); -- cgit v1.2.3-70-g09d2