From a3ad06015896f132054fece17abb0dfa1808d3b4 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Tue, 12 Apr 2011 00:15:48 -0500 Subject: rpc.php: be a bit more consistent in query building Do the implode as the same but separate step each time, and remove indentation where no other query has it. Signed-off-by: Dan McGee Signed-off-by: Lukas Fleischer --- web/lib/aurjson.class.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'web') diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 321fee3..2521948 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -117,10 +117,11 @@ class AurJSON { return $this->json_error('Query arg too small'); } + $fields = implode(',', self::$fields); $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); $keyword_string = addcslashes($keyword_string, '%_'); - $query = "SELECT " . implode(',', self::$fields) . + $query = "SELECT {$fields} " . " FROM Packages WHERE " . " ( Name LIKE '%{$keyword_string}%' OR " . " Description LIKE '%{$keyword_string}%' )"; @@ -134,7 +135,9 @@ class AurJSON { * @return mixed Returns an array of value data containing the package data **/ private function info($pqdata) { - $base_query = "SELECT " . implode(',', self::$fields) . + $fields = implode(',', self::$fields); + + $base_query = "SELECT {$fields} " . " FROM Packages WHERE "; if ( is_numeric($pqdata) ) { @@ -144,11 +147,8 @@ class AurJSON { $query_stub = "ID={$pqdata}"; } else { - if(get_magic_quotes_gpc()) { - $pqdata = stripslashes($pqdata); - } $query_stub = sprintf("Name=\"%s\"", - mysql_real_escape_string($pqdata)); + mysql_real_escape_string($pqdata, $this->dbh)); } $query = $base_query . $query_stub; @@ -161,13 +161,13 @@ class AurJSON { * @return mixed Returns an array of value data containing the package data **/ private function msearch($maintainer) { - $maintainer = mysql_real_escape_string($maintainer, $this->dbh); $fields = implode(',', self::$fields); + $maintainer = mysql_real_escape_string($maintainer, $this->dbh); $query = "SELECT Users.Username as Maintainer, {$fields} " . - " FROM Packages, Users " . - " WHERE Packages.MaintainerUID = Users.ID AND " . - " Users.Username = '{$maintainer}'"; + " FROM Packages, Users WHERE " . + " Packages.MaintainerUID = Users.ID AND " . + " Users.Username = '{$maintainer}'"; return $this->process_query('msearch', $query); } -- cgit v1.2.3-70-g09d2