valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

escape data on OPML import (take 2)

This commit is contained in:
Andrew Dolgov 2005-10-13 02:05:47 +01:00
parent 1696229f9d
commit 8b7395bb64
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
db.php
View File

@ -41,6 +41,16 @@ function db_escape_string($s) {
} }
} }
/* I hate MySQL :( */
function db_escape_string_2($s, $link) {
if (DB_TYPE == "pgsql") {
return pg_escape_string($s);
} else {
return mysql_real_escape_string($s, $link);
}
}
function db_query($link, $query) { function db_query($link, $query) {
if (DB_TYPE == "pgsql") { if (DB_TYPE == "pgsql") {
$result = pg_query($link, $query); $result = pg_query($link, $query);

11
opml.php
View File

@ -46,12 +46,19 @@
} }
} }
/* this is suboptimal */
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) return;
$title = db_escape_string_2($title, $link);
$url = db_escape_string_2($url, $link);
if (!$title || !$url) return; if (!$title || !$url) return;
print "Feed <b>$title</b> ($url)... "; print "Feed <b>$title</b> ($url)... ";
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
title = '$title' OR feed_url = '$url'"); title = '$title' OR feed_url = '$url'");