valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

some minor PDO-related fixes

This commit is contained in:
Andrew Dolgov 2017-12-01 18:26:53 +03:00
parent 9ead64f6d8
commit cab58c44ae
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
include/functions.php
View File

@ -259,6 +259,8 @@
else else
$query_limit = ""; $query_limit = "";
$purge_interval = (int) $purge_interval;
if (DB_TYPE == "pgsql") { if (DB_TYPE == "pgsql") {
$sth = $pdo->prepare("DELETE FROM ttrss_user_entries $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
USING ttrss_entries USING ttrss_entries
@ -266,8 +268,8 @@
marked = false AND marked = false AND
feed_id = ? AND feed_id = ? AND
$query_limit $query_limit
ttrss_entries.date_updated < NOW() - INTERVAL ? days"); ttrss_entries.date_updated < NOW() - INTERVAL '$purge_interval days'");
$sth->execute([$feed_id, $purge_interval]); $sth->execute([$feed_id]);
} else { } else {
$sth = $pdo->prepare("DELETE FROM ttrss_user_entries $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
@ -276,8 +278,8 @@
marked = false AND marked = false AND
feed_id = ? AND feed_id = ? AND
$query_limit $query_limit
ttrss_entries.date_updated < DATE_SUB(NOW(), INTERVAL ? DAY)"); ttrss_entries.date_updated < DATE_SUB(NOW(), INTERVAL $purge_interval DAY)");
$sth->execute([$feed_id, $purge_interval]); $sth->execute([$feed_id]);
} }
@ -587,8 +589,6 @@
function initialize_user_prefs($uid, $profile = false) { function initialize_user_prefs($uid, $profile = false) {
$uid = db_escape_string($uid);
if (get_schema_version() < 63) $profile_qpart = ""; if (get_schema_version() < 63) $profile_qpart = "";
$pdo = DB::pdo(); $pdo = DB::pdo();
@ -614,9 +614,6 @@
if (array_search($line["pref_name"], $active_prefs) === FALSE) { if (array_search($line["pref_name"], $active_prefs) === FALSE) {
// print "adding " . $line["pref_name"] . "<br>"; // print "adding " . $line["pref_name"] . "<br>";
$line["def_value"] = db_escape_string($line["def_value"]);
$line["pref_name"] = db_escape_string($line["pref_name"]);
if (get_schema_version() < 63) { if (get_schema_version() < 63) {
$i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs $i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
(owner_uid,pref_name,value) VALUES (owner_uid,pref_name,value) VALUES
@ -1374,8 +1371,10 @@
$search_words = array(); $search_words = array();
$search_query_leftover = array(); $search_query_leftover = array();
$pdo = Db::pdo();
if ($search_language) if ($search_language)
$search_language = db_escape_string(mb_strtolower($search_language)); $search_language = $pdo->quote(mb_strtolower($search_language));
else else
$search_language = "english"; $search_language = "english";
@ -1393,7 +1392,7 @@
case "title": case "title":
if ($commandpair[1]) { if ($commandpair[1]) {
array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%". array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%".
db_escape_string(mb_strtolower($commandpair[1]))."%'))"); $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
} else { } else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%') array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))"); OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
@ -1403,7 +1402,7 @@
case "author": case "author":
if ($commandpair[1]) { if ($commandpair[1]) {
array_push($query_keywords, "($not (LOWER(author) LIKE '%". array_push($query_keywords, "($not (LOWER(author) LIKE '%".
db_escape_string(mb_strtolower($commandpair[1]))."%'))"); $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
} else { } else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%') array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))"); OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
@ -1418,7 +1417,7 @@
array_push($query_keywords, "($not (note IS NULL OR note = ''))"); array_push($query_keywords, "($not (note IS NULL OR note = ''))");
else else
array_push($query_keywords, "($not (LOWER(note) LIKE '%". array_push($query_keywords, "($not (LOWER(note) LIKE '%".
db_escape_string(mb_strtolower($commandpair[1]))."%'))"); $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
} else { } else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%') array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))"); OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
@ -1490,7 +1489,7 @@
} }
if (count($search_query_leftover) > 0) { if (count($search_query_leftover) > 0) {
$search_query_leftover = db_escape_string(implode(" & ", $search_query_leftover)); $search_query_leftover = $pdo->quote(implode(" & ", $search_query_leftover));
if (DB_TYPE == "pgsql") { if (DB_TYPE == "pgsql") {
array_push($query_keywords, array_push($query_keywords,