mirror of
https://github.com/friendica/friendica
synced 2024-12-23 04:00:15 +00:00
use raw db queries wherever query items could contain '%'
This commit is contained in:
parent
c50f491c3d
commit
f7c0480f1b
4 changed files with 13 additions and 3 deletions
|
@ -134,6 +134,16 @@ function q($sql) {
|
|||
return $ret;
|
||||
}}
|
||||
|
||||
// raw db query, no arguments
|
||||
|
||||
if(! function_exists('dbq')) {
|
||||
function dbq($sql) {
|
||||
|
||||
global $db;
|
||||
$ret = $db->q($sql);
|
||||
return $ret;
|
||||
}}
|
||||
|
||||
|
||||
// Caller is responsible for ensuring that any integer arguments to
|
||||
// dbesc_array are actually integers and not malformed strings containing
|
||||
|
|
|
@ -550,7 +550,7 @@ function item_store($arr) {
|
|||
|
||||
logger('item_store: ' . print_r($arr,true), LOGGER_DATA);
|
||||
|
||||
$r = q("INSERT INTO `item` (`"
|
||||
$r = dbq("INSERT INTO `item` (`"
|
||||
. implode("`, `", array_keys($arr))
|
||||
. "`) VALUES ('"
|
||||
. implode("', '", array_values($arr))
|
||||
|
|
|
@ -106,7 +106,7 @@ function dfrn_notify_post(&$a) {
|
|||
|
||||
dbesc_array($msg);
|
||||
|
||||
$r = q("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg))
|
||||
$r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg))
|
||||
. "`) VALUES ('" . implode("', '", array_values($msg)) . "')" );
|
||||
|
||||
// send email notification if requested.
|
||||
|
|
|
@ -249,7 +249,7 @@ function profiles_content(&$a) {
|
|||
|
||||
dbesc_array($r1[0]);
|
||||
|
||||
$r2 = q("INSERT INTO `profile` (`"
|
||||
$r2 = dbq("INSERT INTO `profile` (`"
|
||||
. implode("`, `", array_keys($r1[0]))
|
||||
. "`) VALUES ('"
|
||||
. implode("', '", array_values($r1[0]))
|
||||
|
|
Loading…
Reference in a new issue