From 71e2b2500be3213fd5707786a6d66a955d66e2df Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Wed, 2 Mar 2011 14:34:38 +0000 Subject: [PATCH] 2011-03-02 Miguel de Dios * include/db/postgresql.php, include/db/mysql.php, include/functions.php: separate the function "mysql_safe_sql_string" into the two version for MySQL and PostgreSQL engine. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4048 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/include/db/postgresql.php | 13 +++++++++++++ pandora_console/include/functions.php | 15 ++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/pandora_console/include/db/postgresql.php b/pandora_console/include/db/postgresql.php index 352f039bc0..f3b83a8710 100644 --- a/pandora_console/include/db/postgresql.php +++ b/pandora_console/include/db/postgresql.php @@ -952,4 +952,17 @@ function postgresql_process_sql_commit() { function postgresql_process_sql_rollback() { pg_query('ROLLBACK TRANSACTION'); } + +/** + * Put quotes if magic_quotes protection + * + * @param string Text string to be protected with quotes if magic_quotes protection is disabled + */ +function postgresql_safe_sql_string($string) { + if (get_magic_quotes_gpc () == 0) + return $string; + global $config; + + return pg_escape_string($config['dbconnection'], $string); +} ?> \ No newline at end of file diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index db0da2d104..6f81e0032e 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -1005,12 +1005,17 @@ if (!function_exists ("mb_strtoupper")) { * * @param string Text string to be protected with quotes if magic_quotes protection is disabled */ -function safe_sql_string ($string) { - if (get_magic_quotes_gpc () == 0) - return $string; +function safe_sql_string($string) { global $config; - - return mysql_real_escape_string ($string, $config['dbconnection']); + + switch ($config["dbtype"]) { + case "mysql": + return mysql_safe_sql_string($string); + break; + case "postgresql": + return postgresql_safe_sql_string($string); + break; + } } /**