external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

rpc.php: be a bit more consistent in query building

Browse source 
Do the implode as the same but separate step each time, and remove
indentation where no other query has it.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Dan McGee 2011-04-12 00:15:48 -05:00 committed by Lukas Fleischer
parent aa206b343a
commit a3ad060158
1 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

18
web/lib/aurjson.class.php
View file

@ -117,10 +117,11 @@ class AurJSON {
return $this->json_error('Query arg too small'); return $this->json_error('Query arg too small');
} }
$fields = implode(',', self::$fields);
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_'); $keyword_string = addcslashes($keyword_string, '%_');
$query = "SELECT " . implode(',', self::$fields) . $query = "SELECT {$fields} " .
" FROM Packages WHERE " . " FROM Packages WHERE " .
" ( Name LIKE '%{$keyword_string}%' OR " . " ( Name LIKE '%{$keyword_string}%' OR " .
" Description LIKE '%{$keyword_string}%' )"; " Description LIKE '%{$keyword_string}%' )";
@ -134,7 +135,9 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data * @return mixed Returns an array of value data containing the package data
**/ **/
private function info($pqdata) { private function info($pqdata) {
$base_query = "SELECT " . implode(',', self::$fields) . $fields = implode(',', self::$fields);
$base_query = "SELECT {$fields} " .
" FROM Packages WHERE "; " FROM Packages WHERE ";
if ( is_numeric($pqdata) ) { if ( is_numeric($pqdata) ) {
@ -144,11 +147,8 @@ class AurJSON {
$query_stub = "ID={$pqdata}"; $query_stub = "ID={$pqdata}";
} }
else { else {
if(get_magic_quotes_gpc()) {
$pqdata = stripslashes($pqdata);
}
$query_stub = sprintf("Name=\"%s\"", $query_stub = sprintf("Name=\"%s\"",
mysql_real_escape_string($pqdata)); mysql_real_escape_string($pqdata, $this->dbh));
} }
$query = $base_query . $query_stub; $query = $base_query . $query_stub;
@ -161,12 +161,12 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data * @return mixed Returns an array of value data containing the package data
**/ **/
private function msearch($maintainer) { private function msearch($maintainer) {
$maintainer = mysql_real_escape_string($maintainer, $this->dbh);
$fields = implode(',', self::$fields); $fields = implode(',', self::$fields);
$maintainer = mysql_real_escape_string($maintainer, $this->dbh);
$query = "SELECT Users.Username as Maintainer, {$fields} " . $query = "SELECT Users.Username as Maintainer, {$fields} " .
" FROM Packages, Users " . " FROM Packages, Users WHERE " .
" WHERE Packages.MaintainerUID = Users.ID AND " . " Packages.MaintainerUID = Users.ID AND " .
" Users.Username = '{$maintainer}'"; " Users.Username = '{$maintainer}'";
return $this->process_query('msearch', $query); return $this->process_query('msearch', $query);