Got questions, comments, patches, etc.?
Contact Jason Woofenden
gitweb
/
wfpl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f3f1c7b
)
db: use utf8 for client encoding, use real_escape
author
Jason Woofenden
<jason@jasonwoof.com>
Thu, 14 Aug 2014 19:38:03 +0000
(15:38 -0400)
committer
Jason Woofenden
<jason@jasonwoof.com>
Thu, 14 Aug 2014 19:38:03 +0000
(15:38 -0400)
db.php
patch
|
blob
|
history
diff --git
a/db.php
b/db.php
index
b1faf2c
..
84b23aa
100644
(file)
--- a/
db.php
+++ b/
db.php
@@
-38,7
+38,11
@@
require_once(__DIR__ . '/format.php');
# the database connection handle. You'll only need this if you want to have
# multiple databases open at once.
# the database connection handle. You'll only need this if you want to have
# multiple databases open at once.
-function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost') {
+function db_enc_sql($str) {
+ return mysql_real_escape_string($str, $GLOBALS['wfpl_db_handle'] ? $GLOBALS['wfpl_db_handle'] : null);
+}
+
+function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost', $encoding = 'utf8') {
if($database == 'auto') {
if(isset($GLOBALS['db_name'])) {
$database = $GLOBALS['db_name'];
if($database == 'auto') {
if(isset($GLOBALS['db_name'])) {
$database = $GLOBALS['db_name'];
@@
-72,6
+76,8
@@
function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host =
die('Could not connect to the database: ' . mysql_error());
}
die('Could not connect to the database: ' . mysql_error());
}
+ mysql_set_charset($encoding, $GLOBALS['wfpl_db_handle']);
+
if(!mysql_select_db($database, $GLOBALS['wfpl_db_handle'])) {
die("Couldn not access database \"$database\": " . mysql_error($GLOBALS['wfpl_db_handle']));
}
if(!mysql_select_db($database, $GLOBALS['wfpl_db_handle'])) {
die("Couldn not access database \"$database\": " . mysql_error($GLOBALS['wfpl_db_handle']));
}
@@
-127,9
+133,9
@@
function _db_printf($str, $args) {
$str = substr($str, $pos + 2);
if($chr == '"') {
$str = substr($str, $pos + 2);
if($chr == '"') {
- $out .= '"' . enc_sql(array_shift($args)) . '"';
+ $out .= '"' . db_enc_sql(array_shift($args)) . '"';
} elseif($chr == 's') {
} elseif($chr == 's') {
- $out .= enc_sql(array_shift($args));
+ $out .= db_enc_sql(array_shift($args));
} elseif($chr == 'i') {
$int = format_int(array_shift($args));
if($int == '') $int = '0';
} elseif($chr == 'i') {
$int = format_int(array_shift($args));
if($int == '') $int = '0';
@@
-308,7
+314,7
@@
function db_insert_ish($command, $table, $columns, $values) {
$sql = '';
foreach($values as $value) {
if($sql) $sql .= ',';
$sql = '';
foreach($values as $value) {
if($sql) $sql .= ',';
- $sql .= '"' . enc_sql($value) . '"';
+ $sql .= '"' . db_enc_sql($value) . '"';
}
$sql = "$command INTO $table ($columns) values($sql)";
}
$sql = "$command INTO $table ($columns) values($sql)";
@@
-358,7
+364,7
@@
function db_update($table, $columns, $values) {
if($sql != '') {
$sql .= ', ';
}
if($sql != '') {
$sql .= ', ';
}
- $sql .= $columns[$i] . ' = "' . enc_sql($values[$i]) . '"';
+ $sql .= $columns[$i] . ' = "' . db_enc_sql($values[$i]) . '"';
}
}