else
$query_limit = "";
+ $purge_interval = (int) $purge_interval;
+
if (DB_TYPE == "pgsql") {
$sth = $pdo->prepare("DELETE FROM ttrss_user_entries
USING ttrss_entries
marked = false AND
feed_id = ? AND
$query_limit
- ttrss_entries.date_updated < NOW() - INTERVAL ? days");
- $sth->execute([$feed_id, $purge_interval]);
+ ttrss_entries.date_updated < NOW() - INTERVAL '$purge_interval days'");
+ $sth->execute([$feed_id]);
} else {
$sth = $pdo->prepare("DELETE FROM ttrss_user_entries
marked = false AND
feed_id = ? AND
$query_limit
- ttrss_entries.date_updated < DATE_SUB(NOW(), INTERVAL ? DAY)");
- $sth->execute([$feed_id, $purge_interval]);
+ ttrss_entries.date_updated < DATE_SUB(NOW(), INTERVAL $purge_interval DAY)");
+ $sth->execute([$feed_id]);
}
function initialize_user_prefs($uid, $profile = false) {
- $uid = db_escape_string($uid);
-
if (get_schema_version() < 63) $profile_qpart = "";
$pdo = DB::pdo();
$u_sth = $pdo->prepare("SELECT pref_name
FROM ttrss_user_prefs WHERE owner_uid = :uid AND
- profile = :profile OR (:profile IS NULL AND profile IS NULL)");
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL))");
$u_sth->execute([':uid' => $uid, ':profile' => $profile]);
$active_prefs = array();
if (array_search($line["pref_name"], $active_prefs) === FALSE) {
// print "adding " . $line["pref_name"] . "<br>";
- $line["def_value"] = db_escape_string($line["def_value"]);
- $line["pref_name"] = db_escape_string($line["pref_name"]);
-
if (get_schema_version() < 63) {
$i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
(owner_uid,pref_name,value) VALUES
$search_words = array();
$search_query_leftover = array();
+ $pdo = Db::pdo();
+
if ($search_language)
- $search_language = db_escape_string(mb_strtolower($search_language));
+ $search_language = $pdo->quote(mb_strtolower($search_language));
else
$search_language = "english";
case "title":
if ($commandpair[1]) {
array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
case "author":
if ($commandpair[1]) {
array_push($query_keywords, "($not (LOWER(author) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
array_push($query_keywords, "($not (note IS NULL OR note = ''))");
else
array_push($query_keywords, "($not (LOWER(note) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
}
if (count($search_query_leftover) > 0) {
- $search_query_leftover = db_escape_string(implode(" & ", $search_query_leftover));
+ $search_query_leftover = $pdo->quote(implode(" & ", $search_query_leftover));
if (DB_TYPE == "pgsql") {
array_push($query_keywords,
$pdo->beginTransaction();
$sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories
- WHERE (:parent IS NULL AND parent_cat IS NULL OR parent_cat = :parent)
+ WHERE (parent_cat = :parent OR (:parent IS NULL AND parent_cat IS NULL))
AND title = :cat AND owner_uid = :uid");
$sth->execute([':parent' => $parent_cat_id, ':title' => $feed_cat, ':uid' => $_SESSION['uid']]);
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
+ $is_cat = bool_to_sql_bool($is_cat);
+
$pdo = Db::pdo();
- $sth = $dbh->prepare("SELECT access_key FROM ttrss_access_keys
- WHERE feed_id = ? AND is_cat = ?
+ $sth = $pdo->prepare("SELECT access_key FROM ttrss_access_keys
+ WHERE feed_id = ? AND is_cat = ?
AND owner_uid = ?");
$sth->execute([$feed_id, $is_cat, $owner_uid]);