if (get_schema_version() < 63) $profile_qpart = "";
$pdo = DB::pdo();
+ $in_nested_tr = false;
- $pdo->beginTransaction();
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $in_nested_tr = true;
+ }
$sth = $pdo->query("SELECT pref_name,def_value FROM ttrss_prefs");
}
}
- $pdo->commit();
+ if (!$in_nested_tr) $pdo->commit();
}
}
function sql_bool_to_bool($s) {
- if ($s == "t" || $s == "1" || strtolower($s) == "true") {
- return true;
- } else {
- return false;
- }
+ return $s && ($s !== "f" && $s !== "false"); //no-op for PDO, backwards compat for legacy layer
}
function bool_to_sql_bool($s) {
- if ($s) {
- return "true";
- } else {
- return "false";
- }
+ return (bool)$s; //no-op for PDO
}
// Session caching removed due to causing wrong redirects to upgrade
$error_code = 5;
}
- if (db_escape_string("testTEST") != "testTEST") {
- $error_code = 12;
- }
-
return array("code" => $error_code, "message" => $ERRORS[$error_code]);
}
}
function checkbox_to_sql_bool($val) {
- return ($val == "on") ? "true" : "false";
+ return ($val == "on") ? true : false;
}
function uniqid_short() {
switch ($commandpair[0]) {
case "title":
if ($commandpair[1]) {
- array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%".
- $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%') ."))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
array_push($search_words, $k);
}
break;
case "author":
if ($commandpair[1]) {
- array_push($query_keywords, "($not (LOWER(author) LIKE '%".
- $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(author) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
array_push($search_words, $k);
}
break;
else if ($commandpair[1] == "false")
array_push($query_keywords, "($not (note IS NULL OR note = ''))");
else
- array_push($query_keywords, "($not (LOWER(note) LIKE '%".
- $pdo->quote(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(note) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
else
array_push($query_keywords, "($not (marked = false))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
array_push($query_keywords, "($not (unread = false))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
$k = mb_strtolower($k);
array_push($search_query_leftover, $not ? "!$k" : $k);
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
}
if (!$not) array_push($search_words, $k);
if (DB_TYPE == "pgsql") {
array_push($query_keywords,
- "(tsvector_combined @@ to_tsquery('$search_language', '$search_query_leftover'))");
+ "(tsvector_combined @@ to_tsquery($search_language, $search_query_leftover))");
}
}
function load_filters($feed_id, $owner_uid) {
$filters = array();
+ $feed_id = (int) $feed_id;
$cat_id = (int)Feeds::getFeedCategory($feed_id);
if ($cat_id == 0)
if (!$parent_cat_id) $parent_cat_id = null;
$pdo = Db::pdo();
- $pdo->beginTransaction();
+ $tr_in_progress = false;
+
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $tr_in_progress = true;
+ }
$sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories
WHERE (parent_cat = :parent OR (:parent IS NULL AND parent_cat IS NULL))
VALUES (?, ?, ?)");
$sth->execute([$_SESSION['uid'], $feed_cat, $parent_cat_id]);
- $pdo->commit();
+ if (!$tr_in_progress) $pdo->commit();
return true;
}
function filter_to_sql($filter, $owner_uid) {
$query = array();
+ $pdo = Db::pdo();
+
if (DB_TYPE == "pgsql")
$reg_qpart = "~";
else
if ($regexp_valid) {
- $rule['reg_exp'] = db_escape_string($rule['reg_exp']);
+ $rule['reg_exp'] = $pdo->quote($rule['reg_exp']);
switch ($rule["type"]) {
case "title":
if (isset($rule['inverse'])) $qpart = "NOT ($qpart)";
if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
- $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]);
+ $qpart .= " AND feed_id = " . $pdo->quote($rule["feed_id"]);
}
if (isset($rule["cat_id"])) {