]> git.wh0rd.org Git - tt-rss.git/commitdiff
projects / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 571c7f2)
escape html characters in db_query() error output
authorAndrew Dolgov <fox@bah.spb.su>
Sun, 16 Oct 2005 08:52:44 +0000 (09:52 +0100)
committerAndrew Dolgov <fox@bah.spb.su>
Sun, 16 Oct 2005 08:52:44 +0000 (09:52 +0100)
db.php patch | blob | history

diff --git a/db.php b/db.php
index 35985815baf795b42cd1a2f313f5ea3a0c298bfd..c72bbd9dfab89ac7f78bcfc3a8c6007ab1dc52a7 100644 (file)
--- a/db.php
+++ b/db.php
@@ -55,12 +55,14 @@ function db_query($link, $query) {
        if (DB_TYPE == "pgsql") {
                $result = pg_query($link, $query);
                if (!$result) {
+                       $query = htmlspecialchars($query); // just in case
                        die("Query <i>$query</i> failed: " . pg_last_error($link));                     
                }
                return $result;
        } else if (DB_TYPE == "mysql") {
                $result = mysql_query($query, $link);
                if (!$result) {
+                       $query = htmlspecialchars($query);
                        die("Query <i>$query</i> failed: " . mysql_error($link));
                }
                return $result;
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/