fix double escaping of entry data on insert/update sequence

author Andrew Dolgov <fox@bah.spb.su>

Sat, 19 Nov 2005 17:33:17 +0000 (18:33 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Sat, 19 Nov 2005 17:33:17 +0000 (18:33 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Sat, 19 Nov 2005 17:33:17 +0000 (18:33 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Sat, 19 Nov 2005 17:33:17 +0000 (18:33 +0100)
diff --git a/functions.php b/functions.php

index cb45435d05c8622363277a5a688459802dce227e..37ad6c1d4ced94fb328faf4fa565ba8ab6b18dd0 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -274,6 +274,11 @@
  
                                 $owner_uid = $_SESSION["uid"];
  
+                               $entry_content = db_escape_string($entry_content);
+                               $entry_title = db_escape_string($entry_title);
+                               $entry_link = db_escape_string($entry_link);
+                               $entry_comments = db_escape_string($entry_comments);
+
                                 if (db_num_rows($result) == 0) {
  
                                         // base post entry does not exist, create it
@@ -284,11 +289,6 @@
                                         }
                                         error_reporting (E_ERROR | E_WARNING | E_PARSE);
  
-                                       $entry_content = db_escape_string($entry_content);
-                                       $entry_title = db_escape_string($entry_title);
-                                       $entry_link = db_escape_string($entry_link);
-                                       $entry_comments = db_escape_string($entry_comments);
-
                                         $result = db_query($link,
                                                 "INSERT INTO ttrss_entries 
                                                         (title,
@@ -376,9 +376,6 @@
  
  //                                             print "<!-- post $orig_title needs update : $post_needs_update -->";
  
-                                               $entry_content = db_escape_string($entry_content);
-                                               $entry_title = db_escape_string($entry_title);
-
                                                 db_query($link, "UPDATE ttrss_entries 
                                                         SET title = '$entry_title', content = '$entry_content'
                                                         WHERE id = '$ref_id'");
author	Andrew Dolgov <fox@bah.spb.su>
	Sat, 19 Nov 2005 17:33:17 +0000 (18:33 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Sat, 19 Nov 2005 17:33:17 +0000 (18:33 +0100)