From: Andrew Dolgov Date: Sat, 19 Nov 2005 17:33:17 +0000 (+0100) Subject: fix double escaping of entry data on insert/update sequence X-Git-Tag: schema_feature_freeze_for_1.1~183 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=b17fcb1a0c627db9539e2d12c70dec76f543d30a;p=tt-rss.git fix double escaping of entry data on insert/update sequence --- diff --git a/functions.php b/functions.php index cb45435d..37ad6c1d 100644 --- a/functions.php +++ b/functions.php @@ -274,6 +274,11 @@ $owner_uid = $_SESSION["uid"]; + $entry_content = db_escape_string($entry_content); + $entry_title = db_escape_string($entry_title); + $entry_link = db_escape_string($entry_link); + $entry_comments = db_escape_string($entry_comments); + if (db_num_rows($result) == 0) { // base post entry does not exist, create it @@ -284,11 +289,6 @@ } error_reporting (E_ERROR | E_WARNING | E_PARSE); - $entry_content = db_escape_string($entry_content); - $entry_title = db_escape_string($entry_title); - $entry_link = db_escape_string($entry_link); - $entry_comments = db_escape_string($entry_comments); - $result = db_query($link, "INSERT INTO ttrss_entries (title, @@ -376,9 +376,6 @@ // print ""; - $entry_content = db_escape_string($entry_content); - $entry_title = db_escape_string($entry_title); - db_query($link, "UPDATE ttrss_entries SET title = '$entry_title', content = '$entry_content' WHERE id = '$ref_id'");