From b17fcb1a0c627db9539e2d12c70dec76f543d30a Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 19 Nov 2005 18:33:17 +0100 Subject: [PATCH] fix double escaping of entry data on insert/update sequence --- functions.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/functions.php b/functions.php index cb45435d..37ad6c1d 100644 --- a/functions.php +++ b/functions.php @@ -274,6 +274,11 @@ $owner_uid = $_SESSION["uid"]; + $entry_content = db_escape_string($entry_content); + $entry_title = db_escape_string($entry_title); + $entry_link = db_escape_string($entry_link); + $entry_comments = db_escape_string($entry_comments); + if (db_num_rows($result) == 0) { // base post entry does not exist, create it @@ -284,11 +289,6 @@ } error_reporting (E_ERROR | E_WARNING | E_PARSE); - $entry_content = db_escape_string($entry_content); - $entry_title = db_escape_string($entry_title); - $entry_link = db_escape_string($entry_link); - $entry_comments = db_escape_string($entry_comments); - $result = db_query($link, "INSERT INTO ttrss_entries (title, @@ -376,9 +376,6 @@ // print ""; - $entry_content = db_escape_string($entry_content); - $entry_title = db_escape_string($entry_title); - db_query($link, "UPDATE ttrss_entries SET title = '$entry_title', content = '$entry_content' WHERE id = '$ref_id'"); -- 2.39.5