feedbrowser: PDO

diff --git a/include/feedbrowser.php b/include/feedbrowser.php
index b70e47fdfbc7891fb7ad3a81f5c94376676cfaec..a5a9f3dca4a767d1fccbcca8cb694b098860ce2f 100644 (file)
--- a/include/feedbrowser.php
+++ b/include/feedbrowser.php
@@ -3,34 +3,32 @@
 
                if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
 
-               $owner_uid = $_SESSION["uid"];
                $rv = '';
 
+        $pdo = Db::pdo();
+
                if ($search) {
-                       $search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
+            $search = $pdo->quote($search);
+
+            $search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
                                                UPPER(title) LIKE UPPER('%$search%'))";
                } else {
                        $search_qpart = "";
                }
 
                if ($mode == 1) {
-                       /* $result = db_query("SELECT feed_url, subscribers FROM
-                        ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
-                       WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
-                       AND owner_uid = '$owner_uid') $search_qpart
-                       ORDER BY subscribers DESC LIMIT $limit"); */
-
-                       $result = db_query("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
+                       $sth = $pdo->prepare("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
                                                (SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
                                                        SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
                                                WHERE
                                                        (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
                                                                WHERE tf.feed_url = qqq.feed_url
-                                                                       AND owner_uid = '$owner_uid') $search_qpart
-                                               GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
+                                                                       AND owner_uid = ?) $search_qpart
+                                               GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT ?");
+                       $sth->execute([$_SESSION['uid'], $limit]);
 
                } else if ($mode == 2) {
-                       $result = db_query("SELECT *,
+                       $sth = $pdo->prepare("SELECT *,
                                                (SELECT COUNT(*) FROM ttrss_user_entries WHERE
                                                        orig_feed_id = ttrss_archived_feeds.id) AS articles_archived
                                                FROM
@@ -38,14 +36,16 @@
                                                WHERE
                                                (SELECT COUNT(*) FROM ttrss_feeds
                                                        WHERE ttrss_feeds.feed_url = ttrss_archived_feeds.feed_url AND
-                                                               owner_uid = '$owner_uid') = 0   AND
-                                               owner_uid = '$owner_uid' $search_qpart
-                                               ORDER BY id DESC LIMIT $limit");
+                                                               owner_uid = :uid) = 0   AND
+                                               owner_uid = :uid $search_qpart
+                                               ORDER BY id DESC LIMIT :limit");
+
+                       $sth->execute([":uid" => $_SESSION['uid'], ":limit" => $limit]);
                }
 
                $feedctr = 0;
 
-               while ($line = db_fetch_assoc($result)) {
+               while ($line = $sth->fetch()) {
 
                        if ($mode == 1) {