drop $db_conn parameter from escape_string()

Connection caching is now done in db_connect() which is a much better
place.

This reverts most of c253ef7dbd
pull/24/head
Christian Boltz 8 years ago
parent 6ee85ac6cc
commit 88bd9bfd19
No known key found for this signature in database
GPG Key ID: C6A682EA63C82F1C

@ -278,23 +278,17 @@ function check_email ($email) {
* used to disrupt an SQL string. i.e. "'" => "\'" etc. * used to disrupt an SQL string. i.e. "'" => "\'" etc.
* *
* @param mixed string|array * @param mixed string|array
* @param resource $db_conn optional (default null)
* @return String (or Array) of cleaned data, suitable for use within an SQL * @return String (or Array) of cleaned data, suitable for use within an SQL
* statement. * statement.
*/ */
function escape_string ($string, $db_conn = null) { function escape_string ($string) {
global $CONF; global $CONF;
if($db_conn == null) {
$db_conn = db_connect();
}
// if the string is actually an array, do a recursive cleaning. // if the string is actually an array, do a recursive cleaning.
// Note, the array keys are not cleaned. // Note, the array keys are not cleaned.
if(is_array($string)) { if(is_array($string)) {
$clean = array(); $clean = array();
foreach(array_keys($string) as $row) { foreach(array_keys($string) as $row) {
$clean[$row] = escape_string($string[$row], $db_conn); $clean[$row] = escape_string($string[$row]);
} }
return $clean; return $clean;
} }
@ -303,12 +297,13 @@ function escape_string ($string, $db_conn = null) {
} }
if (!is_numeric($string)) { if (!is_numeric($string)) {
$link = db_connect();
if ($CONF['database_type'] == "mysql") { if ($CONF['database_type'] == "mysql") {
$escaped_string = mysql_real_escape_string($string, $db_conn); $escaped_string = mysql_real_escape_string($string, $link);
} }
if ($CONF['database_type'] == "mysqli") { if ($CONF['database_type'] == "mysqli") {
$escaped_string = mysqli_real_escape_string($db_conn, $string); $escaped_string = mysqli_real_escape_string($link, $string);
} }
if (db_sqlite()) { if (db_sqlite()) {
$escaped_string = SQLite3::escapeString($string); $escaped_string = SQLite3::escapeString($string);
@ -316,7 +311,7 @@ function escape_string ($string, $db_conn = null) {
if (db_pgsql()) { if (db_pgsql()) {
// php 5.2+ allows for $link to be specified. // php 5.2+ allows for $link to be specified.
if (version_compare(phpversion(), "5.2.0", ">=")) { if (version_compare(phpversion(), "5.2.0", ">=")) {
$escaped_string = pg_escape_string($db_conn, $string); $escaped_string = pg_escape_string($link, $string);
} else { } else {
$escaped_string = pg_escape_string($string); $escaped_string = pg_escape_string($string);
} }

Loading…
Cancel
Save