leo/kabano
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Refine SQL connection escaping

Browse Source 
Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-24 12:50:40 +00:00
parent f744aaaed1
commit 419d95eb4c
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
includes/database.php
View File

@@ -4,7 +4,8 @@ namespace Kabano;
function sql_escape_connection_value($value) { function sql_escape_connection_value($value) {
$value = (string)$value; $value = (string)$value;
$value = str_replace(['\\', "'"], ['\\\\', "\\'"], $value); $value = str_replace("\0", '', $value);
$value = str_replace(['\\', "'", '"'], ['\\\\', "\\'", '\\"'], $value);
return "'".$value."'"; return "'".$value."'";
} }
@@ -16,7 +17,7 @@ function sql_connect() {
." user=".sql_escape_connection_value($config['SQL_user']) ." user=".sql_escape_connection_value($config['SQL_user'])
." password=".sql_escape_connection_value($config['SQL_pass']); ." password=".sql_escape_connection_value($config['SQL_pass']);
$con = @pg_connect($connection); $con = pg_connect($connection);
if (!$con) { if (!$con) {
$error = error_get_last(); $error = error_get_last();
$message = $error && isset($error['message']) ? $error['message'] : "unknown error"; $message = $error && isset($error['message']) ? $error['message'] : "unknown error";