leo/kabano
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Use pg_escape_string for connection

Browse Source 
Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-24 12:52:12 +00:00
parent 1e8c3c5869
commit 57a81bbed0
1 changed files with 4 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
includes/database.php
View File

@@ -2,20 +2,13 @@
namespace Kabano; namespace Kabano;
function sql_escape_connection_value($value) {
$value = (string)$value;
$value = str_replace("\0", '', $value);
$value = str_replace(['\\', "'", '"'], ['\\\\', "\\'", '\\"'], $value);
return "'".$value."'";
}
function sql_connect() { function sql_connect() {
global $config; global $config;
$connection = "host=".sql_escape_connection_value($config['SQL_host']) $connection = "host='".pg_escape_string((string)$config['SQL_host'])."'"
." dbname=".sql_escape_connection_value($config['SQL_db']) ." dbname='".pg_escape_string((string)$config['SQL_db'])."'"
." user=".sql_escape_connection_value($config['SQL_user']) ." user='".pg_escape_string((string)$config['SQL_user'])."'"
." password=".sql_escape_connection_value($config['SQL_pass']); ." password='".pg_escape_string((string)$config['SQL_pass'])."'";
$con = pg_connect($connection); $con = pg_connect($connection);
if (!$con) { if (!$con) {