leo/kabano
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Refine SQL helper escaping

Browse Source 
Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-24 12:58:37 +00:00
parent d2562a25df
commit e925e6424a
1 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
includes/database.php
View File

@@ -5,10 +5,10 @@ namespace Kabano;
function sql_connect() { function sql_connect() {
global $config; global $config;
$connection = "host=".sql_escape_connection_value($config['SQL_host']) $connection = "host='".sql_escape_connection_value($config['SQL_host'])."'"
." dbname=".sql_escape_connection_value($config['SQL_db']) ." dbname='".sql_escape_connection_value($config['SQL_db'])."'"
." user=".sql_escape_connection_value($config['SQL_user']) ." user='".sql_escape_connection_value($config['SQL_user'])."'"
." password=".sql_escape_connection_value($config['SQL_pass']); ." password='".sql_escape_connection_value($config['SQL_pass'])."'";
$con = pg_connect($connection); $con = pg_connect($connection);
if (!$con) { if (!$con) {
@@ -23,8 +23,5 @@ function sql_connect() {
function sql_escape_connection_value($value) { function sql_escape_connection_value($value) {
$value = (string)$value; $value = (string)$value;
$value = str_replace("\0", '', $value); $value = str_replace("\0", '', $value);
$value = str_replace(['\\', "'"], ['\\\\', "\\'"], $value); return pg_escape_string($value);
return "'".$value."'";
} }
?>