leo/kabano
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Harden database helper

Browse Source 
Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-24 12:49:21 +00:00
parent 92555ea2bf
commit f744aaaed1
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
includes/database.php
View File

@@ -2,12 +2,28 @@
namespace Kabano; namespace Kabano;
function sql_escape_connection_value($value) {
$value = (string)$value;
$value = str_replace(['\\', "'"], ['\\\\', "\\'"], $value);
return "'".$value."'";
}
function sql_connect() { function sql_connect() {
global $config; global $config;
return pg_connect( $connection = "host=".sql_escape_connection_value($config['SQL_host'])
"host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass'] ." dbname=".sql_escape_connection_value($config['SQL_db'])
) or die ("Could not connect to server\n"); ." user=".sql_escape_connection_value($config['SQL_user'])
." password=".sql_escape_connection_value($config['SQL_pass']);
$con = @pg_connect($connection);
if (!$con) {
$error = error_get_last();
$message = $error && isset($error['message']) ? $error['message'] : "unknown error";
die("Could not connect to server: ".$message."\n");
}
return $con;
} }
?> ?>

2
models/d.locales.php
View File

@@ -1,4 +1,4 @@
<? <?php
namespace Kabano; namespace Kabano;