diff options
| author | Dries Buytaert <dries@buytaert.net> | 2000-11-13 08:17:45 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2000-11-13 08:17:45 +0000 |
| commit | 9559f61fcab156477dd45f4926664b74c3c2d65d (patch) | |
| tree | 4c0fb62ac3dca254a2c22023e81d50eb51e579a1 /includes/database.inc | |
| parent | d4fc1dfa888305c57f52730ba9dcec800896c004 (diff) | |
| download | brdo-9559f61fcab156477dd45f4926664b74c3c2d65d.tar.gz brdo-9559f61fcab156477dd45f4926664b74c3c2d65d.tar.bz2 | |
Another batch with a lot of internal updates, yet no visual changes to the
site:
- watchdog (rewrite):
+ the collected information provides more details and insights
for post-mortem research
+ input limitation
- database abstraction layer:
+ mysql errors are now verbose and is no longer displayed in a
browser - fixes a possible security risk
- admin.php:
+ updated watchdog page
+ fixed security flaw
- diary.php:
+ fixed nl2br problem
- themes:
+ fixed comment bug in all 3 themes.
- misc:
+ renamed some global variables for sake of consistency:
$sitename --> $site_name
$siteurl --> $site_url
+ added input check where (a) exploitable and (b) possible
+ added input size check
+ various small improvements
+ fixed various typoes
... and much, much more in fact.
Diffstat (limited to 'includes/database.inc')
| -rw-r--r-- | includes/database.inc | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/includes/database.inc b/includes/database.inc index 843cb270a..6a81b003a 100644 --- a/includes/database.inc +++ b/includes/database.inc @@ -8,28 +8,21 @@ */ function db_connect() { - global $dbhost, $dbuname, $dbpass, $dbname; - mysql_pconnect($dbhost, $dbuname, $dbpass) or die(mysql_Error()); - mysql_select_db($dbname) or die ("Unable to select database"); + global $db_host, $db_uname, $db_pass, $db_name; + mysql_pconnect($db_host, $db_uname, $db_pass) or die(mysql_Error()); + mysql_select_db($db_name) or die ("Unable to select database"); // NOTE: we are using a persistent connection! } -function db_insert($query, $debug = false) { - // NOTE: - // add spam- and/or flood-checks - - db_query($query, $debug); -} - function db_query($query, $debug = false) { - ### perform query: + // perform query: $qid = mysql_query($query); - ### debug output (if required): - if ($debug || empty($qid)) print "<PRE>query: ". htmlspecialchars($query) ."<BR>error message: ". mysql_error() ."</PRE>"; - if (empty($qid)) watchdog(3, "error: ". mysql_error() ."<BR>query: ". htmlspecialchars($query) .""); + // debug output (if required): + if ($debug) print "<PRE>query: ". htmlspecialchars($query) ."<BR>error message: ". mysql_error() ."</PRE>"; + if (!$qid) watchdog("error", "database: ". mysql_error() ."<BR>query: ". htmlspecialchars($query) .""); - ### return result from query: + // return result from query: return $qid; } @@ -58,4 +51,4 @@ function db_result($qid, $field) { # db_connect(); -?>
\ No newline at end of file +?> |