[vhffs-dev] [537] Fixes impossible sending due to special SQL characters

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]

To: vhffs-dev@xxxxxxxxx
Subject: [vhffs-dev] [537] Fixes impossible sending due to special SQL characters
From: subversion@xxxxxxxxx
Date: Sun, 01 Apr 2007 01:30:56 +0200

Revision: 537
Author:   gradator
Date:     2007-03-31 23:30:55 +0000 (Sat, 31 Mar 2007)

Log Message:
-----------
Fixes impossible sending due to special SQL characters

Modified Paths:
--------------
    branches/vhffs_4.1/vhffs-api/src/Vhffs/Misc/Mailings.pm
    trunk/vhffs-api/src/Vhffs/Misc/Mailings.pm

Modified: branches/vhffs_4.1/vhffs-api/src/Vhffs/Misc/Mailings.pm
===================================================================
--- branches/vhffs_4.1/vhffs-api/src/Vhffs/Misc/Mailings.pm	2007-03-31 00:32:02 UTC (rev 536)
+++ branches/vhffs_4.1/vhffs-api/src/Vhffs/Misc/Mailings.pm	2007-03-31 23:30:55 UTC (rev 537)
@@ -45,8 +45,6 @@
 	my $vhffs = shift;	
 	my $subject = shift;
 	my $message = shift;
-	$subject = quotemeta( $subject );
-	$message = quotemeta( $message );
 	
 	return -1 if ( ! defined $vhffs );
 
@@ -54,9 +52,9 @@
 
 	my $id = 0;
 
-	$query = "INSERT INTO vhffs_mailings (subject,message,date,state) 						  VALUES( '".$subject."' , '".$message."' , NOW() , '".Vhffs::Constants::WAITING_FOR_CREATION."')";
-	$request = $db->prepare( $query );
-	$request->execute or return -2;
+	$query = 'INSERT INTO vhffs_mailings (subject,message,date,state) VALUES( ? , ? , NOW() , ? )';
+	$request = $db->{'DB_WRITE'}->prepare( $query );
+	$request->execute($subject, $message, Vhffs::Constants::WAITING_FOR_CREATION) or return -2;
 
 	return 1;
 }

Modified: trunk/vhffs-api/src/Vhffs/Misc/Mailings.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Misc/Mailings.pm	2007-03-31 00:32:02 UTC (rev 536)
+++ trunk/vhffs-api/src/Vhffs/Misc/Mailings.pm	2007-03-31 23:30:55 UTC (rev 537)
@@ -45,8 +45,6 @@
 	my $vhffs = shift;	
 	my $subject = shift;
 	my $message = shift;
-	$subject = quotemeta( $subject );
-	$message = quotemeta( $message );
 	
 	return -1 if ( ! defined $vhffs );
 
@@ -54,9 +52,9 @@
 
 	my $id = 0;
 
-	$query = "INSERT INTO vhffs_mailings (subject,message,date,state) 						  VALUES( '".$subject."' , '".$message."' , NOW() , '".Vhffs::Constants::WAITING_FOR_CREATION."')";
+	$query = 'INSERT INTO vhffs_mailings (subject,message,date,state) VALUES( ? , ? , NOW() , ? )';
 	$request = $db->{'DB_WRITE'}->prepare( $query );
-	$request->execute or return -2;
+	$request->execute($subject, $message, Vhffs::Constants::WAITING_FOR_CREATION) or return -2;
 
 	return 1;
 }

Messages sorted by: [ date | thread ]
Prev by Date: [vhffs-dev] [536] prepare vhffs db for the new (powerful, hum hum) listengine ;)
Previous by thread: [vhffs-dev] [536] prepare vhffs db for the new (powerful, hum hum) listengine ;)

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/