escape html characters in db_query() error output
This commit is contained in:
parent
571c7f235d
commit
8823cd590f
1 changed files with 2 additions and 0 deletions
2
db.php
2
db.php
|
@ -55,12 +55,14 @@ function db_query($link, $query) {
|
|||
if (DB_TYPE == "pgsql") {
|
||||
$result = pg_query($link, $query);
|
||||
if (!$result) {
|
||||
$query = htmlspecialchars($query); // just in case
|
||||
die("Query <i>$query</i> failed: " . pg_last_error($link));
|
||||
}
|
||||
return $result;
|
||||
} else if (DB_TYPE == "mysql") {
|
||||
$result = mysql_query($query, $link);
|
||||
if (!$result) {
|
||||
$query = htmlspecialchars($query);
|
||||
die("Query <i>$query</i> failed: " . mysql_error($link));
|
||||
}
|
||||
return $result;
|
||||
|
|
Loading…
Reference in a new issue