escape html characters in db_query() error output

This commit is contained in:
Andrew Dolgov 2005-10-16 09:52:44 +01:00
parent 571c7f235d
commit 8823cd590f

2
db.php
View file

@ -55,12 +55,14 @@ function db_query($link, $query) {
if (DB_TYPE == "pgsql") {
$result = pg_query($link, $query);
if (!$result) {
$query = htmlspecialchars($query); // just in case
die("Query <i>$query</i> failed: " . pg_last_error($link));
}
return $result;
} else if (DB_TYPE == "mysql") {
$result = mysql_query($query, $link);
if (!$result) {
$query = htmlspecialchars($query);
die("Query <i>$query</i> failed: " . mysql_error($link));
}
return $result;