Make sure not to double-escape strings used in SQL. Fixed some formatting to comply with style guidelines.

2006-10-25 20:38:46 +00:00 · 2006-10-25 20:38:46 +00:00 · 55fe551a4a
parent 4cd4c8cbf5
commit 55fe551a4a
1 changed files with 15 additions and 19 deletions
--- a/campcaster/src/modules/storageServer/var/MetaData.php
+++ b/campcaster/src/modules/storageServer/var/MetaData.php
@ -6,9 +6,7 @@ define('MODIFY_LAST_MATCH', TRUE);
 require_once "XML/Util.php";

 /**
- * MetaData class
- *
- * Campcaster file storage support class.<br>
+ * File storage support class.
 * Store metadata tree in relational database.<br>
 *
 * @author $Author$
@ -43,8 +41,7 @@ class MetaData {
        $this->exists     =
            $this->dbCheck($gunid) &&
            is_file($this->fname) &&
-            is_readable($this->fname)
-        ;
+            is_readable($this->fname);
    }


@ -282,10 +279,10 @@ class MetaData {
        	return $r;
        }
        if (!is_null($value)) {
-        	$value = pg_escape_string($value);
+        	$escapedValue = pg_escape_string($value);
            $sql = "
                UPDATE {$this->mdataTable}
-                SET object='$value', objns='_L'
+                SET object='$escapedValue', objns='_L'
                WHERE id={$mid}
            ";
            $res = $this->dbc->query($sql);
@ -430,7 +427,7 @@ class MetaData {
     * 		value to store, if NULL then delete record
     * @param string $lang
     * 		optional xml:lang value for select language version
-     * @param int mid
+     * @param int $mid
     * 		metadata record id (OPTIONAL on unique elements)
     * @param string $container
     * 		container element name for insert
@ -467,10 +464,9 @@ class MetaData {
            if (PEAR::isError($res)) {
            	return $res;
            }
-            if (!is_null($lang) &&
-                isset($aktual['attrs']['xml:lang']) &&
-                $aktual['attrs']['xml:lang']!=$lang
-            ) {
+            if (!is_null($lang)
+            	&& isset($aktual['attrs']['xml:lang'])
+            	&& $aktual['attrs']['xml:lang'] != $lang) {
                $lg = $this->getMetadataEl('xml:lang', $aktual['mid']);
                if (PEAR::isError($lg)) {
                	return $lg;