diff options
| author | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2006-07-15 14:23:26 +0000 |
|---|---|---|
| committer | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2006-07-15 14:23:26 +0000 |
| commit | 3b4944a476a696bf97cbab18aba527f44729ae85 (patch) | |
| tree | cc0723fd7a3f99c00ee60a1c986519ee4002bd30 | |
| parent | 0bc61ae76c99358173aa0f2acdf11b2388aa39fe (diff) | |
| download | forums-3b4944a476a696bf97cbab18aba527f44729ae85.tar forums-3b4944a476a696bf97cbab18aba527f44729ae85.tar.gz forums-3b4944a476a696bf97cbab18aba527f44729ae85.tar.bz2 forums-3b4944a476a696bf97cbab18aba527f44729ae85.tar.xz forums-3b4944a476a696bf97cbab18aba527f44729ae85.zip | |
Fixed: better SQL escaping
Removed: extended inserts on mssql and sqlite, were they really worth it?
git-svn-id: file:///svn/phpbb/trunk@6181 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/search/fulltext_native_improved.php | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/phpBB/includes/search/fulltext_native_improved.php b/phpBB/includes/search/fulltext_native_improved.php index 4d8fd3aaa1..96d8be06b9 100644 --- a/phpBB/includes/search/fulltext_native_improved.php +++ b/phpBB/includes/search/fulltext_native_improved.php @@ -989,8 +989,8 @@ class fulltext_native_improved extends search_backend if (sizeof($unique_add_words)) { $sql = 'SELECT word_id, word_text - FROM ' . SEARCH_WORDLIST_TABLE . ' - WHERE word_text IN (' . implode(', ', preg_replace('#^(.*)$#', '\'$1\'', $unique_add_words)) . ')'; + FROM ' . SEARCH_WORDLIST_TABLE . " + WHERE word_text IN ('" . implode("','", array_map(array(&$db, 'sql_escape'), $unique_add_words)) . "')"; $result = $db->sql_query($sql); $word_ids = array(); @@ -1010,19 +1010,7 @@ class fulltext_native_improved extends search_backend case 'mysql4': case 'mysqli': $sql = 'INSERT INTO ' . SEARCH_WORDLIST_TABLE . " (word_text) - VALUES ('" . implode("'),('", array_map(array($db, 'sql_escape'), $new_words)) . "')"; - $db->sql_query($sql); - break; - - case 'mssql': - case 'mssql_odbc': - case 'sqlite': - $new_words = array_map(array($db, 'sql_escape'), $new_words); - - // make sure the longest word comes first, so nothing will be truncated - usort($new_words, array(&$this, 'strlencmp')); - - $sql = 'INSERT INTO ' . SEARCH_WORDLIST_TABLE . ' (word_text) ' . implode(' UNION ALL ', preg_replace('#^(.*)$#', "SELECT '\$1'", $new_words)); + VALUES ('" . implode("'),('", array_map(array(&$db, 'sql_escape'), $new_words)) . "')"; $db->sql_query($sql); break; @@ -1068,8 +1056,8 @@ class fulltext_native_improved extends search_backend { $sql = 'INSERT INTO ' . SEARCH_WORDMATCH_TABLE . " (post_id, word_id, title_match) SELECT $post_id, word_id, $title_match - FROM " . SEARCH_WORDLIST_TABLE . ' - WHERE word_text IN (' . implode(', ', preg_replace('#^(.*)$#', '\'$1\'', $word_ary)) . ')'; + FROM " . SEARCH_WORDLIST_TABLE . " + WHERE word_text IN ('" . implode("','", array_map(array(&$db, 'sql_escape'), $word_ary)) . "')"; $db->sql_query($sql); } } |