diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-11-21 22:46:12 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-11-21 22:46:12 +0000 |
| commit | aedd73055238aaf8082687c3977d6a06ef5855ab (patch) | |
| tree | 432a3266e5dd5c720241bb49d490f666b6c60f8b /phpBB/db | |
| parent | bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5 (diff) | |
| download | forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar.gz forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar.bz2 forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar.xz forums-aedd73055238aaf8082687c3977d6a06ef5855ab.zip | |
Of course it has to be more tricky than that doesn't it ... well, I'm off to bed so it can stick it up its pipe and smoke it for now :D
git-svn-id: file:///svn/phpbb/trunk@3078 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/db')
| -rw-r--r-- | phpBB/db/mysql.php | 4 | ||||
| -rw-r--r-- | phpBB/db/mysql4.php | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/phpBB/db/mysql.php b/phpBB/db/mysql.php index 8776d3e5ac..132b64f79f 100644 --- a/phpBB/db/mysql.php +++ b/phpBB/db/mysql.php @@ -139,7 +139,7 @@ class sql_db $endtime = explode(' ', microtime()); $endtime = $endtime[0] + $endtime[1] - $starttime; - $this->sql_report .= "<pre>Query:\t" . preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query) . "\n\n"; + $this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n"; if ($this->query_result) { $this->sql_report .= "Time before: $curtime\nTime after: $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>"; @@ -147,7 +147,7 @@ class sql_db else { $error = $this->sql_error(); - $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . $error['message'] . '<br><br><pre>'; + $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>'; } $this->sql_time += $endtime - $curtime; if (preg_match('/^SELECT/', $query)) diff --git a/phpBB/db/mysql4.php b/phpBB/db/mysql4.php index 921db44ba5..6c1b027697 100644 --- a/phpBB/db/mysql4.php +++ b/phpBB/db/mysql4.php @@ -134,12 +134,12 @@ class sql_db { $this->sql_error($query); } - if (!empty($_REQUEST['explain'])) +if (!empty($_REQUEST['explain'])) { $endtime = explode(' ', microtime()); $endtime = $endtime[0] + $endtime[1] - $starttime; - $this->sql_report .= "<pre>Query:\t" . preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query) . "\n\n"; + $this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n"; if ($this->query_result) { $this->sql_report .= "Time before: $curtime\nTime after: $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>"; @@ -147,7 +147,7 @@ class sql_db else { $error = $this->sql_error(); - $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . $error['message'] . '<br><br><pre>'; + $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>'; } $this->sql_time += $endtime - $curtime; if (preg_match('/^SELECT/', $query)) |