Replace usage of "addslashes" with pg_escape_identifier and pg_escape_literal
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
This commit is contained in:
parent
cb83d0646a
commit
58e6cfa712
|
@ -104,7 +104,7 @@ class PostgreSQL extends AbstractDatabase {
|
|||
private function createDatabase(IDBConnection $connection) {
|
||||
if (!$this->databaseExists($connection)) {
|
||||
//The database does not exists... let's create it
|
||||
$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER " . addslashes($this->dbUser));
|
||||
$query = $connection->prepare('CREATE DATABASE ' . pg_escape_identifier($this->dbName) . ' OWNER ' . pg_escape_identifier($this->dbUser));
|
||||
try {
|
||||
$query->execute();
|
||||
} catch (DatabaseException $e) {
|
||||
|
@ -112,7 +112,7 @@ class PostgreSQL extends AbstractDatabase {
|
|||
$this->logger->logException($e);
|
||||
}
|
||||
} else {
|
||||
$query = $connection->prepare("REVOKE ALL PRIVILEGES ON DATABASE " . addslashes($this->dbName) . " FROM PUBLIC");
|
||||
$query = $connection->prepare('REVOKE ALL PRIVILEGES ON DATABASE ' . pg_escape_identifier($this->dbName) . ' FROM PUBLIC');
|
||||
try {
|
||||
$query->execute();
|
||||
} catch (DatabaseException $e) {
|
||||
|
@ -152,10 +152,10 @@ class PostgreSQL extends AbstractDatabase {
|
|||
}
|
||||
|
||||
// create the user
|
||||
$query = $connection->prepare("CREATE USER " . addslashes($this->dbUser) . " CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
|
||||
$query = $connection->prepare('CREATE USER ' . pg_escape_identifier($this->dbUser) . ' CREATEDB PASSWORD ' . pg_escape_literal($this->dbPassword));
|
||||
$query->execute();
|
||||
if ($this->databaseExists($connection)) {
|
||||
$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO '.addslashes($this->dbUser));
|
||||
$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . pg_escape_identifier($this->dbName) . ' TO ' . pg_escape_identifier($this->dbUser));
|
||||
$query->execute();
|
||||
}
|
||||
} catch (DatabaseException $e) {
|
||||
|
|
Loading…
Reference in New Issue