From: Joey Schulze <joey@infodrom.org>
Date: Mon, 21 Sep 2015 09:50:33 +0000 (+0000)
Subject: Welcome to the future
X-Git-Url: https://git.infodrom.org/?p=infodrom.org%2Fservice.infodrom.org;a=commitdiff_plain;h=d7ed4054f6061adc525da4ab847ed42bb2d25dd6

Welcome to the future
---

diff --git a/src/Infodrom/patches/update.wml b/src/Infodrom/patches/update.wml
index ff5b9fe..2c2d215 100644
--- a/src/Infodrom/patches/update.wml
+++ b/src/Infodrom/patches/update.wml
@@ -1,52 +1,44 @@
 #include <infodrom.style>
 #include <phptools.inc>
 
+<future>
 <page func="Infodrom Oldenburg" title="Patches">
 
 <?
-  $dbh = pg_pconnect ("<dbhost>", "<dbport>", "<dbname>")
-	 or die("Unable to connect to SQL server");
-
-  if ($_POST[id] > 0) {
-    if ($_POST[delete] > 0) {
-      $query = "DELETE FROM patches WHERE oid = $_POST[id]";
+  if ($_POST['id'] > 0) {
+    if ($_POST['delete'] > 0) {
+      $sql = sprintf("DELETE FROM patches WHERE oid = %d", $_POST['id']);
     } else {
-      $query = "UPDATE patches SET "
-        . sprintf ("subject='%s',package='%s',version='%s',description='%s',download='%s'",
-		  addslashes ($_POST[subject]),
-		  addslashes ($_POST[package]),
-		  addslashes ($_POST[version]),
-		  addslashes ($_POST[description]),
-		  addslashes ($_POST[download]))
-	. " WHERE oid = $_POST[id]";
+      $sql = sprintf("UPDATE patches SET subject=%s, package=%s, version=%s, description=%s, download=%s WHERE oid = %d",
+		     $db->quote($_POST['subject']),
+		     $db->quote($_POST['package']),
+		     $db->quote($_POST['version']),
+		     $db->quote($_POST['description']),
+		     $db->quote($_POST['download']),
+		     $_POST['id']);
     }
   } else {
     $date = date ("Y-m-j H:i");
 
-    $query = "INSERT INTO patches "
-      . "(subject,package,version,description,download,submitted) VALUES ("
-      . sprintf ("'%s','%s','%s','%s','%s','%s'",
-		addslashes ($_POST[subject]),
-		addslashes ($_POST[package]),
-		addslashes ($_POST[version]),
-		addslashes ($_POST[description]),
-		addslashes ($_POST[download]),
-		addslashes ($date))
-      . ")";
-
+    $sql = sprintf("INSERT INTO patches (subject,package,version,description,download,submitted) VALUES (%s,%s,%s,%s,%s,%s)",
+		   $db->quote($_POST['subject']),
+		   $db->quote($_POST['package']),
+		   $db->quote($_POST['version']),
+		   $db->quote($_POST['description']),
+		   $db->quote($_POST['download']),
+		   $db->quote($date));
   }
-  //printf ("<pre>\n%s\n</pre>\n", $query);
-  $sth = pg_exec ($dbh, $query) or die("Datenbank-Abfrage!");
-
+  //printf ("<pre>\n%s\n</pre>\n", $sql);
+  $db->execute($sql);
 ?>
 
-<h3><? echo $_POST[subject]; ?></h3>
+<h3><? echo $_POST['subject']; ?></h3>
 
-<h5><? echo $_POST[package] . " " . $_POST[version]; ?></h5>
+<h5><? echo $_POST['package'] . " " . $_POST['version']; ?></h5>
 
-<b><? echo $_POST[description]; ?></b><p>
+<b><? echo $_POST['description']; ?></b><p>
 
-<b>Download:</b> <? echo $_POST[download]; ?><p>
+<b>Download:</b> <? echo $_POST['download']; ?><p>
 
 </page>