On Mon, Apr 25, 2011 at 10:21:55PM -0700, elij wrote: > when converting to postgres, each mysql_real_escape_string instance had to be > changed, which was tedious. Centralizing the escape mechanism code would allow > for much easier porting, in the same way that db_query provides a lightweight > query abstraction. > --- > web/html/account.php | 2 +- > web/html/addvote.php | 10 +++++----- > web/html/logout.php | 2 +- > web/html/passreset.php | 4 ++-- > web/html/pkgsubmit.php | 36 ++++++++++++++++++------------------ > web/html/voters.php | 2 +- > web/lib/acctfuncs.inc | 26 +++++++++++++------------- > web/lib/aur.inc | 30 ++++++++++++++++++------------ > web/lib/aurjson.class.php | 8 ++++---- > web/lib/pkgfuncs.inc | 12 ++++++------ > web/lib/stats.inc | 2 +- > web/template/pkg_comment_form.php | 2 +- > 12 files changed, 71 insertions(+), 65 deletions(-) >
Sounds like a good idea as well, but I'm not sure if this makes a lot of sense if we keep any other mysql_*() invocations. I'd say we should use some proper database abstraction layers if we aim at database independent code...
