On Mon, Apr 25, 2011 at 10:21:55PM -0700, elij wrote:
when converting to postgres, each mysql_real_escape_string instance had to be changed, which was tedious. Centralizing the escape mechanism code would allow for much easier porting, in the same way that db_query provides a lightweight query abstraction. --- web/html/account.php | 2 +- web/html/addvote.php | 10 +++++----- web/html/logout.php | 2 +- web/html/passreset.php | 4 ++-- web/html/pkgsubmit.php | 36 ++++++++++++++++++------------------ web/html/voters.php | 2 +- web/lib/acctfuncs.inc | 26 +++++++++++++------------- web/lib/aur.inc | 30 ++++++++++++++++++------------ web/lib/aurjson.class.php | 8 ++++---- web/lib/pkgfuncs.inc | 12 ++++++------ web/lib/stats.inc | 2 +- web/template/pkg_comment_form.php | 2 +- 12 files changed, 71 insertions(+), 65 deletions(-)
Sounds like a good idea as well, but I'm not sure if this makes a lot of sense if we keep any other mysql_*() invocations. I'd say we should use some proper database abstraction layers if we aim at database independent code...