escaping PG SQL correctly

[brisk.git] / web / Obj / dbase_pgsql.phh

diff --git a/web/Obj/dbase_pgsql.phh b/web/Obj/dbase_pgsql.phh
index 77c215f..f4202c6 100644 (file)
--- a/web/Obj/dbase_pgsql.phh
+++ b/web/Obj/dbase_pgsql.phh
@@ -25,7 +25,7 @@
 require_once("${G_base}Obj/dbase_base.phh");
 
 $escsql_from = array( "\\",   "'"   );
-$escsql_to   = array( "\\\\", "\\'" );
+$escsql_to   = array( "\\\\", "''" );
 
 function escsql($s)
 {
@@ -138,7 +138,7 @@ class BriskDB
         /* check the existence of the nick in the BriskDB */
         log_main("login_exists: ".$login);
 
-        $user_sql = sprintf("SELECT * FROM %susers WHERE login = lower('%s')",
+        $user_sql = sprintf("SELECT * FROM %susers WHERE login = '%s'",
                             $G_dbpfx, escsql($login));
         if (($user_pg = $this->query($user_sql)) != FALSE)
             if (pg_numrows($user_pg) == 1)
@@ -855,6 +855,28 @@ INSERT INTO %smails (code, ucode, type, tstamp, subj, body_txt, body_htm, hash)
         return (TRUE);
     }
 
+    function usersnet_bycode($owner, $target)
+    {
+        GLOBAL $G_dbpfx;
+        $ret = FALSE;
+
+        $net_sql = sprintf("SELECT * FROM %susersnet WHERE owner = %d AND target = %d;",
+                            $G_dbpfx, $owner, $target);
+        if (($net_pg  = $this->query($net_sql)) == FALSE) {
+            return FALSE;
+        }
+        if (pg_numrows($net_pg) != 1)
+            return FALSE;
+
+        $net_obj = pg_fetch_object($net_pg, 0);
+
+        return (UsersNetItem::UsersNetItemFromRecord($net_obj));
+    }
+
+    function usersnet_default($owner, $target)
+    {
+        return (UsersNetItem::UsersNetItemDefaults($owner, $target));
+    }
 
 } // End class BriskDB