From: Robin Appelman <icewind1991@gmail.com>
Date: Sat, 17 Sep 2011 00:29:35 +0000 (+0200)
Subject: no need to escape values when using prepared statements
X-Git-Tag: v3.0~184
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d0d3fecc9502733fadfa358bcb5e0e2baf46f224;p=nextcloud-server.git

no need to escape values when using prepared statements
---

diff --git a/apps/unhosted/lib_unhosted.php b/apps/unhosted/lib_unhosted.php
index 304759c521c..59dc380c45c 100644
--- a/apps/unhosted/lib_unhosted.php
+++ b/apps/unhosted/lib_unhosted.php
@@ -2,9 +2,6 @@
 
 class OC_UnhostedWeb {
 	public static function getValidTokens($ownCloudUser, $userAddress, $dataScope) {
-		$user=OC_DB::escape($ownCloudUser);
-		$userAddress=OC_DB::escape($userAddress);
-		$dataScope=OC_DB::escape($dataScope);
 		$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND userAddress=? AND dataScope=? LIMIT 100");
 		$result=$query->execute(array($user,$userAddress,$dataScope));
 		if( PEAR::isError($result)) {
@@ -43,7 +40,6 @@ class OC_UnhostedWeb {
 
 	public static function deleteToken($token) {
 		$user=OC_User::getUser();
-		$token=OC_DB::escape($token);
 		$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
 		$result=$query->execute(array($token,$user));
 		if( PEAR::isError($result)) {
@@ -55,10 +51,6 @@ class OC_UnhostedWeb {
 	}
 	private static function addToken($token, $appUrl, $userAddress, $dataScope){
 		$user=OC_User::getUser();
-		$token=OC_DB::escape($token);
-		$appUrl=OC_DB::escape($appUrl);
-		$userAddress=OC_DB::escape($userAddress);
-		$dataScope=OC_DB::escape($dataScope);
 		$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)");
 		$result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope));
 		if( PEAR::isError($result)) {