logger("Searching for ".$search." - type ".$type." conversation ".$conv_id, LOGGER_DEBUG);
if ($search != '') {
- $sql_extra = "AND `name` LIKE '%%" . dbesc($search) . "%%'";
- $sql_extra2 = "AND (`attag` LIKE '%%" . dbesc($search) . "%%' OR `name` LIKE '%%" . dbesc($search) . "%%' OR `nick` LIKE '%%" . dbesc($search) . "%%')";
+ $sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'";
+ $sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')";
} else {
/// @TODO Avoid these needless else blocks by putting variable-initialization atop of if()
$sql_extra = $sql_extra2 = '';
AND `success_update` >= `failure_update`
AND `network` IN ('%s', '%s') $sql_extra2",
intval(local_user()),
- dbesc(NETWORK_DFRN),
- dbesc(NETWORK_DIASPORA)
+ DBA::escape(NETWORK_DFRN),
+ DBA::escape(NETWORK_DIASPORA)
);
$contact_count = (int) $r[0]['c'];
} elseif ($type == 'a') {
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
- dbesc(NETWORK_OSTATUS),
- dbesc(NETWORK_STATUSNET)
+ DBA::escape(NETWORK_OSTATUS),
+ DBA::escape(NETWORK_STATUSNET)
);
} elseif ($type == 'c') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
- dbesc(NETWORK_STATUSNET)
+ DBA::escape(NETWORK_STATUSNET)
);
} elseif ($type == 'f') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
- dbesc(NETWORK_STATUSNET)
+ DBA::escape(NETWORK_STATUSNET)
);
} elseif ($type == 'm') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact`
$sql_extra2
ORDER BY `name` ASC ",
intval(local_user()),
- dbesc(NETWORK_DFRN),
- dbesc(NETWORK_DIASPORA)
+ DBA::escape(NETWORK_DFRN),
+ DBA::escape(NETWORK_DIASPORA)
);
} elseif ($type == 'a') {
$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`