313 { |
313 { |
314 global $db_sql_parse_time; |
314 global $db_sql_parse_time; |
315 $ts = microtime_float(); |
315 $ts = microtime_float(); |
316 |
316 |
317 // remove properly escaped quotes |
317 // remove properly escaped quotes |
|
318 $q = str_replace('\\\\', '', $q); |
318 $q = str_replace(array("\\\"", "\\'"), '', $q); |
319 $q = str_replace(array("\\\"", "\\'"), '', $q); |
319 |
320 |
320 // make sure quotes match |
321 // make sure quotes match |
321 foreach ( array("'", '"') as $quote ) |
322 foreach ( array("'", '"') as $quote ) |
322 { |
323 { |
323 if ( get_char_count($q, $quote) % 2 == 1 ) |
324 $n_quotes = get_char_count($q, $quote); |
|
325 if ( $n_quotes % 2 == 1 ) |
324 { |
326 { |
325 // mismatched quotes |
327 // mismatched quotes |
|
328 if ( $debug ) echo "Found mismatched quotes in query; parsed:\n$q\n"; |
326 return false; |
329 return false; |
327 } |
330 } |
328 // this quote is now confirmed to be matching; we can safely move all quoted strings out and replace with a token |
331 // this quote is now confirmed to be matching; we can safely move all quoted strings out and replace with a token |
329 $q = preg_replace("/$quote(.*?)$quote/s", 'SAFE_QUOTE', $q); |
332 $q = preg_replace("/$quote(.*?)$quote/s", 'SAFE_QUOTE', $q); |
330 } |
333 } |