From a5239f130d1d4aeb8fa365414334a7ace028dc2e 2017-06-21 02:46:04
From: DarkMorford <DarkMorford@Gmail.com>
Date: 2017-06-21 02:46:04
Subject: [PATCH] Update rsspost() and tweak some stuff in html.php.

---

diff --git a/include/html.php b/include/html.php
index 2ad1c6c..0a54912 100644
--- a/include/html.php
+++ b/include/html.php
@@ -155,6 +155,7 @@ function handle_error($errno, $errstr, $errfile, $errline, $errcontext) {
 		case E_CORE_WARNING:
 		case E_COMPILE_WARNING:
 			break;
+
 		case E_USER_ERROR:
 		case E_ERROR:
 		case E_PARSE:
@@ -164,7 +165,7 @@ function handle_error($errno, $errstr, $errfile, $errline, $errcontext) {
 			header('Content-Type: text/html; charset=utf-8');
 
 			if (eregi('^(sql)$', $errstr)) {
-				$errstr = "SQL Error " . mysqli_errno() . ': ' . mysqli_error();
+				// $errstr = "SQL Error " . mysqli_errno() . ': ' . mysqli_error();
 			}
 
 			$message = "Error#$errno: $errstr";
@@ -204,7 +205,7 @@ function mtdie($message,$title='') {
 			font-dize: 18px;
 			font-weight: lighter;
 		}
-				h2 {
+		h2 {
 			font-size: 16px;
 		}
 		p, li, dt {
@@ -222,13 +223,12 @@ function mtdie($message,$title='') {
 </head>
 <body>
 	<h1 id="Logo">Megatokyo Admin</h1>
-		<?php if($title) echo "<h2>$title</h2>\n"; ?>
+	<?php if($title) echo "<h2>$title</h2>\n"; ?>
 	<p><?php echo $message; ?></p>
 </body>
 </html>
 <?php
 	die();
-
 }
 
 function numeric_entities($string){
diff --git a/include/rss.php b/include/rss.php
index 3087cb2..be72b2c 100644
--- a/include/rss.php
+++ b/include/rss.php
@@ -2,13 +2,14 @@
 
 function rsspost($body, $url)
 {
-	global $mtdb;
+	global $dbConnection;
 
-	$mtdb->query('INSERT INTO rss_comment (body, url)
-		VALUES ("'.mysqli_real_escape_string($mtdb->link, $body).'",
-		"'.mysqli_real_escape_string($mtdb->link, $url).'")');
+	$sql = 'INSERT INTO rss_comment (body, url) VALUES (?, ?)';
+	$stmt = $dbConnection->prepare($sql);
+	$stmt->bindValue(1, $body);
+	$stmt->bindValue(2, $url);
 
-	return true;
+	return $stmt->execute();
 }
 
 ?>