Don't escape courses or instructors anymore

Mstrodl · Mstrodl · commit 836455075c99 · 2024-03-29T12:40:56.000-04:00
We use prepared statements now, they'll get escaped for us.
diff --git a/tools/Parser.php b/tools/Parser.php
@@ -253,11 +253,9 @@ function fileToTempTable(string $tableName, $file, $fields, $fileSize, string $p
 
     // Process the class file
     function procClassArray(array $lineSplit): array {
-        // Escape class title, description, and course number (since it needs to be trimmed)
-        $lineSplit[6] = $this->dbConn->real_escape_string(trim($lineSplit[6]));
-        $lineSplit[7] = $this->dbConn->real_escape_string($lineSplit[7]);
-        $lineSplit[8] = $this->dbConn->real_escape_string(trim($lineSplit[8]));
-        $lineSplit[23] = $this->dbConn->real_escape_string($lineSplit[23]);
+        // Trim course number and topic
+        $lineSplit[6] = trim($lineSplit[6]);
+        $lineSplit[8] = trim($lineSplit[8]);
 
         // Grab the integer credit count (they give it to us as a decimal)
         preg_match('/(\d)+\.\d\d/', $lineSplit[11], $match);
@@ -287,10 +285,6 @@ function procMeetArray(array $lineSplit) {
     }
 
     function procInstrArray(array $lineSplit): array {
-        // Escape the instructor names
-        $lineSplit[6] = mysqli_real_escape_string($this->dbConn, $lineSplit[6]);
-        $lineSplit[7] = mysqli_real_escape_string($this->dbConn, $lineSplit[7]);
-
         // Section number needs to be padded to at lease 2 digits
         $lineSplit[4] = str_pad($lineSplit[4], 2, '0', STR_PAD_LEFT);
         return $lineSplit;
