Commit d3211f01 authored by Dries's avatar Dries

- Modified patch #13180/#29414: use mysql_real_escape_string() to escape

  strings rather than addslashes().  mysql_real_escape_string() uses the
  connections charset settings to properly escape.
parent 5f0e0f36
......@@ -266,7 +266,7 @@ function db_decode_blob($data) {
* Prepare user input for use in a database query, preventing SQL injection attacks.
*/
function db_escape_string($text) {
return addslashes($text);
return mysql_real_escape_string($text);
}
/**
......
......@@ -266,7 +266,7 @@ function db_decode_blob($data) {
* Prepare user input for use in a database query, preventing SQL injection attacks.
*/
function db_escape_string($text) {
return addslashes($text);
return mysql_real_escape_string($text);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment