Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #106 from net-ninja/patch-1
Update mysql_connect.inc.php to replace mysqli trim with mysql_real_escape_string to properly filter potential injection attempts, thx mr_me aka net-ninja
  • Loading branch information
ATutor committed Mar 8, 2016
2 parents 1759412 + 945a9dc commit 629b2c9
Showing 1 changed file with 3 additions and 9 deletions.
12 changes: 3 additions & 9 deletions include/lib/mysql_connect.inc.php
Expand Up @@ -93,14 +93,8 @@ function my_null_slashes($string) {
$addslashes = 'my_add_null_slashes';
$stripslashes = 'stripslashes';
} else {
if(defined('MYSQLI_ENABLED')){
// mysqli_real_escape_string requires 2 params, breaking wherever
// current $addslashes with 1 param exists. So hack with trim and
// manually run mysqli_real_escape_string requires during sanitization below
$addslashes = 'trim';
}else{
$addslashes = 'mysql_real_escape_string';
}
// if get_magic_quotes_gpc is off, we set our own handler
$addslashes = 'mysql_real_escape_string';
$stripslashes = 'my_null_slashes';
}

Expand Down Expand Up @@ -406,4 +400,4 @@ function at_field_name($result, $i){
}

////
?>
?>

0 comments on commit 629b2c9

Please sign in to comment.